My Writings. My Thoughts.
كثر الحديث مؤخرا عن هيئة الاتصالات في المملكة و عن رغبتها في مراقبة الرسائل و الملفات المرسلة عن طريق الوتس اب. لي تعليق في نهاية المقال، و لكن أردت بعجالة أن أشرح بشكل مختصر عن نقاط الضعف في برنامج الوتس اب و الثغرات التي يمكن استغلالها و مدى إمكانية مراقبة المحدثات و الملفات المرسلة.
أولا: نقاط الضعف التي يمكن استغلالها:
- يمكننا استخدام البرنامج برقم شخص اخر و استقبال رسائلهم بالاضافة الى امكانية ارسال رسائل من ارقامهم، و لكن سينتج عن هذا عدم تمكن المستخدم الاساسي من استخدام الوتس اب الا بعد القيام بعملية اعادة التسجيل. (لن أشرح الطريقة في هذا المقال، و لكن إذا كان هناك أقبال فقد أشرحها في مقال أخر)
- يمكننا ارسال رسائل مجانية SMS لاي جوال في العالم. و ذلك من خلال استغلال خدمة رسائل التفعيل التي ترسل للمستخدم بعد التسجيل في الخدمة.
- أما عن مراقبة جميع الاتصالات فالموضوع صعب و سأشرح طريقة التشفير في برنامج الوتس اب في الفقرة الثانية. الجواب في نهاية المقال.
ثانيا: كيف يعمل الوتس اب و امكانية مراقبة جميع الاتصالات: (سامحوني هذا الجزء بالانجليزي لكثرة المصطلحات و لكن الجزء الثالث من المقال ملخص بالعربي)
First of all, I know its illegal to monitor traffic and I am totally against it, but since many have been talking lately about the government wanting to monitor all whatsApp traffic, I started thinking whether its possible or not from a pure technical point of view. I also want to go on record saying its stupid to monitor, because with so many other encrypted alternatives out there, the bad guys would just stop using whatsApp and move on to something else, and the guys going through the traffic would be left with high school girls gossiping and millions of sandwich pictures of and cups of coffee taken from hundreds of angles.
Many of you might have heard of whatsApp Sniffer. If you haven’t, then don’t worry about it, its useless now. That probably explains why Big Brother is a bit pissed.! I believe it was last September, that the folks at whatsApp inc decided to encrypt all data communications between their servers and the clients. Before that, it was possible to simply sniff wifi traffic, and filter out whatsApp traffic using their servers’ IPs, and viola you get to see all whatsApp messages in clear text. There was an android app called whatsApp Sniffer, which is still out there if you’re interested in seeing what whatsApp encrypted traffic looks like. But, I should warn you, its 2013 and nothing is free. If something is free, then there’s a catch, which means its highly likely that many of the android apps you download online have spyware and whatnot, so just stay away from them.
Ok, back to whatsApp. The question now is what kind of encryption are we looking at? How does it work? And can it be broken?
In the beginning I believe they went with a weak cryptosystem, which was then broken. However, it was soon changed to the stream cipher “RC4” (aka ARC4). It was invented in 1987 by Ron Rivest (RC stood for Ron’s Code). It was kept a secret until 1994, when someone anonymously posted its description online. From there it took off! Why did they go for RC4? Its fast, simple, and its does the job well.
Ok, if we want to know how to see whatsApp traffic, we have to understand the authentication protocol between the client and whatsApp servers.
The authentication is a challenge/response authentication protocol. The server sends the client an authentication request containing some RANDOM bytes of data. The client takes that data, and combines them to the password of the account using PBKDF2.
So the RC4 session key = PBKDF2(PRF, Password, Salt, c, dkLen)
The Salt is used to randomize so the RANDOM bytes of data would be used for that.
c is the number of iterations.
dkLen is the length of the derived key, which is 160 bits in the case of whatsApp.
Since, the server also knows the account password, it also has the ability to calculate the same session key. The client then responds to the server by sending a message containing the username and some other random data. If the server manages to decrypt the message, it would confirm that the client has calculated the correct session key. The packets would be encrypted from then on using RC4 with the new session key.
