/// <summary>
 /// Provides a record-by-record processing functionality for the cmdlet.
 /// </summary>
 protected override void ProcessRecord()
 {
     Cryptkeeper mycrypt = new Cryptkeeper(this.Passphrase);
     byte[] bytes = mycrypt.GetBytes(this.Message, Cryptkeeper.Action.Encrypt);
     AlternateDataStream.Write(this.Path.FullName, this.Stream, bytes);
     this.WriteObject("Message saved.");
 }
        /// <summary>
        /// Provides a record-by-record processing functionality for the cmdlet.
        /// </summary>
        protected override void ProcessRecord()
        {
            byte[] bytes = AlternateDataStream.Read(this.Path.FullName, this.Stream);
            if (bytes == null)
            {
                this.WriteObject("No message.");
                return;
            }

            Cryptkeeper mycrypt = new Cryptkeeper(this.Passphrase);
            byte[] cleartext = mycrypt.GetBytes(bytes, Cryptkeeper.Action.Decrypt);
            string text = System.Text.Encoding.Unicode.GetString(cleartext);
            this.WriteObject(text);
        }
Beispiel #3
0
        /// <summary>
        /// Read a message using the Least Significant Bit Steganographic method.
        /// </summary>
        /// <param name="path">The bitmap file to write to.</param>
        /// <param name="startingPosition">The starting byte address.</param>
        /// <param name="mathset">The set to use to determine where to update the least significant bits.</param>
        /// <param name="passphrase">The passphrase for encrypting and decrypting the message text.</param>
        /// <returns>Returns the message in Unicode characters.</returns>
        public static string SteganographyRead(string path, uint startingPosition, ChannelTools.MathematicalSet mathset, SecureString passphrase)
        {
            // Read the value in as bytes and convert to Unicode string
            byte[] cipherBytes = SteganographyReadBytes(path, startingPosition, mathset);

            // Decrypt the message
            Cryptkeeper crypt = new Cryptkeeper(passphrase);
            byte[] messageBytes = crypt.GetBytes(cipherBytes, Cryptkeeper.Action.Decrypt);
            string finaltext = new string(Encoding.Unicode.GetChars(messageBytes));

            // Find the stop character: 0xFFFF or 65,535
            int endof = finaltext.IndexOf(Convert.ToChar(ushort.MaxValue));

            // No final character? Return an empty string
            if (endof == -1) return string.Empty;

            // Return the string from the start to the stop character
            return finaltext.Substring(0, endof).TrimStart();
        }
Beispiel #4
0
        /// <summary>
        /// Provides a record-by-record processing functionality for the cmdlet.
        /// </summary>
        protected override void ProcessRecord()
        {
            //// Encode and encrypt the message with spoofed entropy

            Cryptkeeper mycrypt = new Cryptkeeper(this.Passphrase);
            byte[] cipherbytes = mycrypt.GetBytes(this.Message, Cryptkeeper.Action.Encrypt);

            int length = cipherbytes.Length;
            if (this.TargetEntropy > 0) length = length * 3;

            byte[] bytes = ShannonEntropy.Spoof(cipherbytes, this.TargetEntropy, length);

            //// Create a Memory Mapped File without an actual file

            string mappedName = string.Concat("Global\\", this.Mutex);
            string mutexName = string.Concat("Global\\{0}", this.Mutex, "-mutex");

            MemoryMappedFile map;
            try
            {
                map = MemoryMappedFile.CreateOrOpen(mappedName, bytes.Length, MemoryMappedFileAccess.ReadWrite);
            }
            catch (Exception ex)
            {
                this.WriteWarning(ex.Message);
                return;
            }

            // Define an access rules such that all processes on the OS can access it
            var allowEveryoneRule = new MutexAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), MutexRights.FullControl, AccessControlType.Allow);
            var securitySettings = new MutexSecurity();
            securitySettings.AddAccessRule(allowEveryoneRule);

            // Grab the mutex and set the access rules
            Mutex mutex = new Mutex(false, mutexName);
            mutex.SetAccessControl(securitySettings);
            mutex.WaitOne();

