Copyright 2011 – mlcu.com As presented to the Tulsa Chapter of the Information Systems Audit and...

Copyright 2011 – mlcu.com

As presented to the Tulsa Chapter of the Information Systems Audit and Control

Association (ISACA)On April 28, 2011

Many thanks to the Tulsa ChapterAnd Mr. Jon Williams

Vice President

1

01010100 01101000 01100101 00100000 01010100 01110101 01101100 01110011 01100001 00100000 01001001 01010011 01000001 01000011 01000001 00100000 01100111 01110010 01101111 01110101 01110000 00100000 01101001 01110011 00100000 01101000 01100001 01110110 01101001 01101110 01100111 00100000 01101100 01110101 01101110 01100011 01101000 00100000 01100001 01110100 00100000 01000110 01101100 01100101 01101101 01101001 01101110 01100111 01110011 00101110 00100000 01001100 01110101 01101110 01100011 01101000 00100000 01101001 01110011 00100000 01100001 01101100 01110111 01100001 01111001 01110011 00100000 01100111 01101111 01101111 01100100 00100000 01110100 01101000 01100101 01110010 01100101 00101110


What Is Data?What is Digital Data?

Code Sheets, Error Levels and Endians Oh My!

Benjamin DaviesCISSP, CISA, CM, CSM, ITILv3

Presentation contains an extensive notes section

Protocols

3

What Will We Need to Know?• Code Sheets – ASCII is the most likely but

there are thousands and thousands.• Error levels – EVERY operation produces

an error code. Mostly it is “error level 0” Meaning everything is OK, some are flags.

• Protocols – A list of the rules we will operate under.

• Endians – Determines where to start counting the bits.

Copyright 2011 – mlcu.com 4

Hex to Binary

0 00001 00012 00103 00114 01005 01016 01107 0111

8 10009 1001A 1010B 1011C 1100D 1101E 1110F 1111

6

Code Sheet to HEX to Binary8 4 2 1 8 4 2 10 1 0 0 1 1 0 0

4 CCodeSheetValue

128 64 32 16 8 4 2 10 1 0 0 1 1 0 0

76

CodeSheetValue7

01010100 01101000 01100101 00100000 01010100

01110101 01101100 01110011 01100001 00100000

01001001 01010011 01000001 01000011 01000001

00100000 01100111 01110010 01101111 01110101

01110000 00100000 01101001 01110011 00100000

01101000 01100001 01110110 01101001 01101110

01100111 00100000 01101100 01110101 01101110

5 4 6 8 6 5 2 0 5 4

7 5

4 9 5 3 4 1 4 3 4 1

6 1 2 06 C 7 3

01010100 01101000 01100101 00100000 01010100

01110101 01101100 01110011 01100001 00100000

01001001 01010011 01000001 01000011 01000001

00100000 01100111 01110010 01101111 01110101

01110000 00100000 01101001 01110011 00100000

01101000 01100001 01110110 01101001 01101110

01100111 00100000 01101100 01110101 01101110

5 4 T

6 8 h

6 5 e

2 0 5 4 T

7 5 u

4 9 I

5 3 S

4 1 A

4 3 C

4 1 A

6 1 a

2 06 C l

7 3 s

2 0 6 7 g

7 2 6 F 7 5

2 0 6 9 7 3 2 0

6 8 6 1 7 6 6 9 6 E

7 0


Side note on the tools used.

• We are using a music player but this is just a stand-in for ANY program

• A text editor (notepad++) • A Hash Calculator (HashCalc), • A Hex Editor (CygnusHex).• Frhed (Free Hex Editor).

13


Encryption

• Exclusive OR a string of text (called plain text) in binary, with a string of text (called the encryption string) and call the result cypher text.

• Send the cypher text to a recipient who XORs the string of text used to encrypt and the result is the original text

14


XOR

• Exclusive OR – is like adding without carrying the 1. There is a more accurate definition but this is good for us at the moment.