One might ask if it’s possible to calculate the key using a “plain know text” attack against the authentication packets. I don’t think so, because they would obviously add a nonce in the response.
What does a whatsApp packet look like?
|Flags||Packet Size||Packet Data|
|1B||2B||0 to 8kB|
The Flag is only one Byte, and the first bit is set when the packet is encrypted. I’m not sure what the rest are used for
The Packet Size uses 16 bits to represent the size of the packet data.
The last four bytes are used as a HMAC-SHA1 checksum if the packet is being sent from the client to the server. If the packet is being sent from the server to the client, then the checksum is the first four bytes.
The data structure is similar to XML in way. It contains a tree of information with the following:
The basic format of an element is:
Ok, now to the big question, does RC4 have any flaws? If so, how can then be used in this case?
– When we encrypt our goal is to hide a message by converting it into a ciphertext that looks absolutely random by not giving any information about the plaintext or the encryption key. It was believed that RC4 achieved this, however in recent years researchers have discovered that RC4 has a number of small biases. This has been know for years, but that weren’t very significant. A recent work by Sepehrdad et al in 2011 discovered more biases.
– To make it simple, if we manage to get a user to encrypt the same plaintext encrypted with many different encryption keys, then it would be possible to take advantage of the RC4 biases to figure out what was encrypted. You might think this is stupid and useless, but bear with me:
– You might ask, how would I get a user to send the same plaintext many times using different keys. Well, the initial packets tend to be the same, and in the case of whatsApp, clients send messages on their status (whether they’re online or not) and these messages tend to be repeated and we would be able to use those (unless nonces are used). Also, the session encryption keys change alot, which means we will get those messages encrypted using a different key everytime a new session key is assigned to a client. Also, there are methods which may be used to get the client to send a common response or force the generation of new session keys.
– Seems simple ay? Well its not, because when we say many messages, we mean MANY..! According to the work by Sepehrdad et al, to recover a WEP secret of 128 bits, they needed 9800 encrypted packets. But we’re not dealing with WEP here, so for whatsApp’s 160 bit keys we would need a much much larger number of encrypted packets.
– There is a project called “whatsapp dissector for wireshark”. You plug in the key, and it would use wireshark to grab the traffic, filter out whatsapp traffic, and then display it after decrypting it using the keys you provide.
I’m feeling kinda sleepy, so I’ll just wrap this up real quick and go back to bed. Also, I’m not an expert on RC4, so if you find any mistakes just let me know
نعود للسؤال المطروح بعد هذا الشرح المختصر. هل من الممكن مراقبة محادثات الوتس اب؟ لمستخدم واحد.. ممكن بعد جهد. هناك اكثر من طريقة، لكني لم أجربها..
هل من الممكن مراقبة جميع محادثات الوتس اب على مستوى عام؟ ما فيه مستحيل و لكنه صعب جدا جدا جدا..! و سينتج عن المراقبة أن المحادثات و ارسال الصور و غيرها ستكون أبطئ بكثير جدا، و سينتج عنه نفور الناس عن الوتس اب و الانتقال الى بديل أخر.
