Copyright 2011 – mlcu.com As presented to the Tulsa Chapter of the Information Systems Audit and...
-
Upload
reynold-underwood -
Category
Documents
-
view
216 -
download
0
description
Transcript of Copyright 2011 – mlcu.com As presented to the Tulsa Chapter of the Information Systems Audit and...
Copyright 2011 – mlcu.com
As presented to the Tulsa Chapter of the Information Systems Audit and Control
Association (ISACA)On April 28, 2011
Many thanks to the Tulsa ChapterAnd Mr. Jon Williams
Vice President
1
01010100 01101000 01100101 00100000 01010100 01110101 01101100 01110011 01100001 00100000 01001001 01010011 01000001 01000011 01000001 00100000 01100111 01110010 01101111 01110101 01110000 00100000 01101001 01110011 00100000 01101000 01100001 01110110 01101001 01101110 01100111 00100000 01101100 01110101 01101110 01100011 01101000 00100000 01100001 01110100 00100000 01000110 01101100 01100101 01101101 01101001 01101110 01100111 01110011 00101110 00100000 01001100 01110101 01101110 01100011 01101000 00100000 01101001 01110011 00100000 01100001 01101100 01110111 01100001 01111001 01110011 00100000 01100111 01101111 01101111 01100100 00100000 01110100 01101000 01100101 01110010 01100101 00101110
Copyright 2011 – mlcu.com
What Is Data?What is Digital Data?
Code Sheets, Error Levels and Endians Oh My!
Benjamin DaviesCISSP, CISA, CM, CSM, ITILv3
Presentation contains an extensive notes section
Protocols
3
What Will We Need to Know?• Code Sheets – ASCII is the most likely but
there are thousands and thousands.• Error levels – EVERY operation produces
an error code. Mostly it is “error level 0” Meaning everything is OK, some are flags.
• Protocols – A list of the rules we will operate under.
• Endians – Determines where to start counting the bits.
Copyright 2011 – mlcu.com 4
Copyright 2011 – mlcu.com 5
Hex to Binary
0 00001 00012 00103 00114 01005 01016 01107 0111
8 10009 1001A 1010B 1011C 1100D 1101E 1110F 1111
6
Code Sheet to HEX to Binary8 4 2 1 8 4 2 10 1 0 0 1 1 0 0
4 CCodeSheetValue
128 64 32 16 8 4 2 10 1 0 0 1 1 0 0
76
CodeSheetValue7
01010100 01101000 01100101 00100000 01010100
01110101 01101100 01110011 01100001 00100000
01001001 01010011 01000001 01000011 01000001
00100000 01100111 01110010 01101111 01110101
01110000 00100000 01101001 01110011 00100000
01101000 01100001 01110110 01101001 01101110
01100111 00100000 01101100 01110101 01101110
5 4 6 8 6 5 2 0 5 4
7 5
4 9 5 3 4 1 4 3 4 1
6 1 2 06 C 7 3
Copyright 2011 – mlcu.com
01010100 01101000 01100101 00100000 01010100
01110101 01101100 01110011 01100001 00100000
01001001 01010011 01000001 01000011 01000001
00100000 01100111 01110010 01101111 01110101
01110000 00100000 01101001 01110011 00100000
01101000 01100001 01110110 01101001 01101110
01100111 00100000 01101100 01110101 01101110
5 4 T
6 8 h
6 5 e
2 0 5 4 T
7 5 u
4 9 I
5 3 S
4 1 A
4 3 C
4 1 A
6 1 a
2 06 C l
7 3 s
2 0 6 7 g
7 2 6 F 7 5
2 0 6 9 7 3 2 0
6 8 6 1 7 6 6 9 6 E
7 0
Copyright 2011 – mlcu.com 11
Copyright 2011 – mlcu.com 12
Copyright 2011 – mlcu.com
Side note on the tools used.
• We are using a music player but this is just a stand-in for ANY program
• A text editor (notepad++) • A Hash Calculator (HashCalc), • A Hex Editor (CygnusHex).• Frhed (Free Hex Editor).
13
Copyright 2011 – mlcu.com
Encryption
• Exclusive OR a string of text (called plain text) in binary, with a string of text (called the encryption string) and call the result cypher text.
• Send the cypher text to a recipient who XORs the string of text used to encrypt and the result is the original text
14
Copyright 2011 – mlcu.com
XOR
• Exclusive OR – is like adding without carrying the 1. There is a more accurate definition but this is good for us at the moment.
