Something Awesome: Extension

There were a few problems with the version of the source code I had found on GitHub. Firstly, it didn’t track the use of certain keys such as the Caps Lock key, which is actually a minor issue. However, a huge problem was that it didn’t properly re transmit the proper keys when the Numpad was used.

When any of the numbers were pressed, random alphabetical keys appeared on the screen. I later discovered that the values on the numpad were transmitting ascii values that started at 0x59 for the Numpad_1 key. Hence, I wanted to improve on this design and eventually share it with the community that taught me how to build this keylogger.

I will now detail the steps I have took to add support for the Numpad and capslock button for this design. All the methods that I have made changes to can be found in the keylogger.ino file.

For the OnKeyDown method, I added an if statement before the check if parsedKey is equal to key. In that if statement, I checked if the key was equal to the hexadecimal value of the signal parsed in for Numpad_1, which was 0x59, to Numpad_0, 0x62. The ascii value 0x59 actually corresponds to ‘Y’, which explains why the keylogger was transmitting a ‘Y’ to the target computer when the Numpad_1 key was hit.

I then mapped the key values to the corresponding char values and called the _press() method, parsing in the ascii value of the character that I want transmitted to the target computer.

For the OnKeyUp method, I did something similar to what I did in the OnKeyDown method. I checked for the hexadeximal values I was getting when I pressed on the keys on the numpad, assigned a variable to hold the ascii values of the keys I wanted to transmit, and used the _release() and Serial.print() methods.

In this case, used the _getChar() method to find the correct value to parse into the Serial.print() method.

In the _parse method, I added the case where the hexadecimal value 0x39 was being parsed in when the Caps Lock button was hit.

In the _getChar() method, I added the cases where the numpad or caps lock buttons were hit.

The changes I have made here have worked for me and I will be putting this on GitHub. I will also be demonstrating this in the analysis session when it is my turn to present.

Something Awesome: Arduino Leonardo and USB Host Shield 3

In this post, I will describe the setup and loop methods of the Arduino keylogger itself.

KbdRptParser parser; - Right before the setup method, a KbdRptParser object was instantiated. The reason that this is here and not above with the other global variables is probably because the KbdRptParser class had to be created before it could be instantiated.

Setup:

Serial.begin();

This sets the data rate in bits per second for serial data transmission (to the ESP8266).

Keyboard.begin();

This allows the Leonardo to start emulating a keyboard connected to a computer.

delay(2000);

Waits for 2 seconds.

if(Usb.Init() == -1) Serial.println("OSC did not start.");

Initialise the Usb object (HidKeyboard). If the Usb object failed to initialise, print the string stated.

delay(200);

Wait for 200 milliseconds.

next_time = millis() + 5000;

Set the variable next_time to 5000 milliseconds after the current time.

HidKeyboard.SetReportParser(0, &parser);

Sets the report parser of the HidKeyboard to the KbdRptParser declared above.

Loop:

Usb.Task();

Continuously run the Usb task.

Something Awesome: Arduino Leonardo and USB Host Shield 2

In this post, I will explain the KbpRptParser class found in keylogger.ino.

KbdRptParser extends the KeyboardReportParser class with the following methods.

_parse: 

This method takes in a key in the form of a uint8_t value and checks if it is a special key such as any of the function keys, return, escape, insert, home etc. If it is a special key, it returns a predefined uint8_t value for the key. If it is a regular key such as an ascii char, then the key is returned.

_getChar:

This method takes in a key in the form of a unit8_t value and returns a string describing the key. For example, if the corresponding value for the ‘INSERT’ key is parsed in, the method will return a String with the value “<INSERT>”.

OnControlKeysChanged:

This method tracks the use of key modifiers such as ‘ctrl’, ‘alt’, and ‘shift’. When these modifiers are pressed, this method ensures that the output of each key will return the correct value. For example, when the ‘a’ key is pressed when ‘shift’ is held down, the Arduino will output the ‘A’ key.

OnKeyDown:

This method takes in a key and a modifier, both as uint8_t values. This method will invoke the _press key, parsing in the corresponding ascii value for the key.

OnKeyUp:

Upon releasing the key typed by the target user, this method will be called. This method calls the _release method, parsing in the corresponding ascii value for the key to be released. It also prints the ascii value to serial. This means that the ascii value will be transmitted to the ESP8266 chip which has been reviewed at an earlier post.

OnKeyPressed:

The code here has been commented out and does nothing.

_press:

Invokes the keyboard.press() method, which takes in a uint8_t value and sends a signal to the target computer to ‘hold the button’ of the key that the ascii value corresponds to.

_release:

Invokes the keyboard.release() method which takes in a uint8_t value and sends a signal to the target computer to release the key that the ascii value corresponds to.

Something Awesome: Review

At last, I have reached the end of my Something Awesome project. I was able to stay on schedule for most of the term, and to have many places on the internet that I was able to refer to.