- رابعا: رايي حول الموضوع:
أفهم أن المراقبة ليست من أجل معرفة أسم بنت أم بندر الجديدة، و ليس من أجل معرفة ما إذا كانت خلود حامل، بل هو لحفظ الأمن في البلد. ولكن هل ستكون المراقبة مجدية؟
المراقبة لن تكون مجدية بنظري لان الأشخاص الذين نخشى من أذاهم ، لن يستخدموا وسائل الاتصالات المراقبة. إذن ما الفائدة من المراقبة في ظل وجود مئات الوسائل الأخرى المشفرة بطرق أخرى مختلفة؟
image above taken from http://web.davidgf.net/page/37/whatsapp-dissector-for-wireshark
I haven’t written anything in a while, and I thought tonight was a good night to write. Something interesting happened today while I was in the elevator and I thought I’d share it here with you all :p
Seriously if you think this is boring, either skip to the last two sentences or type http://youtube.com in your address bar, I hear they have interesting videos on that site. Come to think of it, here’s a quick story: My cleaning lady likes to talk, and yesterday she was talking about youtube and how she loves it and the first time she saw it etc.. Now she’s a bit old and not tech-savy, yet she was tell me how she felt the first time her daughter showed her youtube. She described her feelings as if this youtube site was invented before world war 1. Then I started to recall when I first saw youtube. I remember I read an article about it on slashdot around May or June 2005 (it was our digg/reddit back in the day). I saw the site, and I believe it was during its first or second month, and there were less than a thousand videos. You could have literally browsed through all the videos in a day. I remember thinking to myself, that this was a very stupid idea because streaming videos costs money, and how could they pay for all that bandwidth..? Ads? Who could manage such a global ad system? It turned out google had the power to create a global ad system so powerful, it actually made youtube work and become a billion dollar investment. Why am I talking about youtube? this is supposed to be about elevators…
Okay back to my elevator story. So I get on the elevator today around 6pm, and there are 5 people. I look at the board, and 5 buttons are pressed. After I got off on my floor, I was talking to my neighbor about the probability of each person getting of on a different floor. Its not really that rare, because the probability was 0. 25 (I’ll show you how to calculate it).
So my neighbor goes on to tell me that last week he was the tenth person to get on the elevator from the garage in our building. Each person went to a different floor, and one of them actually got off on the ground floor, which is uncommon. So, I started to think to myself, how rare is that? 10 people get on the elevator in the basement, and all go to 10 different floors in a 10 story building? The answer is 3 in 10,000..! Ok, then I started to think, how many times has this elevator had exactly 10 people in it? Our building is only 35 months old. If we assume that the elevator gets exactly 10 people going up from the basement floor(s) in it, 4 times a day during the weekdays and twice during saturdays and sundays, and I do believe that I’m pushing it there. That would mean that since the building was built until today, this has only happened 3639 times at most.
So, the probability that this has ever happened in our building is 0.36, which means there is a 0.636 chance that this has never ever happened..! And if it did happen, then it would have been a very very rare occurrence…! I sorta wish I was on that elevator…
Okay to calculate the probability, you do the following:
– First person will obviously push an un-pressed button: probability is 10/10 = 1
– Probability of the second person pressing one of the un-pressed buttons: 9/10 = 0.9 (there is a 0.1 chance he’ll push the one pressed by the first guy)
– Probability of the third person pressing one of the un-pressed buttons: 8/10 = 0.8 (again there is a 0.2 chance he’ll push a previously pressed button)
– Probability of the forth person pressing one of the un-pressed buttons: 7/10 = 0.7
– Tenth guy pressing the last un-pressed button: 1/10 = 0.1 (meaning there is a 0.9 chance he’ll press a button already chosen by someone else!)
Total probability is the product of all the probabilities = 1 * 0.9 * 0.8 * 0.7 …. * 0.1 = 0.00036288
which means this only happens 3 or 4 times every 10 thousand times!
obviously this was the case for our building, and it might be different for yours, but at least now you know how to calculate it. I wonder if anyone actually read this.. LOL
// March 13th, 2013 // Comments Off // Personal
Its been a while since I’ve written anything here. In fact, I almost forgot about this blog if it hadn’t been for GoDaddy’s auto renewal email. The reason I stopped writing was because I got hooked on twitter. Anyways, I’ll start writing more soon.
I’ve made sushi a couple of times before, but this time I think I finally got it right. I made 6 kinds of sushi:
In the first plate I made smoked salmon nigiri and a deep fried maki with smoked salmon, crab, crispy tempura, and avocado.
click on the photo for a larger image
In the second plate I made 4 makis. One with shrimp tempura, avocado, and some mayo. In the second I put smoked salmon, avocado, and crispy tempura. In the third I put shrimp tempura, avocado, and cream cheese! In the last one I put something of everything!
click on the photo for a larger image
My guests said they loved it, but maybe they were just being nice Who knows, if this phd thing doesn’t work out, then maybe I can just open a sushi place back home!