            // Write the bytes
            BinaryWriter writer = new BinaryWriter(map.CreateViewStream(0, bytes.Length, MemoryMappedFileAccess.ReadWrite));
            writer.Write(bytes);
            writer.Close();
            mutex.ReleaseMutex();

            Console.WriteLine("Please check for the message now. Once you continue, the message will be scheduled for garbage collection.");
            Console.Write("Press any key to continue . . . ");
            Console.ReadKey(true);
            Console.WriteLine();

            mutex.Dispose();
        }
Beispiel #5
0
        /// <summary>
        /// The handler for HTTP GET requests.
        /// </summary>
        /// <param name="processor">The HTTP processor.</param>
        public void HttpGetHandler(HttpProcessor processor)
        {
            processor.WriteSuccess();

            Cryptkeeper myCrypt = new Cryptkeeper(this.passphrase);
            DerivedValue derived = new DerivedValue(this.passphrase);
            string result = derived.GetString(3, 10);

            // No result? No handshake. Done.
            if (processor.RequestURL.IndexOf(result) == -1) return;

            // Parse out the host name and fetch the next page.
            string hostname = string.Empty;
            string absolutePath = processor.RequestURL;

            string[] values = absolutePath.Split(new string[] { result }, StringSplitOptions.RemoveEmptyEntries);
            absolutePath = values[0].Trim();
            string hostBase64 = values[1].Trim();
            byte[] hostBytes = System.Convert.FromBase64String(hostBase64);
            hostname = Encoding.ASCII.GetString(hostBytes);

            Uri link = new Uri(string.Concat("http://", hostname, absolutePath));

            try
            {
                WebClient web = new WebClient();
                byte[] page = web.DownloadData(link);
                web.Dispose();

                WebPageSteganography stegopage = new WebPageSteganography(page, this.passphrase);
                string message = string.Empty;

                if (this.MessageQueue.Count > 0)
                {
                    message = (string)this.MessageQueue.Dequeue();
                }

                stegopage.WriteValue(message);
                page = stegopage.GetBytes();

                processor.StreamOutput.Write(page);
                processor.StreamOutput.Flush();
                processor.WriteSuccess();
            }
            catch (Exception ex)
            {
                processor.StreamOutput.Write("<html><p>Ping! Something odd happened while retrieving ... " + link.ToString() + "</p><p>" + ex.ToString() + "</p></html>");
            }
        }
Beispiel #6
0
        /// <summary>
        /// Send incognito message via DNS and, if successful, return the value encoded in Base64.
        /// </summary>
        /// <param name="message">The Unicode character string to send over the covert channel.</param>
        /// <returns>String.Empty if the message fails, otherwise, the encrypted message encoded in Base64.</returns>
        private string SendCovertMessage(string message)
        {
            // Execute the covert channel
            this.messageId++;
            ushort fragmentId = 0;

            // Ensure the line is at least 16 Byte (128 bit) for encryption
            do
            {
                message += " ";
            }
            while (message.Length < 16);

            Cryptkeeper mycrypt = new Cryptkeeper(this.Passphrase);
            byte[] messageBytes = mycrypt.GetBytes(message, Cryptkeeper.Action.Encrypt);

            // Setup the DNS calls array, count, and index
            int hostIndex = 0;
            int hostCount = (int)Math.Ceiling((decimal)messageBytes.Length / (decimal)this.messagelist.MaximumByteLength);
            string[] hosts = new string[hostCount];

            for (int i = 0; i < messageBytes.Length; i += this.messagelist.MaximumByteLength)
            {
                ushort length = (ushort)Math.Min(this.messagelist.MaximumByteLength, messageBytes.Length - i);

                byte[] msg = BitConverter.GetBytes(this.messageId);
                byte[] frag = BitConverter.GetBytes(fragmentId);
                byte[] len = BitConverter.GetBytes(length);

                byte[] blendme = new byte[6];
                blendme[0] = msg[0];
                blendme[1] = msg[1];
                blendme[2] = frag[0];
                blendme[3] = frag[1];
                blendme[4] = len[0];
                blendme[5] = len[1];

                byte[] tmp = new byte[length];
                Array.Copy(messageBytes, i, tmp, 0, length);