• 0 xor 0 = 0• 0 xor 1 = 1• 1 xor 0 = 1• 1 xor 1 = 0

15


Encryption with XOR

• Plain text binary string (AbCd 41,62,43,64)• Encryption string (Key$ 4B,65,79,24)• Cypher text (..:@ 0A,07,3A,40)

01000001 01100010 01000011 0110010001001011 01100101 01111001 0010010000001010 00000111 00111010 01000000

16


Encryption with XOR

• Cypher text (..:@ 0A,07,3A,40) • Encryption string (Key$ 4B,65,79,24)• Plain text binary string (AbCd 41,62,43,64)

00001010 00000111 00111010 0100000001001011 01100101 01111001 0010010001000001 01100010 01000011 01100100

17


XOR to get Parity

• If I can XOR two bits… Then I should be able to XOR a series of bits (parity).

10101010 = 0 00000001 = 111111100 00110101 01101100 = 0

19


and …• XOR is good for digital signatures,

checksums

20

• GIFs are lossy in color if your original image had more than 256 colors, as it only uses an 8 bit palette. A good image editing program will pick the optimum 256 color palette when saving (the bundled MS Paint program is not a good program by that criterion)

• When saving PNGs, a good image editor will allow you to choose 24 bit color, for image file storage that is about as lossless as it gets. For photos this is fine. However, the question you have to ask yourself for graph images is “do I need millions of colors?” and the answer if you haven’t chosen fancy visual effects like fading backgrounds is “No!”

• Color depth is the hidden cost of image file size that many people forget when they’re trying to squeeze down file size. If you have a very good image editor (I use Paint Shop Pro for all my graphs) you can choose an exact number of colors, and I find 16 colors (4 bits) or fewer will often do the job just fine.

• PNG and GIF, when saving with the same small number of colors, do just about as well as each other in compression. I find GIF has the same size whether the image is interlaced or non-interlaced, interlaced PNG is a bit bigger than GIF, and non-interlaced PNG is a bit smaller than GIF.

• So non-interlaced PNG, with the minimum number of bits necessary to give you all the colors you want, gets you the smallest files per displayed pixel. GIF is a very close second.



Binary describes color, sound, shapes, and other data.

22

Bitmap in hex editor


Flags, error levels


1 -> 00000001 2 -> 00000010 4 -> 00000100 8 -> 00001000

16 -> 00010000 32 -> 00100000 64 -> 01000000

128 -> 1000000024


ASCII test available but that does not have a key… ALT 168 question mark ALT 174

£ 156° 0176² 0178☻ 2♥ 3♦ 4♣ 5♠ 6♪ 13♫ 14§ 21

¿ 168½ 171¼ 172¡ 173± 241÷ 246≈ 247

25

RWX-RWX-RWX

Unix file permissions set by a series of three bit binary flags. One set for User, Group, All.


4 2 1 4 2 1 4 2 1r w x r w - r - -

7 6 4

26

IP Addresses


128 64 32 16 8 4 2 11 0 1 0 1 0 0 0

168

128 64 32 16 8 4 2 10 1 1 1 1 1 1 1

127

128 64 32 16 8 4 2 11 1 0 0 0 0 0 0

192

128 64 32 16 8 4 2 11 1 1 1 1 1 1 1

255

27

MAC Address



Packet Sniffer

29

The GET packet.



01010100.01101000.01100001.01101110.01101011.00100000.01111001.01101111.01110101.00100000.01100110.01101111.01110010.00100000.01111001.01101111.01110101.01110010.00100000.01100001.01110100.01110100.01100101.01101110.01110100.01101001.01101111.01101110.00101110.00100000.01001000.01100001.01110110.01100101.00100000.01100001.00100000.01100111.01110010.01100101.01100001.01110100.00100000.01100100.01100001.01111001.00100001.

54.68.61.6E.6B.20.79.6F.75.20.66.6F.72.20.79.6F.75.72.20.61.74.74.65.6E.74.69.6F.6E.2E.20.48.61.76.65.20.61.20.67.72.65.61.74.20.64.61.79.21.

Thank you for your attention. Have a great day!

31

Copyright 2011 – mlcu.com As presented to the Tulsa Chapter of the Information Systems Audit and...

Documents

Transcript of Copyright 2011 – mlcu.com As presented to the Tulsa Chapter of the Information Systems Audit and...