I was able to build the hardware keylogger with two main components. The first was an Arduino Leonardo with a USB host shield attached to it. This allowed me to capture keystrokes from a target keyboard and re-transmit them to a target computer. The Arduino was connected to the second component, the ESP8266, which allowed me to store the keystrokes in a log file and broadcast a WiFi signal to read the log.

In addition, I will also able to contribute to the community because I was able to improve on the design that I found on GitHub and will be sharing it online.

Demo of keylogger

Milestones achieved:

Core Milestone

All conditions met

Keylogger is able to log most keys on a keyboard

Keylogger is able to log some special keystrokes such as double key strokes

E.g. Shift + a gives ‘A’

Keys such as Esc, Tab, Shift and Return can be logged

Only Scroll lock and Num Lock don’t work.

Bonus Milestones

Persistent storage of logs

Keystrokes are stored in a .txt file on the ESP8266

View logs without having to retrieve the keylogger.

.txt file mentioned above can be viewed over WiFi

Additional changes

Expanded on the source code to allow for the use of Caps Lock and Numpad.

Skills/knowledge gained:

Soldering

Network protocols

WiFi modes

SPIFFS

Web hosting

c++

Week 8 Lecture Review

Lecture 1:

The main thing that I’ve taken away from this lecture was the part where Richard was talking about human weaknesses. While I agree with most of what Richard mentioned, I don’t really think that frequency gambling should be seen as a human weakness. After all, the whole reason that frequency gambling exists in the first place is because the probability of a certain event occurring is so high that we are willing to gamble on it. And if that probability is so high, is it really considered an error to make an educated guess based on statistics?

Lecture 2:

In this lecture, Richard talked a lot about system error. In this case, a system error refers to when many small things that should have a low impact when gone wrong, all go wrong and that somehow leads to a large impact when all put together. Often, when something like this happens, people will often try to look for a single thing to put all the blame on when often, the real reason for the event occurring is many different things. 

The way to combat this is through having a better system design. The way we do this is by not relying on luck, and doing our best to build a system assuming that everything that could go wrong will go wrong. When we design a system for the worst case scenario, we ensure that we have done everything we can (in terms of system design) to reduce system error.

Another one of the factors that can affect the system reliability is culture. When a system fails due to many small factors, these small factors are sometimes human error. I think that the rate of human error is strongly dependent on the mindset of these people in these systems, which is very strongly influenced by the culture in the system. By trying to foster a better work culture in the system, human error can go down and that will contribute to a lower rate of system error.

Security Everywhere: An entire nation just got hacked

https://edition.cnn.com/2019/07/21/europe/bulgaria-hack-tax-intl/index.html

In the past week, more than 5 million Bulgarians had their personal data made public after the country’s tax revenue office got hacked. The population of Bulgaria is about 7 million people, so that means almost every working adult in the country had been affected.

This really ties in with the analysis session we had last week, where we discussed whether the Government should be allowed to have access to our private data and this is a very good example of how the Government may not be able to keep our data private even if they were not the ones trying to abuse it.

Security Everywhere: Trump officials weigh encryption crackdown

https://www.politico.com/story/2019/06/27/trump-officials-weigh-encryption-crackdown-1385306

Senior Trump administration officials met to discuss whether to seek legislation prohibiting tech companies from using forms of encryption that law enforcement can’t break. This issue of encryption was the focus of a National Security Council meeting included officials from several agencies. 

Senior oficials debated whether to ask Congress to outlaw end-to-end encryption, which scrambles data so that ionly its sender and recipient can read it. In the recent years, most tech companies have built end-to-end encryption into their products and software as privacy and security features. However, this prevents authorities from investigating terrorism and drug trafficking.

While a ban an end-to-end encryption would make it easier for law enforcement and intelligence agents to access suspects’ data, such a measure would also  make it easier for attackers to steal private information of the victims because it would be easier to create loopholes in encryption that are designed for the government.

In my opinion, putting a ban on encryption would have a huge negative impact on regular people because they would now be vulnerable to every attacker. The outlaws that are looking to conduct their illegal matters would instead look for a new way of safe communication, meaning that the ban on encryption would do nothing but harm the good.

Week 7 case study

This week, we had to debate whether government agencies should collect and have access to our data. I was put on the team debating for the collection of data, but was only able to think of one advantage the people would have by having their data collected.

Here are some of the main points from the debate.

Advantages

- additional surveillance would allow authorities such as the police to better keep track of the population and would be able to reduce rates of some types of crime such as terrorism or kidnapping.

- It shouldn’t affect citizens with nothing to hide.

I don’t really like this argument

Disadvantages

No opt-out

No one to ensure agencies don’t misuse the data.

Government may get hacked.

As for my personal opinion, I feel that the main issue is still a matter of the need for the citizens to have a government that they are able to trust. If there was a perfect government that citizens trust with their information, it would definitely be beneficial for the citizens to share their data because it will allow the government to have more efficient and better services for the country. However, because there are so many different opinion on what constitutes a good government, There will never be a perfect middle ground of compromise where everyone is satisfied with what information is to be collected by the government.