                BitArray mine = BinaryTools.BlendBits(tmp, blendme, 5);
                string fragment = SimWitty.Library.Core.Encoding.Base32.ToBase32String(mine);

                hosts[hostIndex] = string.Concat(
                    "www.",
                    fragment,
                    ".com.");
                hostIndex++;
                fragmentId++;
            }

            // Randomize the fragmments
            ArrayTools.Scramble(hosts);

            // Send the fragments as DNS hosts using Nslookup
            for (int i = 0; i < hosts.Length; i++)
            {
                this.ExecuteNslookup(hosts[i], this.RemoteAddress);
            }

            return System.Convert.ToBase64String(messageBytes);
        }
Beispiel #7
0
        /// <summary>
        /// Provides a record-by-record processing functionality for the cmdlet.
        /// </summary>
        protected override void ProcessRecord()
        {
            //// Open a Memory Mapped File without an actual file

            string memoryMappedName = string.Concat("Global\\", this.Mutex); // mappedName
            string memoryMutexName = string.Concat("Global\\{0}", this.Mutex, "-mutex"); // mutexName

            MemoryMappedFile map;
            try
            {
                map = MemoryMappedFile.OpenExisting(memoryMappedName);
            }
            catch (Exception ex)
            {
                this.WriteWarning(ex.Message);
                return;
            }

            // Open a existing mutex and prepare to receive
            Mutex mutex = System.Threading.Mutex.OpenExisting(memoryMutexName);
            mutex.WaitOne();

            // Read the memory map and release the mutex
            BinaryReader reader = new BinaryReader(map.CreateViewStream());
            byte[] receiveBytes = new byte[reader.BaseStream.Length];
            reader.Read(receiveBytes, 0, (int)reader.BaseStream.Length);
            reader.Close();
            mutex.ReleaseMutex();

            // Remove spoofing, decrypt, decode, and display the message
            Cryptkeeper mycrypt = new Cryptkeeper(this.Passphrase);
            byte[] cipherbytes = ShannonEntropy.Despoof(receiveBytes);
            byte[] clearbytes = mycrypt.GetBytes(cipherbytes, Cryptkeeper.Action.Decrypt);
            string message = System.Text.Encoding.Unicode.GetString(clearbytes);

            this.WriteObject(message);
        }
Beispiel #8
0
        /// <summary>
        /// Write a message using the Least Significant Bit Steganographic method.
        /// </summary>
        /// <param name="path">The bitmap file to write to.</param>
        /// <param name="startingPosition">The starting byte address.</param>
        /// <param name="message">The message in Unicode characters.</param>
        /// <param name="mathset">The set to use to determine where to update the least significant bits.</param>
        /// <param name="passphrase">The passphrase for encrypting and decrypting the message text.</param>
        public static void SteganographyWrite(string path, uint startingPosition, string message, ChannelTools.MathematicalSet mathset, SecureString passphrase)
        {
            // Append the stop character: 0xFFFF or 65,535
            message += Convert.ToChar(ushort.MaxValue);

            // Encrypt the message
            Cryptkeeper crypt = new Cryptkeeper(passphrase);
            byte[] cipherBytes = crypt.GetBytes(message, Cryptkeeper.Action.Encrypt);

            // Write the encoded and encrypted message
            SteganographyWrite(path, startingPosition, cipherBytes, mathset);
        }
Beispiel #9
0
        /// <summary>
        /// Send incognito message via ping and, if successful, return the value encoded in Base16.
        /// </summary>
        /// <param name="message">The Unicode character string to send over the covert channel.</param>
        /// <returns>String.Empty if the message fails, otherwise, the message encoded in Base16.</returns>
        private string SendCovertMessage(string message)
        {
            // Encode the message
            byte[] bytes = ChannelTools.EncodeString(message.Trim());

