Archive for Information

مراقبة الوتس اب؟

// May 18th, 2013 // 1 Comment » // Hacks, tech

كثر الحديث مؤخرا عن هيئة الاتصالات في المملكة و عن رغبتها في مراقبة الرسائل و الملفات المرسلة عن طريق الوتس اب. لي تعليق في نهاية المقال، و لكن أردت بعجالة أن أشرح بشكل مختصر عن نقاط الضعف في برنامج الوتس اب و الثغرات التي يمكن استغلالها و مدى إمكانية مراقبة المحدثات و الملفات المرسلة.

أولا: نقاط الضعف التي يمكن استغلالها:

-  يمكننا استخدام البرنامج برقم شخص اخر و استقبال رسائلهم بالاضافة الى امكانية ارسال رسائل من ارقامهم، و لكن سينتج عن هذا عدم تمكن المستخدم الاساسي من استخدام الوتس اب الا بعد القيام بعملية اعادة التسجيل. (لن أشرح الطريقة في هذا المقال، و لكن إذا كان هناك أقبال فقد أشرحها في مقال أخر)

-  يمكننا ارسال رسائل مجانية SMS لاي جوال في العالم. و ذلك من خلال استغلال خدمة رسائل التفعيل التي ترسل للمستخدم بعد التسجيل في الخدمة.

-  أما عن مراقبة جميع الاتصالات فالموضوع صعب و سأشرح طريقة التشفير في برنامج الوتس اب في الفقرة الثانية. الجواب في نهاية المقال.

ثانيا: كيف يعمل الوتس اب و امكانية مراقبة جميع الاتصالات: (سامحوني هذا الجزء بالانجليزي لكثرة المصطلحات و لكن الجزء الثالث من المقال ملخص بالعربي)

First of all, I know its illegal to monitor traffic and I am totally against it, but since many have been talking lately about the government wanting to monitor all whatsApp traffic, I started thinking whether its possible or not from a pure technical point of view. I also want to go on record saying its stupid to monitor, because with so many other encrypted alternatives out there, the bad guys would just stop using whatsApp and move on to something else, and the guys going through the traffic would be left with high school girls gossiping and millions of sandwich pictures of and cups of coffee taken from hundreds of angles.

Many of you might have heard of whatsApp Sniffer. If you haven’t, then don’t worry about it, its useless now. That probably explains why Big Brother is a bit pissed.! I believe it was last September, that the folks at whatsApp inc decided to encrypt all data communications between their servers and the clients. Before that, it was possible to simply sniff wifi traffic, and filter out whatsApp traffic using their servers’ IPs, and viola you get to see all whatsApp messages in clear text. There was an android app called whatsApp Sniffer, which is still out there if you’re interested in seeing what whatsApp encrypted traffic looks like. But, I should warn you, its 2013 and nothing is free. If something is free, then there’s a catch, which means its highly likely that many of the android apps you download online have spyware and whatnot, so just stay away from them.

Ok, back to whatsApp. The question now is what kind of encryption are we looking at? How does it work? And can it be broken?

In the beginning I believe they went with a weak cryptosystem, which was then broken. However, it was soon changed to the stream cipher “RC4” (aka ARC4). It  was invented in 1987 by Ron Rivest (RC stood for Ron’s Code).  It was kept a secret until 1994, when someone anonymously posted its description online. From there it took off! Why did they go for RC4? Its fast, simple, and its does the job well.

Ok, if we want to know how to see whatsApp traffic, we have to understand the authentication protocol between the client and whatsApp servers.

The authentication is a challenge/response authentication protocol. The server sends the client an authentication request containing some RANDOM bytes of data. The client takes that data, and combines them to the password of the account using PBKDF2.

So the RC4 session key = PBKDF2(PRF, Password, Salt, c, dkLen)

The Salt is used to randomize so the RANDOM bytes of data would be used for that.

c is the number of iterations.

dkLen is the length of the derived key, which is 160 bits in the case of whatsApp.

Since, the server also knows the account password, it also has the ability to calculate the same session key. The client then responds to the server by sending a message containing the username and some other random data. If the server manages to decrypt the message, it would confirm that the client has calculated the correct session key. The packets would be encrypted from then on using RC4 with the new session key.

One might ask if it’s possible to calculate the key using a “plain know text” attack against the authentication packets. I don’t think so, because they would obviously add a nonce in the response.

What does a whatsApp packet look like?

Flags Packet Size Packet Data
1B 2B 0 to 8kB

The Flag is only one Byte, and the first bit is set when the packet is encrypted. I’m not sure what the rest are used for

The Packet Size uses 16 bits to represent the size of the packet data.

