Sunday, June 18, 2017

Where Crypto Helper's security comes from.

As some readers may know, I have pre-released an application for Android called Crypto Helper that is able to secure text in a manner that is extremely hard to break. It's security comes from a few design elements that coincidently allow me to keep the app's source code simple.

Secure Interface:

My app uses a simple interface which doesn't handle sending or receiving any external data, instead my app uses existing features in android known as the clipboard and intent. This design allows the app to automatically paste data into the input, copy output to the system clipboard, or directly export output to external apps like your email client or "secure" text messenger. This simple design also doesn't save your encryption keys, if the keys were saved then the system could be attacked by stealing them from the key stores even if they were made secure through encryption. Since the app saves nothing, once you shut the app down, all sensitive data is never moved from RAM to storage and is therefore lost and impossible for invasive investigations to recover. This means that the security of the app itself is completely dependent on the user and the device, there are no known weaknesses in my app therefore it can only be attacked by attacking the host device or user habits (two factors that are out of the hands of even the best app developers).

Algorithm Design:

Behind the scenes, my app uses simple but powerful algorithms to scramble text and make it unreadable without the correct key. The idea behind encryption is to make sensitive data impractical to derive from the encrypted data, and there are other uses of cryptography like verifying the identity of a sender. My app uses an algorithm that can be layered upon other algorithms like AES256 to make it even more secure, however it is already hard to break on its own. My app not only makes decryption without the key many times harder than encryption or decryption with the key (the mechanism behind encryption), but it also uses a phenomenon known as collisions to mask your data by making several potential solutions with no way for an intruder to tell which one is correct. One time pad is the name of the algorithm I based mine off of, it's unbreakable if a secure key is used once and never found by an intruder, it's lightweight to compute by only adding and subtracting rather than multiplying and dividing.

Features To Foil Crooks And Save You Time:

CryptoHelper gains a new level of security with a simple function I added that adds a massive amount of complexity to cryptanalysis attempts. My app has a feature where it generates random noise and injects it into the cipher-text which changes its length and makes it impossible to tell if all the text is necessary for decryption. With intruders unable to easily separate signal from noise, the text gains a new layer of protection. Crypto Helper also has a hexadecimal encoder for compatibility, if the app creates cipher-text in which has exotic characters, it makes the user's life harder if they need to type in the text so I made a feature where it outputs the hexadecimal notation for the characters to save users from a headache before one is ever found. Keys are hashed by default to save users who choose weak keys and increase difficulty of brute force attacks, users using older keys or custom keys longer than the 512 bit hash will benefit by turning off the "Secure key" feature which will use the key in verbatim. These are some features I have not found in any other application, and I am still adding more if anyone has any ideas.


Monday, June 12, 2017

Stop ads where adblock can't be installed, and save time typing IP addresses.

I'll give some background and show the steps at the end. If you want to just follow some steps or you already know what I'm about to say, then scroll to the end. I won't complain.

What you'll need: The computer you wish to apply this to, a text editor (common ones include: Gedit, Notepad, or TextEdit for Linux, Windows, and Mac respectively), and a list of the hosts you want to route. I'll show you how to get the lists.

I was browsing Google Play for Android apps that compete with my projects, I kept getting pummeled by full screen, deceptive, and flashy banner advertisements when I was looking at what features I need to compete with. I realized that I'm not alone, many of you use programs like Adblock, and I can assume most of you have noticed that ad blocking programs only work within your browser and won't stop ads within other apps. Ad blocking programs also hog your computer's resources which is especially pesky on mobile devices where they drain your battery almost as much as the ads you're blocking anyway. My solution to this will save you CPU and memory, My solution also has the advantage of working on every program running on your system and can be used to create shortcuts when working with IP addresses. This method uses some basic networking principals that everyone uses, they usually work so well that you don't notice the magic happening in cyberspace.

This tutorial harnesses something known in "nerd space" as Domain Name Service or DNS for short, it sounds intimidating but it's really simple for our purposes. Servers need to be found by clients, this is the basis of most of our Internet. Servers are the computers that host the files that make up a service like a website, clients are any machine which is used to access these computers which include laptop and desktop computers, cellular phones, tablets, and some IoT (Internet of things) devices like a smart TV. In order to use a web service, your data packets must know which numerical address points to the same computer systems as the domain you choose, this is done by DNS servers which use a massive database of domains and their numerical addresses to match your queries. Our local tiny database is not that complex because it's too small for the overhead difference to matter. Our clients have a smaller version of what a DNS server does, clients check a file called "hosts" to route known hosts to their addresses. This is useful for keeping local traffic from ever leaving your machine, programs emailing themselves internally shouldn't have to send out potentially private data over the network when the destination is within your client.

Q: Why should I do this?
A: Everyone is different but the most common reasons are to: block content such as ads or NSFW (Not Safe For Work) material, have your computer memorize addresses for you, and/or fix a network mistake made by IT personnel on your machine.

Q: Is it dangerous?
A: I have not heard of any permanent damage caused but since you are telling your machine to force a domain to be a custom address, it is possible to incorrectly route a site. This issue can be fixed by removing or modifying the line in question.

Q: Windows?
A: Yes one can do this on a windows machine. Read on for more.