            // Encrypt the message
            Cryptkeeper mycrypt = new Cryptkeeper(this.Passphrase);
            byte[] messageBytes = mycrypt.GetBytes(bytes, Cryptkeeper.Action.Encrypt);

            // Get two bytes that represent the length of the messageBytes array
            byte[] lengthBytes = BitConverter.GetBytes(Convert.ToUInt16(messageBytes.Length));

            // Create the ping bytes (length + encrypted message)
            byte[] pingBytes = new byte[messageBytes.Length + 2];
            Array.Copy(lengthBytes, 0, pingBytes, 0, 2);
            Array.Copy(messageBytes, 0, pingBytes, 2, messageBytes.Length);

            // Double-check
            ushort length = BitConverter.ToUInt16(new byte[] { pingBytes[0], pingBytes[1] }, 0);
            byte[] checkBytes = mycrypt.GetBytes(messageBytes, Cryptkeeper.Action.Decrypt);
            string checkText = ChannelTools.DecodeString(checkBytes);
            if (message != checkText) return string.Empty;

            // Send the message in a ping
            try
            {
                Ping p = new Ping();
                p.Send(this.RemoteAddress, 1000, pingBytes);
            }
            catch (Exception ex)
            {
                this.WriteWarning(ex.ToString());
                return string.Empty;
            }

            // Return the message encoded in Base64.
            return SimWitty.Library.Core.Encoding.Base16.ToBase16String(checkBytes);
        }
Beispiel #10
0
        /// <summary>
        /// Write -- encode, encrypt, and hide the steganographic message.
        /// </summary>
        /// <param name="value">The text value to write into the page.</param>
        public void WriteValue(string value)
        {
            Cryptkeeper myCrypt = new Cryptkeeper(this.passphrase);

            byte[] cipherBytes = myCrypt.GetBytes(value, Cryptkeeper.Action.Encrypt);
            byte[] cleartext = myCrypt.GetBytes(cipherBytes, Cryptkeeper.Action.Decrypt);

            byte[] lengthBytes = BitConverter.GetBytes((uint)cipherBytes.Length);
            byte[] buffer = new byte[lengthBytes.Length + cipherBytes.Length];

            Array.Copy(lengthBytes, 0, buffer, 0, lengthBytes.Length);
            Array.Copy(cipherBytes, 0, buffer, lengthBytes.Length, cipherBytes.Length);

            this.EmbedBytesInPage(buffer);

            // If this is a file info, write the bytes down to the file while preserving the file dates
            if (this.isFileInfo)
            {
                // Write the bytes to the file and then reset last access time.
                DateTime created = this.webPageFile.CreationTime;
                DateTime modified = this.webPageFile.LastWriteTime;
                DateTime accessed = this.webPageFile.LastAccessTime;

                BinaryWriter writeFile = new BinaryWriter(File.Open(this.webPageFile.FullName, FileMode.Create));
                writeFile.Write(this.GetBytes());
                writeFile.Close();

                this.webPageFile.CreationTime = created;
                this.webPageFile.LastWriteTime = modified;
                this.webPageFile.LastAccessTime = accessed;
            }
        }
Beispiel #11
0
        /// <summary>
        /// Read -- decrypt, decode, and display the steganographic message.
        /// </summary>
        /// <returns>Returns the clear text message.</returns>
        public string ReadValue()
        {
            // Always use GetBytes because GetBytes does error handling
            byte[] buffer = this.GetBytes();

            // Extract the first four bytes as an unsigned integer specifying length
            byte[] lengthBytes = new byte[4];
            lengthBytes[0] = buffer[this.Positions[0]];
            lengthBytes[1] = buffer[this.Positions[1]];
            lengthBytes[2] = buffer[this.Positions[2]];
            lengthBytes[3] = buffer[this.Positions[3]];
            uint length = BitConverter.ToUInt32(lengthBytes, 0);

            // If the length is 0, there is no message, and we return an empty string
            if (length == 0) return string.Empty;

            // Extract the encrypted bytes
            byte[] cipherBytes = new byte[length];

            for (int i = 0; i < cipherBytes.Length; i++)
            {
                // It should not happen, but just in case, prevent an index out of range exception
                if (i >= buffer.Length) break;