The last four bytes are used as a HMAC-SHA1 checksum if the packet is being sent from the client to the server. If the packet is being sent from the server to the client, then the checksum is the first four bytes.

The data structure is similar to XML in way. It contains a tree of information with the following:

The basic format of an element is:

Element Size Type Tag Attributes Children/Data
2-3 Bytes 1B

Ok, now to the big question, does RC4 have any flaws? If so, how can then be used in this case?

– When we encrypt our goal is to hide a message by converting it into a ciphertext that looks absolutely random by not giving any information about the plaintext or the encryption key. It was believed that RC4 achieved this, however in recent years researchers have discovered that RC4 has a number of small biases. This has been know for years, but that weren’t very significant. A recent work by Sepehrdad et al in 2011 discovered more biases.

– To make it simple, if we manage to get a user to encrypt the same plaintext encrypted with many different encryption keys, then it would be possible to take advantage of the RC4 biases to figure out what was encrypted. You might think this is stupid and useless, but bear with me:

– You might ask, how would I get a user to send the same plaintext many times using different keys. Well, the initial packets tend to be the same, and in the case of whatsApp, clients send messages on their status (whether they’re online or not)  and these messages tend to be repeated and we would be able to use those (unless nonces are used). Also, the session encryption keys change alot, which means we will get those messages encrypted using a different key everytime a new session key is assigned to a client. Also, there are methods which may be used to get the client to send a common response or force the generation of new session keys.

– Seems simple ay? Well its not, because when we say many messages, we mean MANY..! According to the work by Sepehrdad et al, to recover a WEP secret of 128 bits, they needed 9800 encrypted packets. But we’re not dealing with WEP here, so for whatsApp’s 160 bit keys we would need a much much larger number of encrypted packets.

– There is a project called “whatsapp dissector for wireshark”. You plug in the key, and it would use wireshark to grab the traffic, filter out whatsapp traffic, and then display it after decrypting it using the keys you provide.

I’m feeling kinda sleepy, so I’ll just wrap this up real quick and go back to bed. Also, I’m not an expert on RC4, so if you find any mistakes just let me know :)

-  ثالثا:

نعود للسؤال المطروح بعد هذا الشرح المختصر. هل من الممكن مراقبة محادثات الوتس اب؟ لمستخدم واحد.. ممكن بعد جهد. هناك اكثر من طريقة، لكني لم أجربها..

هل من الممكن مراقبة جميع محادثات الوتس اب على مستوى عام؟ ما فيه مستحيل و لكنه صعب جدا جدا جدا..! و سينتج عن المراقبة أن المحادثات و ارسال الصور و غيرها ستكون أبطئ بكثير جدا، و سينتج عنه نفور الناس عن الوتس اب و الانتقال الى بديل أخر.

- رابعا: رايي حول الموضوع:

أفهم أن المراقبة ليست من أجل معرفة أسم بنت أم بندر الجديدة، و ليس من أجل معرفة ما إذا كانت خلود حامل، بل هو لحفظ الأمن في البلد. ولكن هل ستكون المراقبة مجدية؟

المراقبة لن تكون مجدية بنظري لان الأشخاص الذين نخشى من أذاهم ، لن يستخدموا وسائل الاتصالات المراقبة. إذن ما الفائدة من المراقبة في ظل وجود مئات الوسائل الأخرى المشفرة بطرق أخرى مختلفة؟

——

image above taken from http://web.davidgf.net/page/37/whatsapp-dissector-for-wireshark

In an elevator..

// May 4th, 2013 // Comments Off // humor, life, me, tech

I haven’t written anything in a while, and I thought tonight was  a good night to write. Something interesting happened today while I was in the elevator and I thought I’d share it here with you all :p

Seriously if you think this is boring, either skip to the last two sentences or type http://youtube.com in your address bar, I hear they have interesting videos on that site. Come to think of it, here’s a quick story: My cleaning lady likes to talk, and yesterday she was talking about youtube and how she loves it and the first time she saw it etc.. Now she’s a bit old and not tech-savy, yet she was tell me how she felt the first time her daughter showed her youtube. She described her feelings as if this youtube site was invented before world war 1. Then I started to recall when I first saw youtube. I remember I read an article about it on slashdot around May or June 2005 (it was our digg/reddit back in the day). I saw the site, and I believe it was during its first or second month, and there were less than a thousand videos. You could have literally browsed through all the videos in a day. I remember thinking to myself, that this was a very stupid idea because streaming videos costs money, and how could they pay for all that bandwidth..? Ads? Who could manage such a global ad system? It turned out google had the power to create a global ad system so powerful, it actually made youtube work and become a billion dollar investment. Why am I talking about youtube? this is supposed to be about elevators…