Something Awesome: Arduino Leonardo and USB Host Shield

#include <hidboot.h> - This allows the use of the USB Host Shield. #include <usbhub.h> -  This allows the use of the USB Host Shield. #include "Keyboard.h" - This allows the Arduino Leonardo to emulate a keyboard.

#include <SPI.h> - This allows the Leonardo to communicate with the target computer. #include <SD.h> - This allows the Leonardo to make use of SD cards.

USB     Usb; - Instantiates a USB object HIDBoot<USB_HID_PROTOCOL_KEYBOARD>    HidKeyboard(&Usb); - Instantiates a keyboard object at Usb

Week 7 lecture review

Lecture 1:

In this lecture, the thing that I found most interesting was the Diffie-Hellman  key exchange, which allows two parties who have not previously met to securely establish a key which they can use to secure their communications. The Diffie-Hellman key exchange provides confidentiality but not authentication.

Richard then went on to talk about another vulnerability this week, which is the format string attack. The format string attack works based on the fact that in some languages such as C, functions such as printf can be vulnerable when the program does not check for proper user input. This attack would allow an attacker to write strings and integers into memory, as well as look at bytes in the memory.

Another thing that stuck out to me was when he was talking about asset protection, and how important it was to identify the right things to protect. I feel like this ties in really well with one of the topics mentioned in an earlier lecture when Richard mentioned that security was about risk allocation, because it is through prioritizing assets that we would be able to know where to allocate resources in order to secure an entire system.

Lecture 2:

I found the two seminars this week very interesting. They were about bug bounties and penetration testing. I really enjoyed them because they opened my eyes to a lot of the more technical concepts in this course and also provided a lot of resources for me to get started in preparing for the technical stuff for the final exam.

Contribution to lecture notes

I contributed to the notes this week! (Not sure how to prove that I wrote this).

Link

Format string attack

A format string vulnerability occurs when a program does not properly validate submitted input when using functions such as printf or fprintf.

When exploiting this vulnerability, an attacker could place parameters such %s to write strings into the process’ memory, %n to write integers to locations in the process’ memory or %x to read data from the stack.

Presentation - 51% attack

Another one of the topics we talked about during our extended seminar was the 51% attack.

A 51% attack refers to an attack on a blockchain where a group of miners controlling more than 50% of the network’s mining hashrate would be able to prevent new transactions from gaining conformation. This will allow them to halt payments between some or all users. They would also then be able to reverse transactions that were completed while they were in control of the network, meaning that they could double-spend the coins.

A block chain is a chain of ‘blocks’, where each block contains records of transactions over a period of time. Each of these blocks have a hash, which is determined by the contents of the block, as well as the hash of the previous block.

By controllling the majority of the computing power on the blockchain network, an attacker can interfere with the process of recording new blocks because it would be possible for the attacker to start building a new block based on the hash of a block that is not the mined block. This would mean that all the transactions between the latest mined block and the block that is being branched off would have effectively not have taken placed.

Bits of Penguin

Did the Bits of Penguin exercise just to make sure I understood Bits of Security properly.

Buffer overflow exercises

I was able to complete the first two buffer overflow practice exercises!

Week 6 lecture review

This week, the most important thing I could remember was when Richard talked about buffer overflows.

A buffer overflow is an anomaly when a program writes data to a buffer, but overruns the buffer’s allocated memory. When this happens, the data being written by the program overwrites the adjacent memory locations.

While this may seem like a simple error that may just result in wrong values being read later in the program, it is actually a well-known security exploit. By parsing in data that is designed to cause a buffer overflow, it is possible to write into areas that are expected to hold executable code and replace it with malicious code, or to overwrite data pertaining to the program’s state, causing the program to behave unexpectedly. C provides no built-in protection against accessing data out of the expected region and does not automatically check that data written to an array is within the set boundaries.

Security Everywhere:  Google Home Silently Captures Recordings of Domestic Violence and More

https://threatpost.com/google-home-recordings-domestic-violence/146424/

Google Home smart speakers have been caught capturing recordings of their surroundings without permission. The Dutch news outlet VRT NWS had obtained over a thousand recordings from a Dutch subcontractor who was hired as a language reviewer to transcribe recorded audio by Google Home and Google Assistants to help Google better understand the accents used in the language. However, about 153 of over a thousand recordings, the ‘OK Google’ command was not given.

A representative then acknowledged that some of the audio that was wrongly recorded was due to error, and that the reason why subcontractors had access to the recordings was that Google had to partner with language experts around the world in order to better develop their speech technology for more languages.

While I do agree that it is important to continue to improve the speech recognition technology and that improving the speech technology will eventually lead to these devices not erroneously recording its surroundings, I feel that these companies developing the technology need to be more mindful of their third-party security and data retention policies.