                // We start at length bytes and increment the position index from that point
                uint position = this.Positions[lengthBytes.Length + i];
                byte stegoByte = buffer[position];
                cipherBytes[i] = stegoByte;
            }

            // Decrypt and return
            Cryptkeeper myCrypt = new Cryptkeeper(this.passphrase);
            byte[] cleartext = myCrypt.GetBytes(cipherBytes, Cryptkeeper.Action.Decrypt);
            string value = Encoding.Unicode.GetString(cleartext);
            return value;
        }
Beispiel #12
0
 /// <summary>
 ///  Initializes a new instance of the <see cref="IncogStream" /> class.
 /// </summary>
 /// <param name="stream">The stream to write to and read from.</param>
 /// <param name="passphrase">The secure string used to encrypt messages written to the stream and decrypt messages read from the stream.</param>
 /// <param name="entropy">The approximate Shannon Entropy value (between 1.00 and 7.80) to spoof.</param>
 public IncogStream(Stream stream, SecureString passphrase, double entropy)
 {
     this.innerStream = stream;
     this.mycrypt = new Cryptkeeper(passphrase);
     if (entropy > 0) this.targetEntropy = entropy;
 }
Beispiel #13
0
 /// <summary>
 ///  Initializes a new instance of the <see cref="IncogStream" /> class.
 /// </summary>
 /// <param name="stream">The stream to write to and read from.</param>
 /// <param name="passphrase">The secure string used to encrypt messages written to the stream and decrypt messages read from the stream.</param>
 public IncogStream(Stream stream, SecureString passphrase)
 {
     this.innerStream = stream;
     this.mycrypt = new Cryptkeeper(passphrase);
     this.targetEntropy = 0;
 }
Beispiel #14
0
        /// <summary>
        /// Decrypts the fragments values of this instance into a clear text message string using the passphrase.
        /// </summary>
        /// <param name="passphrase">Decryption key</param>
        /// <returns>Decrypted message string</returns>
        public string GetDecryptedMessage(System.Security.SecureString passphrase)
        {
            if (!this.Complete) return string.Empty;

            Cryptkeeper mycrypt = new Cryptkeeper(passphrase);
            string cleartext = mycrypt.Decrypt(this.GetBytes());
            return cleartext;
        }
Beispiel #15
0
        /// <summary>
        /// Receive incognito message via ping and, if successful, put the value on the pipeline.
        /// </summary>
        /// <param name="rawPacket">The raw bytes that were captured.</param>
        private void ReceiveCovertMessage(byte[] rawPacket)
        {
            try
            {
                int length = rawPacket.Length;
                IPv4Packet packet = new IPv4Packet(rawPacket, length);

                if (packet.SourceAddress.Equals(this.RemoteAddress) && packet.ProtocolType == Protocol.ICMP)
                {
                    ushort len = BitConverter.ToUInt16(new byte[] { packet.Data[8], packet.Data[9] }, 0);
                    byte[] messageBytes = new byte[len];
                    Array.Copy(packet.Data, 10, messageBytes, 0, len);
                    this.WriteVerbose(SimWitty.Library.Core.Encoding.Base16.ToBase16String(messageBytes));

                    Cryptkeeper mycrypt = new Cryptkeeper(this.Passphrase);
                    byte[] checkedBytes = mycrypt.GetBytes(messageBytes, Cryptkeeper.Action.Decrypt);
                    string message = ChannelTools.DecodeString(checkedBytes);

                    if (message.Trim().ToLower() == "exit")
                    {
                        this.packetCapturing = false;
                        return;
                    }

                    if (this.Interactive)
                    {
                        Console.WriteLine("{0} > {1}", packet.SourceAddress.ToString(), message);
                    }
                    else
                    {
                        this.WriteObject(message);
                    }
                }
            }
            catch (ObjectDisposedException)
            {
            }
            catch (Exception ex)
            {
                this.WriteWarning(ex.ToString());
            }
        }