Q: Will work on iOS?
A: Technically, yes. Apple has many barriers to modifying their system, I can't see anyone able to do this unless one has a jailbreak installed and has tools to modify system files.

Q: Will Mac OS X work with this?
A: Likely, and it will likely be similar to GNU/Linux, just using a different set of programs (TextEdit vs Gedit).

Q: Will my Android device last longer on a charge after this?
A: Possibly, it depends on how many ads you usually see and how much CPU each ad burns on average. Mostly you'll see less time on battery wasted watching ads you can't skip, therefore more productivity per charge even if the time on battery is unaffected.

Q: How much cellular data does this take?
A: None, it may slightly reduce the usage because ads can't load while your device is running.

Q: How does this work with a VPN?
A: I've yet to use this with enough VPN setups to say for sure but as a VPN is basically a virtual tunnel I don't think they will interfere with each other.

Q: Is this illegal?
A: Absolutely not. Where I live at the time this is written, modifying one's own system is perfectly fine so long as you are only modifying your system and not interfering with other peoples property. If you are unsure of the law around anything in cyberspace, do some research for the laws in your area, just because something is legal here doesn't mean it's legal somewhere else. 

 
Q: Seriously, why are you using the terminal in your tutorials? Is there a way to do this from my machines default graphical interface?
A: I like the terminal, I find it's easier than describing where to click if I simply write a script and send it to you, less chance of screw ups too. You can indeed do this graphically but I don't wish to do this because I can get the whole thing done with one command faster for simple things like this than I can with the GUI (Graphical User Interface). Then I get to the issue of cross platform compatibility and every little tweak each user may have performed previous to to reading this, one command is simple and then I don't need to buy three different computers to do this.

This simple little trick is done in a few steps.

  1. Obtain a list of the domains you wish to reroute. This can be done by looking in your notes on which addresses you must know go to which server. You can have a network monitor running and find which domains have traffic spikes when an ad is served. The easiest way to find ad domains to block is to go online and download a few lists which might also have the addresses routed to 0.0.0.0 for you (I'll explain, I promise). If you only wish to block ads then download a current list like this, and this zip file containing an example hosts file. These lists are simply text files and can be copied into yours. there will be some overlap but I will come out with a utility to solve this and it won't cause too much trouble for you. My hosts file is here, named "hosts.txt".
  2. Locate your hosts file, it's a regular text file and it's in a system folder. Under Android this requires you to have a rooted device (modifying any system file needs admin privileges on any system), and you must pull the original file to your computer using ADB (Android Debug Bridge), modify it on your computer and then push the new file to your Android device. On GNU/Linux based operating systems the file will be located in the folder /etc and called "hosts", Linux users will be editing "/etc/hosts". Windows has the file located at "C:\windows\system32\drivers\etc\hosts" and Windows users will use this file path where I use "/etc/hosts". Mac users will need to use "/private/etc/hosts" where I type "/etc/hosts".
  3. Gain administrator privileges, if you own you system then you likely already have these, this is really only an issue where you have someone else managing your computer for you (like in a school). On Linux, make sure your account is of the "admin" type which will make you part of the "sudo" group which allows you to make system modifications like installing applications. Windows is similar, but most Windows machines will not have the same group architecture set up as Linux systems due to different underlying designs. Linux was and still is based on UNIX, UNIX is an old, tried and true design that simplified the lives of computer scientists when it came out and is still useful today (Mac is running on top of Darwin UNIX).
  4. Make a backup copy of the file somewhere in case of trouble you can't predict. the file is small so save as many copies as you want to different locations.
  5. Open the hosts file in a simple text editor, I use Gedit because I find it works well for this but a terminal based one like nano or vi will work for advanced or remote users. On Linux or Mac open a terminal, on Linux press Control and Alt and T usually skips all menus and pulls up a terminal window. Type "sudo gedit /etc/hosts" into the terminal, replace "gedit" with the command name of your favorite text editor (nano will work in a pinch), replace the "/etc/hosts" with your hosts file path if you are not on a Linux based machine. After you press Enter your computer will attempt open the file in the program you specified, it will succeed if you have the program installed. You may see something like what I have, you may be asked for your password so your computer can be sure it's really you typing and not a misbehaving program or a prankster.
    My hosts file open with the terminal next to it.
  6. Copy in the lists you have downloaded. Anything appearing after "#" on a line will be ignored by the system and you can type comments for human readability here without affecting the file's function. Every functional line starts with the address numbers followed by a space followed by the domain you want to target. As an example to block an ad servers, put "0.0.0.0 googleads4.g.doubleclick.net" on a line of its own. The 0.0.0.0 is an address that doesn't exist, the domain "googleads4.g.doubleclick.net" is told to point to the 0.0.0.0 which makes the ad never load from that domain.
  7. Don't remove anything you did not put in, I recommend putting your routing commands under the default ones.
  8. Once you are satisfied with the file, save it. You must now get your system to reload services using this file, one foolproof way to apply the changes system wide is to reboot your computer. Linux users can reload services manually and have the same result without needing to reboot.
  9. Give it a try. Try to load a site you blocked and find it unable to load, find ad boxes empty, find banners blank if not gone depending on how they are coded, and find your shortcuts working on all programs on your system. Success!

Latest Post

Steam on Linux Mint Cinnamon

Most viewed