Okay back to my elevator story. So I get on the elevator today around 6pm, and there are 5 people. I look at the board, and 5 buttons are pressed. After I got off on my floor, I was talking to my neighbor about the probability of each person getting of on a different floor. Its not really that rare, because the probability was 0. 25 (I’ll show you how to calculate it).

elevator

So my neighbor goes on to tell me that last week he was the tenth person to get on the elevator from the garage in our building. Each person went to a different floor, and one of them actually got off on the ground floor, which is uncommon. So, I started to think to myself, how rare is that? 10 people get on the elevator in the basement, and all go to 10 different floors in a 10 story building? The answer is 3 in 10,000..! Ok, then I started to think, how many times has this elevator had exactly 10 people in it? Our building is only 35 months old. If we assume that the elevator gets exactly 10 people going up from the basement floor(s) in it, 4 times a day during the weekdays and twice during saturdays and sundays, and I do believe that I’m pushing it there. That would mean that since the building was built until today, this has only happened 3639 times at most.

So, the probability that this has ever happened in our building is 0.36, which means there is a 0.636 chance that this has never ever happened..! And if it did happen, then it would have been a very very rare occurrence…! I sorta wish I was on that elevator…

Okay to calculate the probability, you do the following:
– First person will obviously push an un-pressed button: probability is 10/10 = 1
– Probability of the second person pressing one of the un-pressed buttons: 9/10 = 0.9 (there is a 0.1 chance he’ll push the one pressed by the first guy)
– Probability of the third person pressing one of the un-pressed buttons: 8/10 = 0.8 (again there is a 0.2 chance he’ll push a previously pressed button)
– Probability of the forth person pressing one of the un-pressed buttons: 7/10 = 0.7
– ..
– ..
– Tenth guy pressing the last un-pressed button: 1/10 = 0.1 (meaning there is a 0.9 chance he’ll press a button already chosen by someone else!)

Total probability is the product of all the probabilities = 1 * 0.9 * 0.8 * 0.7 …. * 0.1 = 0.00036288

which means this only happens 3 or 4 times every 10 thousand times!

obviously this was the case for our building, and it might be different for yours, but at least now you know how to calculate it. I wonder if anyone actually read this.. LOL

I made sushi…!

// January 7th, 2012 // 4 Comments » // family, Information

I’ve made sushi a couple of times before, but this time I think I finally got it right. I made 6 kinds of sushi:

—-

In the first plate I made smoked salmon nigiri and a deep fried maki with smoked salmon, crab, crispy tempura, and avocado.


click on the photo for a larger image

—–

In the second plate I made 4 makis. One with shrimp tempura, avocado, and some mayo. In the second I put smoked salmon, avocado, and crispy tempura. In the third I put shrimp tempura, avocado, and cream cheese! In the last one I put something of everything!


click on the photo for a larger image

—–

My guests said they loved it, but maybe they were just being nice :P Who knows, if this phd thing doesn’t work out, then maybe I can just open a sushi place back home!

Shanghai in 2 Decades!

// January 1st, 2012 // Comments Off // Information

The top photo was taken 1991, while the second was taken 2011

How Many People Were Born The Same Day I Was?

// December 20th, 2011 // 5 Comments » // Information, Personal

I recently became 28, and started thinking to myself, what is the probability of meeting a random person that was born on my birth date.

Normally we would say that meeting someone that shares your same birthday has the probability of 1/365, which means that you have a 0.274% chance of meeting someone that shares your birthday.

However, in real life, peoples’ birthdays aren’t distributed equally. For example, I found a dataset online with 481040 birthdates for an insurance company. This dataset shows that Aug. 18 had the highest number of births, while Dec. 26 had the least number of births.

The chances of me meeting someone that shared my same birthdate became 0.266% which meant that my birthday had a lower number of births than the average. That also means that for every thousand people I meet, there are 2.6 that share my birth date.

Then I started thinking, what are the chances of me meeting someone that was born the same year I was born. Now we could just assume that the average lifespan of a human is 68 according to the World Health Organization, and say that my chances of meeting someone are 1/68. However, in real life that’s not the case. The number of births increase exponentially. According to this wikipedia entry:
“The population of the United States of America is exponentially increasing at an average rate of one and a half percent a year (1.5%). This means that the doubling time of the American population (depending on the yearly growth in population) is approximately 50 years.”
Plus the numbers of deaths per year are not the way they were a century ago. We have fewer wars now, and the number of deaths has also decreased due to advancements in medicine.