• 0 xor 0 = 0• 0 xor 1 = 1• 1 xor 0 = 1• 1 xor 1 = 0
15
Copyright 2011 – mlcu.com
Encryption with XOR
• Plain text binary string (AbCd 41,62,43,64)• Encryption string (Key$ 4B,65,79,24)• Cypher text (..:@ 0A,07,3A,40)
01000001 01100010 01000011 0110010001001011 01100101 01111001 0010010000001010 00000111 00111010 01000000
16
Copyright 2011 – mlcu.com
Encryption with XOR
• Cypher text (..:@ 0A,07,3A,40) • Encryption string (Key$ 4B,65,79,24)• Plain text binary string (AbCd 41,62,43,64)
00001010 00000111 00111010 0100000001001011 01100101 01111001 0010010001000001 01100010 01000011 01100100
17
Copyright 2011 – mlcu.comNew Flag of Freedom
Copyright 2011 – mlcu.com
XOR to get Parity
• If I can XOR two bits… Then I should be able to XOR a series of bits (parity).
10101010 = 0 00000001 = 111111100 00110101 01101100 = 0
19
Copyright 2011 – mlcu.com
and …• XOR is good for digital signatures,
checksums
20
• GIFs are lossy in color if your original image had more than 256 colors, as it only uses an 8 bit palette. A good image editing program will pick the optimum 256 color palette when saving (the bundled MS Paint program is not a good program by that criterion)
• When saving PNGs, a good image editor will allow you to choose 24 bit color, for image file storage that is about as lossless as it gets. For photos this is fine. However, the question you have to ask yourself for graph images is “do I need millions of colors?” and the answer if you haven’t chosen fancy visual effects like fading backgrounds is “No!”
• Color depth is the hidden cost of image file size that many people forget when they’re trying to squeeze down file size. If you have a very good image editor (I use Paint Shop Pro for all my graphs) you can choose an exact number of colors, and I find 16 colors (4 bits) or fewer will often do the job just fine.
• PNG and GIF, when saving with the same small number of colors, do just about as well as each other in compression. I find GIF has the same size whether the image is interlaced or non-interlaced, interlaced PNG is a bit bigger than GIF, and non-interlaced PNG is a bit smaller than GIF.
• So non-interlaced PNG, with the minimum number of bits necessary to give you all the colors you want, gets you the smallest files per displayed pixel. GIF is a very close second.
Copyright 2011 – mlcu.com 21
Copyright 2011 – mlcu.com
Binary describes color, sound, shapes, and other data.
22
Bitmap in hex editor
Copyright 2011 – mlcu.com 23
Flags, error levels
Copyright 2011 – mlcu.com
1 -> 00000001 2 -> 00000010 4 -> 00000100 8 -> 00001000
16 -> 00010000 32 -> 00100000 64 -> 01000000
128 -> 1000000024
Copyright 2011 – mlcu.com
ASCII test available but that does not have a key… ALT 168 question mark ALT 174
£ 156° 0176² 0178☻ 2♥ 3♦ 4♣ 5♠ 6♪ 13♫ 14§ 21
¿ 168½ 171¼ 172¡ 173± 241÷ 246≈ 247
25
RWX-RWX-RWX
Unix file permissions set by a series of three bit binary flags. One set for User, Group, All.
Copyright 2011 – mlcu.com
4 2 1 4 2 1 4 2 1r w x r w - r - -
7 6 4
26
IP Addresses
Copyright 2011 – mlcu.com
128 64 32 16 8 4 2 11 0 1 0 1 0 0 0
168
128 64 32 16 8 4 2 10 1 1 1 1 1 1 1
127
128 64 32 16 8 4 2 11 1 0 0 0 0 0 0
192
128 64 32 16 8 4 2 11 1 1 1 1 1 1 1
255
27
MAC Address
Copyright 2011 – mlcu.com 28
Copyright 2011 – mlcu.com
Packet Sniffer
29
The GET packet.
Copyright 2011 – mlcu.com 30
Copyright 2011 – mlcu.com
01010100.01101000.01100001.01101110.01101011.00100000.01111001.01101111.01110101.00100000.01100110.01101111.01110010.00100000.01111001.01101111.01110101.01110010.00100000.01100001.01110100.01110100.01100101.01101110.01110100.01101001.01101111.01101110.00101110.00100000.01001000.01100001.01110110.01100101.00100000.01100001.00100000.01100111.01110010.01100101.01100001.01110100.00100000.01100100.01100001.01111001.00100001.
54.68.61.6E.6B.20.79.6F.75.20.66.6F.72.20.79.6F.75.72.20.61.74.74.65.6E.74.69.6F.6E.2E.20.48.61.76.65.20.61.20.67.72.65.61.74.20.64.61.79.21.
Thank you for your attention. Have a great day!
31