SHA1 Modulus Attack

by Javantea aka. Joel R. Voss
August 16, 2007

Source Code not yet available.

Collisions in hashes are quite bad news for cryptographers. Finding them is quite difficult. The current best attack against SHA1 requires 2**69 operations.

a is an array of plaintexts.
The likeliness of a collision is a function of len(a).
sha1mod1.py sha1 hashes the plaintexts modulus x.
It counts the collisions.
Plotted here is x vs collisions(x).

Read more »

Bittorrent Protocol Attack

BitTorrent Protocol Attack

jvoss@altsci.com
jvoss@myuw.net
Feb 23-26, 2005

BitTorrent Attack 0.3 Source [sig]
BitTorrent Attack 0.2 Source [sig]

DESCRIPTION

Official BitTorrent Protocol
Official BitTorrent Client
Netmap2 Page

The BitTorrent Attack is a small project to see what we can do with the BitTorrent protocol without sending or receiving legitimate data. It is part of Netmap2 (aka. Protocols and Services Project).

Read more »

Creating Silly Images

by Javantea
Oct 10, 2006
AltSci Concepts Nov 10, 2006 Cover

An image is a simple representation of a complex system in the same way that a program is a simple representation of a business. These similarities are hand in hand in the creation of programs and images as well as the viewing. Viewing an image is very much like using a program and reverse engineering a program is quite similar to analysing an image. The concepts are much easier for non-programmers to understand in terms of art, so to discuss programs, I will first discuss art. For programmers, the concepts are much easier to understand in terms of a program, so to discuss silly images, I will then discuss programs.

First, I will discuss the image which I enjoyed so very much creating and which I enjoy so very much discussing. The background is a favorite technique of mine. It is discussed in great detail below. It represents the sea of random information in cyberspace that users swim through daily. The colors are bright like the virtual neon signs that plague every corner of the internet. Each line of text was created using a different technique. Motion blur on the word welcome represents how quickly the user glances past any piece of data that they are not interested in. John Smith is set in the Times font that all generic 'legit' websites use to lull customers into a false sense of security. The words "to the" use another fun technique (blur, sharpen 99 twice) that I use often (same as the background). This effect represents the repetitive fawning and disillusionment that the technolust lifestyle commonly generates amongst its users. The word "Future" is written with two futuristic features ((blur(f) - f) & hue(f)) that I designed specifically for this image. These features remind me how much of the future is ubiquitous and how little of it really seems Sci-Fi. The phrase "Welcome, John Smith to the FUTURE" is a parody of the common phrase used to greet users when they login. Welcoming someone to the future is a derogatory phrase and is quite akin to telling someone that they're a cave dweller. The second meaning is that most people will be seeing someone else's login page (considering how few John Smiths will be reading this page). This is a common occurrence for hackers and often brings a great feeling of accomplishment, which might be lost on readers who aren't hackers. There is yet another meaning in the phrase and that is the inspiration of the phrase is the song "Cities of the Future" by Infected Mushroom. The design of the song invokes a feeling of power and electricity. The main vocal is modified to be very electric and warbly like the lead synth. I originally created the image as a 1024x768 (for no good reason), which had to be expanded and then shrunk. But it makes a fine background image if you'd like. There you have it, a complete discussion of a mediocre piece of art.

A program can be made simple or complex. A program's reliability depends on how well it has been properly debugged. Debugging depends on hours looking at inane code, which coders often dislike. A program that is built simply is simply debugged. Therefore, the building of many simple programs each of which are easily debugged makes for a better operating environment than having a few large programs.

Read more »

Good Bad Attitude

Good Bad Attitude

jvoss@altsci.com
jvoss@myuw.net
May 26 - June 2, 2006

Bad Attitude 0.2 Source [sig]

DESCRIPTION

This program grabs a list of good processes from /proc, then it monitors /proc and kills any new process. It is meant to be used in extremely hostile environments. It is a general use tool, but it can and should be modified as necessary. Obviously it should be modified to allow the user to re-login in case s/he loses shell.

It's original use is for Defcon 14 ACTF. If a vulnerable server gives non-root access (quite likely), attackers that re-attack the server will be able to kill the original attacker. This means that the original attacker should put up defenses quickly to ensure that attackers are ejected. One way is to fix the vulnerability in the server. If this is not possible, this script is a simple solution.

Read more »

« previous next »