Back to the question, what are the chances of me meeting someone that was born the same year I was born? Recent stats show that there are 7 Billion humans on this earth. The year I was born had about 78 million births. According to the UN data, it was estimated that 105 die between birth and the age of 5 for every 1000 births during the year I was born. It is also estimated that there are about 50 deaths per 1000 people between the ages of 5 and 29 for various reasons for natural causes to wars (I’m not 29, but its close enough). So, we can say that around 850 per 1000 people born in the same year I was born are still alive today. That means 66.3 million of the 7 billion people on this earth were born the same year I was born.

So, the chances of me meeting a person born the same year I was born are 0.947%.

Finally, what are the chances of me meeting someone that was actually born on the same day I was born? If we take the probability of being born on the same day I was born, and apply that to the 66.3 million that were born the same year I was born. Then we would come to the result of having about 176280 people in the world that were born on the same day I was born and are still living today.

The chances of me meeting someone born on the same day I was born are 0.0025%.That means that there are only 25 people in every million, that were born on my exact birth date! So, given the population in Montreal of 1.6 million, there are only 40 people!

7 Creative Restaurants… part 1

// December 8th, 2011 // Comments Off // Information

When life gets boring we look for things that are different to cheer us up (or change weather as we say in Saudi). So, here’s a list of weird yet creative restaurants from around the world:

Ninja Restaurant in New York

Idea: Ninjas serve you in this restaurant !! [video here]

ninjas

—–

Hilton Maldives Resort & Spa in Rangalifinolhu, Maldives

Idea: It’s pretty clear from the photo, the restaurant is under water! [link]

underwater

—–

Hajime Robot Restaurant

Idea: The waiters in this restaurant are Robots !! [link]

robots

—–

ONOIR in Canada

Idea: Its totally dark in the restaurant. When you eat without your sight, your remaining senses are heightened to savour the smell and taste of food. Some of the waiters are blind, so its great they get a job oppertunity. [link]

onoir

—–

Graveyard Restaurant – Ahmadabad, India

Idea: well, its a graveyard with real occupied graves!! Why would anyone want to eat there?! That’s just stupid and crazy, yet its different thus attracting tourists. [link]

graveyard

—–
Kayabukiya Tavern in Japan

Idea: The servers in this restaurant are MONKEYS !!

—–

Toilet Restaurant in Taiwan

Idea: I’m not saying it’s a good idea, just saying its different! In this restaurant, the clients sit on toilets and eat from mini toilets too !! [link]

toilet

Dear Sophie…

// December 6th, 2011 // Comments Off // tech

This commercial is by Google Chrome, I loved the idea sooo much!

Blackberry and Linksys

// August 9th, 2010 // 1 Comment » // tech

I’ve had some trouble getting my blackberry to work with linksys routers. After reading a couple of posts on different forums, I found this solution which should work with any linksys. Changing these settings should allow you to connect to the blackberry server without connecting to a mobile network, you’ll get access to your email, bb messenger, etc. This is useful when you’re roaming and don’t want to be charged for data usage.

Change the wireless settings on your router to the following:

DTIM: 2 (1-255)
Fragment Threshold : 2304 (256-2346)
RTS Threshold : 2304 (0-2347)
Beacon Interval : 50 (20-1024 ms)

I used to think that having a UMA connection meant I could make long distance calls as if I was in Canada, but it turns out I need to get another service to make my UMA work while roaming.

Wireless Electricity

// August 29th, 2009 // 1 Comment » // tech

For more information on the Wardenclyffe Tower mentioned in the presentation click here. It was an early wireless telecommunications tower designed by Nikola Tesla and intended for commercial trans-Atlantic wireless telephony, broadcasting, and to demonstrate the transmission of power without interconnecting wires. The core facility was never fully operational and was not completed due to economic problems.

For more on witricity click here.

Lights Out !!

// July 20th, 2009 // 3 Comments » // Hacks

Mirza sent me this video of a guy turning the power off from two buildings. In this video he uses his iPhone to connect to the power controls in those two buildings. Now I don’t know if this is real or not, but I doubt that he edited the video. Though it is possible that he video taped this during a black out then edited these parts in.

This is a video of him raising a bridge to stop traffic, in this video he plays with the highway signs, and in this video he hacks Microsoft in their headquarters.

So, do you think they’re real or fake?