I recently became 28, and started thinking to myself, what is the probability of meeting a random person that was born on my birth date.
Normally we would say that meeting someone that shares your same birthday has the probability of 1/365, which means that you have a 0.274% chance of meeting someone that shares your birthday.
However, in real life, peoples’ birthdays aren’t distributed equally. For example, I found a dataset online with 481040 birthdates for an insurance company. This dataset shows that Aug. 18 had the highest number of births, while Dec. 26 had the least number of births.
The chances of me meeting someone that shared my same birthdate became 0.266% which meant that my birthday had a lower number of births than the average. That also means that for every thousand people I meet, there are 2.6 that share my birth date.
Then I started thinking, what are the chances of me meeting someone that was born the same year I was born. Now we could just assume that the average lifespan of a human is 68 according to the World Health Organization, and say that my chances of meeting someone are 1/68. However, in real life that’s not the case. The number of births increase exponentially. According to this wikipedia entry:
“The population of the United States of America is exponentially increasing at an average rate of one and a half percent a year (1.5%). This means that the doubling time of the American population (depending on the yearly growth in population) is approximately 50 years.”
Plus the numbers of deaths per year are not the way they were a century ago. We have fewer wars now, and the number of deaths has also decreased due to advancements in medicine.
Back to the question, what are the chances of me meeting someone that was born the same year I was born? Recent stats show that there are 7 Billion humans on this earth. The year I was born had about 78 million births. According to the UN data, it was estimated that 105 die between birth and the age of 5 for every 1000 births during the year I was born. It is also estimated that there are about 50 deaths per 1000 people between the ages of 5 and 29 for various reasons for natural causes to wars (I’m not 29, but its close enough). So, we can say that around 850 per 1000 people born in the same year I was born are still alive today. That means 66.3 million of the 7 billion people on this earth were born the same year I was born.
So, the chances of me meeting a person born the same year I was born are 0.947%.
Finally, what are the chances of me meeting someone that was actually born on the same day I was born? If we take the probability of being born on the same day I was born, and apply that to the 66.3 million that were born the same year I was born. Then we would come to the result of having about 176280 people in the world that were born on the same day I was born and are still living today.
The chances of me meeting someone born on the same day I was born are 0.0025%.That means that there are only 25 people in every million, that were born on my exact birth date! So, given the population in Montreal of 1.6 million, there are only 40 people!
// December 8th, 2011 // Comments Off // Information
When life gets boring we look for things that are different to cheer us up (or change weather as we say in Saudi). So, here’s a list of weird yet creative restaurants from around the world:
Ninja Restaurant in New York
Idea: Ninjas serve you in this restaurant !! [video here]
Hilton Maldives Resort & Spa in Rangalifinolhu, Maldives
Idea: It’s pretty clear from the photo, the restaurant is under water! [link]
Hajime Robot Restaurant
Idea: The waiters in this restaurant are Robots !! [link]
ONOIR in Canada
Idea: Its totally dark in the restaurant. When you eat without your sight, your remaining senses are heightened to savour the smell and taste of food. Some of the waiters are blind, so its great they get a job oppertunity. [link]
Graveyard Restaurant – Ahmadabad, India
Idea: well, its a graveyard with real occupied graves!! Why would anyone want to eat there?! That’s just stupid and crazy, yet its different thus attracting tourists. [link]
Kayabukiya Tavern in Japan
Idea: The servers in this restaurant are MONKEYS !!
Toilet Restaurant in Taiwan
Idea: I’m not saying it’s a good idea, just saying its different! In this restaurant, the clients sit on toilets and eat from mini toilets too !! [link]
I recently read that Ryanair was going to offer “child-free” flights starting October 2011. Now I don’t really hate kids, I just don’t like them crying for hours on a flight I’m on. This reminds me of a story that happened about a year ago.
I was taking a trip from Montreal to London, and the plane was set to depart at 8pm. I had so much to do the night before so I didn’t get enough sleep. I thought that I might be able to kill some time on the trip by sleeping. So I grabbed my travel pillow and headed to the airport.
