Archive for May, 2013

مراقبة الوتس اب؟

// May 18th, 2013 // 1 Comment » // Hacks, tech

كثر الحديث مؤخرا عن هيئة الاتصالات في المملكة و عن رغبتها في مراقبة الرسائل و الملفات المرسلة عن طريق الوتس اب. لي تعليق في نهاية المقال، و لكن أردت بعجالة أن أشرح بشكل مختصر عن نقاط الضعف في برنامج الوتس اب و الثغرات التي يمكن استغلالها و مدى إمكانية مراقبة المحدثات و الملفات المرسلة.

أولا: نقاط الضعف التي يمكن استغلالها:

-  يمكننا استخدام البرنامج برقم شخص اخر و استقبال رسائلهم بالاضافة الى امكانية ارسال رسائل من ارقامهم، و لكن سينتج عن هذا عدم تمكن المستخدم الاساسي من استخدام الوتس اب الا بعد القيام بعملية اعادة التسجيل. (لن أشرح الطريقة في هذا المقال، و لكن إذا كان هناك أقبال فقد أشرحها في مقال أخر)

-  يمكننا ارسال رسائل مجانية SMS لاي جوال في العالم. و ذلك من خلال استغلال خدمة رسائل التفعيل التي ترسل للمستخدم بعد التسجيل في الخدمة.

-  أما عن مراقبة جميع الاتصالات فالموضوع صعب و سأشرح طريقة التشفير في برنامج الوتس اب في الفقرة الثانية. الجواب في نهاية المقال.

ثانيا: كيف يعمل الوتس اب و امكانية مراقبة جميع الاتصالات: (سامحوني هذا الجزء بالانجليزي لكثرة المصطلحات و لكن الجزء الثالث من المقال ملخص بالعربي)

First of all, I know its illegal to monitor traffic and I am totally against it, but since many have been talking lately about the government wanting to monitor all whatsApp traffic, I started thinking whether its possible or not from a pure technical point of view. I also want to go on record saying its stupid to monitor, because with so many other encrypted alternatives out there, the bad guys would just stop using whatsApp and move on to something else, and the guys going through the traffic would be left with high school girls gossiping and millions of sandwich pictures of and cups of coffee taken from hundreds of angles.

Many of you might have heard of whatsApp Sniffer. If you haven’t, then don’t worry about it, its useless now. That probably explains why Big Brother is a bit pissed.! I believe it was last September, that the folks at whatsApp inc decided to encrypt all data communications between their servers and the clients. Before that, it was possible to simply sniff wifi traffic, and filter out whatsApp traffic using their servers’ IPs, and viola you get to see all whatsApp messages in clear text. There was an android app called whatsApp Sniffer, which is still out there if you’re interested in seeing what whatsApp encrypted traffic looks like. But, I should warn you, its 2013 and nothing is free. If something is free, then there’s a catch, which means its highly likely that many of the android apps you download online have spyware and whatnot, so just stay away from them.

Ok, back to whatsApp. The question now is what kind of encryption are we looking at? How does it work? And can it be broken?

In the beginning I believe they went with a weak cryptosystem, which was then broken. However, it was soon changed to the stream cipher “RC4” (aka ARC4). It  was invented in 1987 by Ron Rivest (RC stood for Ron’s Code).  It was kept a secret until 1994, when someone anonymously posted its description online. From there it took off! Why did they go for RC4? Its fast, simple, and its does the job well.

Ok, if we want to know how to see whatsApp traffic, we have to understand the authentication protocol between the client and whatsApp servers.

The authentication is a challenge/response authentication protocol. The server sends the client an authentication request containing some RANDOM bytes of data. The client takes that data, and combines them to the password of the account using PBKDF2.

So the RC4 session key = PBKDF2(PRF, Password, Salt, c, dkLen)

The Salt is used to randomize so the RANDOM bytes of data would be used for that.

c is the number of iterations.

dkLen is the length of the derived key, which is 160 bits in the case of whatsApp.

Since, the server also knows the account password, it also has the ability to calculate the same session key. The client then responds to the server by sending a message containing the username and some other random data. If the server manages to decrypt the message, it would confirm that the client has calculated the correct session key. The packets would be encrypted from then on using RC4 with the new session key.

One might ask if it’s possible to calculate the key using a “plain know text” attack against the authentication packets. I don’t think so, because they would obviously add a nonce in the response.

What does a whatsApp packet look like?

Flags Packet Size Packet Data
1B 2B 0 to 8kB

The Flag is only one Byte, and the first bit is set when the packet is encrypted. I’m not sure what the rest are used for

The Packet Size uses 16 bits to represent the size of the packet data.

The last four bytes are used as a HMAC-SHA1 checksum if the packet is being sent from the client to the server. If the packet is being sent from the server to the client, then the checksum is the first four bytes.

The data structure is similar to XML in way. It contains a tree of information with the following:

The basic format of an element is:

Element Size Type Tag Attributes Children/Data
2-3 Bytes 1B

Ok, now to the big question, does RC4 have any flaws? If so, how can then be used in this case?

– When we encrypt our goal is to hide a message by converting it into a ciphertext that looks absolutely random by not giving any information about the plaintext or the encryption key. It was believed that RC4 achieved this, however in recent years researchers have discovered that RC4 has a number of small biases. This has been know for years, but that weren’t very significant. A recent work by Sepehrdad et al in 2011 discovered more biases.

– To make it simple, if we manage to get a user to encrypt the same plaintext encrypted with many different encryption keys, then it would be possible to take advantage of the RC4 biases to figure out what was encrypted. You might think this is stupid and useless, but bear with me:

– You might ask, how would I get a user to send the same plaintext many times using different keys. Well, the initial packets tend to be the same, and in the case of whatsApp, clients send messages on their status (whether they’re online or not)  and these messages tend to be repeated and we would be able to use those (unless nonces are used). Also, the session encryption keys change alot, which means we will get those messages encrypted using a different key everytime a new session key is assigned to a client. Also, there are methods which may be used to get the client to send a common response or force the generation of new session keys.