I’m not a big fan of airplane food, so I ate a whopper from Burger King before going through the security check. There was not a baby in sight, and I was sooo sure my flight would be child-free. By the time I got in line for the security check, I was full, I finished praying, and couldn’t wait to put my head on my pillow with hopes of sleeping most of the trip. While in line I saw this guy from Pakistan with a child in his arms and another in a stroller. I couldn’t imagine how hard it can be to travel with 2 kids and all that luggage. I think one of them was crying or something, all I know is that I felt bad for the guy and whoever was going to be on the same flight with him and his kids.
I got me a decafe to enjoy while waiting for the gate to open. While I was checking my email and browsing the web on my Blackberry I saw the guy with the two kids sit near my gate! Of all the flights that night, why mine? Seriously! The only kids in the airport were on my flight! So I sat there wishing they’d at least be in a different cabin. I usually get on the plane after everyone boards because I’d rather wait in the airport than on a tiny seat in a crowded plane (Plus the duration of the flight is technically shorter if you board towards the end).
I show the flight attendant my boarding pass and she guides me to my seat. Guess who is right next to me? The guy with the two kids, and boy were they crying! Why would anyone cry that hard? I turned to the flight attendant and begged for another seat or another flight, but she told me that I had no choice the flight was fully booked. I sat down and hoped they would get tiered of crying and sleep. Boy was I wrong, those devils had different plans. When one would cry, the other would take a break to fuel up on crying power. Don’t they have shots to make them sleep or something? The plane took off and the pressure kicked in, and that’s when they both went berserk. There was a moment where I thought those kids might have been kidnapped and the crying was their way of asking us to save them.
I sunk my head into my pillow and tried to go to sleep wishing for at least an hour of silence, but those kids knew of my plans and wanted me to suffer. There were moments in between shifts when one would cool down, and it would take the other about 2 or 3 minutes to pick up where his brother left off. During those moments I would doze off, and right when I would fall asleep the other one would cry like crazy. I didn’t know what to do, and there was nothing for me to do but look at them and hope those kids would look at me and have mercy on me and the other passengers on that flight.
About 3 hours into the flight the kids went to sleep and I got about 30 minutes of sleep during that time. I would wake to the sounds of mommy and daddy giggling over the alone time they’re enjoying before the kids wake up and ruin it for them. During those moments I questioned why people even have kids and whether they were worth all that trouble. I woke up to the sound of a ball being sucked in by a mega vacuum. I opened my eyes only to find the baby being kissed by the father. It wasn’t a normal kiss, it looked like a Zombie trying to suck the poor baby’s brains out. Even the baby had a look on his face that said “Pleeeease save me!”. The father continued to kiss the baby until it started crying all over again. This time it was because the baby was hungry, and the mother was trying to get the flight attendants to get her hot water. The crying went on and off till we got to London. I don’t think I’ve ever been so happy to get off a plane in my life! Thanks to those kids the first day of my break in London was spent in my hotel room sleeping.
The moral of the story is that “child-free” flights are a great idea!!
* The photos above were taken by Jill Greenberg. She is known for taking amazing photos of crying babies. She officially has the worst job in the world!
I’ve been really busy lately with school. Today I noticed a button on my Firefox toolbar that linked to a page I named “myBlog”. That’s when I remembered that I had a blog which I haven’t updated in ages. I opened the link and saw that I had over 100k visitors now. It’s been so long I had to try a couple of times to get the right password. Who would visit a blog that hasn’t been updated in 6 months? Well, I found that the most visited posts were on the TOFEL and GRE exams I took. I also found that many people liked the posts on the iPhone and how to process your bachelor’s graduation papers (it was a really long process). Anyways, I decided to write a couple new posts in the upcoming weeks.
Ohh, I also found out that when you search google for Feras, my blog is the first result you get back! When you search for فراس my blog is the second result, the weird thing is that my name isn’t even written in Arabic on the page! It’s because many sites have my name linking to this site.
I also updated my flickr with a couple new photos I took recently with my new Canon T1i. So, check them out and let me know what you think.