– Seems simple ay? Well its not, because when we say many messages, we mean MANY..! According to the work by Sepehrdad et al, to recover a WEP secret of 128 bits, they needed 9800 encrypted packets. But we’re not dealing with WEP here, so for whatsApp’s 160 bit keys we would need a much much larger number of encrypted packets.

– There is a project called “whatsapp dissector for wireshark”. You plug in the key, and it would use wireshark to grab the traffic, filter out whatsapp traffic, and then display it after decrypting it using the keys you provide.

I’m feeling kinda sleepy, so I’ll just wrap this up real quick and go back to bed. Also, I’m not an expert on RC4, so if you find any mistakes just let me know :)

-  ثالثا:

نعود للسؤال المطروح بعد هذا الشرح المختصر. هل من الممكن مراقبة محادثات الوتس اب؟ لمستخدم واحد.. ممكن بعد جهد. هناك اكثر من طريقة، لكني لم أجربها..

هل من الممكن مراقبة جميع محادثات الوتس اب على مستوى عام؟ ما فيه مستحيل و لكنه صعب جدا جدا جدا..! و سينتج عن المراقبة أن المحادثات و ارسال الصور و غيرها ستكون أبطئ بكثير جدا، و سينتج عنه نفور الناس عن الوتس اب و الانتقال الى بديل أخر.

- رابعا: رايي حول الموضوع:

أفهم أن المراقبة ليست من أجل معرفة أسم بنت أم بندر الجديدة، و ليس من أجل معرفة ما إذا كانت خلود حامل، بل هو لحفظ الأمن في البلد. ولكن هل ستكون المراقبة مجدية؟

المراقبة لن تكون مجدية بنظري لان الأشخاص الذين نخشى من أذاهم ، لن يستخدموا وسائل الاتصالات المراقبة. إذن ما الفائدة من المراقبة في ظل وجود مئات الوسائل الأخرى المشفرة بطرق أخرى مختلفة؟

——

image above taken from http://web.davidgf.net/page/37/whatsapp-dissector-for-wireshark

In an elevator..

// May 4th, 2013 // Comments Off // humor, life, me, tech

I haven’t written anything in a while, and I thought tonight was  a good night to write. Something interesting happened today while I was in the elevator and I thought I’d share it here with you all :p

Seriously if you think this is boring, either skip to the last two sentences or type http://youtube.com in your address bar, I hear they have interesting videos on that site. Come to think of it, here’s a quick story: My cleaning lady likes to talk, and yesterday she was talking about youtube and how she loves it and the first time she saw it etc.. Now she’s a bit old and not tech-savy, yet she was tell me how she felt the first time her daughter showed her youtube. She described her feelings as if this youtube site was invented before world war 1. Then I started to recall when I first saw youtube. I remember I read an article about it on slashdot around May or June 2005 (it was our digg/reddit back in the day). I saw the site, and I believe it was during its first or second month, and there were less than a thousand videos. You could have literally browsed through all the videos in a day. I remember thinking to myself, that this was a very stupid idea because streaming videos costs money, and how could they pay for all that bandwidth..? Ads? Who could manage such a global ad system? It turned out google had the power to create a global ad system so powerful, it actually made youtube work and become a billion dollar investment. Why am I talking about youtube? this is supposed to be about elevators…

Okay back to my elevator story. So I get on the elevator today around 6pm, and there are 5 people. I look at the board, and 5 buttons are pressed. After I got off on my floor, I was talking to my neighbor about the probability of each person getting of on a different floor. Its not really that rare, because the probability was 0. 25 (I’ll show you how to calculate it).

elevator

So my neighbor goes on to tell me that last week he was the tenth person to get on the elevator from the garage in our building. Each person went to a different floor, and one of them actually got off on the ground floor, which is uncommon. So, I started to think to myself, how rare is that? 10 people get on the elevator in the basement, and all go to 10 different floors in a 10 story building? The answer is 3 in 10,000..! Ok, then I started to think, how many times has this elevator had exactly 10 people in it? Our building is only 35 months old. If we assume that the elevator gets exactly 10 people going up from the basement floor(s) in it, 4 times a day during the weekdays and twice during saturdays and sundays, and I do believe that I’m pushing it there. That would mean that since the building was built until today, this has only happened 3639 times at most.

So, the probability that this has ever happened in our building is 0.36, which means there is a 0.636 chance that this has never ever happened..! And if it did happen, then it would have been a very very rare occurrence…! I sorta wish I was on that elevator…

Okay to calculate the probability, you do the following:
– First person will obviously push an un-pressed button: probability is 10/10 = 1
– Probability of the second person pressing one of the un-pressed buttons: 9/10 = 0.9 (there is a 0.1 chance he’ll push the one pressed by the first guy)
– Probability of the third person pressing one of the un-pressed buttons: 8/10 = 0.8 (again there is a 0.2 chance he’ll push a previously pressed button)
– Probability of the forth person pressing one of the un-pressed buttons: 7/10 = 0.7
– ..
– ..
– Tenth guy pressing the last un-pressed button: 1/10 = 0.1 (meaning there is a 0.9 chance he’ll press a button already chosen by someone else!)

Total probability is the product of all the probabilities = 1 * 0.9 * 0.8 * 0.7 …. * 0.1 = 0.00036288

which means this only happens 3 or 4 times every 10 thousand times!

obviously this was the case for our building, and it might be different for yours, but at least now you know how to calculate it. I wonder if anyone actually read this.. LOL