Diplomatic bag

DIPLOMATIC BAGS MI6 REMOTE SCANNER

Remote unlocking of the root (or other) partition

If you want to be able to reboot a fully LUKS-encrypted system remotely, or start it with a Wake-on-LAN service, you will need a way to enter a passphrase for the root partition/volume at startup. This can be achieved by running a mkinitcpio hook that configures a network interface. Some packages listed below contribute various mkinitcpio build hooks to ease with the configuration.

Note:

• Keep in mind to use kernel device names for the network interface (e.g. eth0) and not udev's ones (e.g. enp1s0), as those will not work.
• It could be necessary to add the module for your network card to the MODULES array.

Remote unlocking (hooks: systemd, systemd-tool)

AUR package mkinitcpio-systemd-tool^AUR provides a systemd-centric mkinitcpio hook named systemd-tool with the following set of features for systemd in initramfs:

Core features provided by the hook: unified systemd + mkinitcpio configuration automatic provisioning of binary and config resources on-demand invocation of mkinitcpio scripts and in-line functions

Features provided by the included service units: initrd debugging early network setup interactive user shell remote ssh access in initrd cryptsetup + custom password agent

The mkinitcpio-systemd-tool^AUR package requires the systemd hook. For more information be sure to read the project's README as well as the provided default systemd service unit files to get you started.

The recommended hooks are: base autodetect modconf block filesystems keyboard fsck systemd systemd-tool.

Remote unlocking (hooks: netconf, dropbear, tinyssh, ppp)

Another package combination providing remote logins to the initcpio is mkinitcpio-netconf^AUR and/or mkinitcpio-ppp^AUR (for remote unlocking using a PPP connection over the internet) along with an SSHserver. You have the option of using either mkinitcpio-dropbear^AUR or mkinitcpio-tinyssh^AUR. Those hooks do not install any shell, so you also need to install the mkinitcpio-utils^AUR package. The instructions below can be used in any combination of the packages above. When there are different paths, it will be noted.

1. If you do not have an SSH key pair yet, generate one on the client system (the one which will be used to unlock the remote machine). If your choose to use mkinitcpio-tinyssh^AUR, you have the option of using Ed25519 keys.
2. Insert your SSH public key (i.e. the one you usually put onto hosts so that you can ssh in without a password, or the one you just created and which ends with .pub) into the remote machine's /etc/dropbear/root_key or /etc/tinyssh/root_key file.
   Tip: This method can later be used to add other SSH public keys as needed; In the case of simply copying the content of the remote's ~/.ssh/authorized_keys, be sure to verify that it only contains keys you intend to be using to unlock the remote machine. When adding additional keys, regenerate your initrd as well using mkinitcpio. See also Secure Shell#Protection.
3. Add the  encryptssh hooks before filesystems within the "HOOKS" array in /etc/mkinitcpio.conf (the encryptssh replaces the encrypt hook). Then rebuild the initramfs image.
   Note: The net hook provided by mkinitcpio-nfs-utils is not needed.
4. Configure the required cryptdevice= parameter and add the ip= kernel command parameter to your bootloader configuration with the appropriate arguments. For example, if the DHCP server does not attribute a static IP to your remote system, making it difficult to access via SSH accross reboots, you can explicitly state the IP you want to be using:

   ip=192.168.1.1:::::eth0:none

   Note: As of version 0.0.4 of mkinitcpio-netconf^AUR, you can nest multiple ip= parameters in order to configure multiple interfaces. You cannot mix it with ip=dhcp (ip=:::::eth0:dhcp) alone. An interface needs to be specified.

   ip=ip=192.168.1.1:::::eth0:none:ip=172.16.1.1:::::eth1:none

   For a detailed description have a look at the according mkinitcpio section. When finished, update the configuration of your bootloader.
5. Finally, restart the remote system and try to ssh to it, explicitly stating the "root" username (even if the root account is disabled on the machine, this root user is used only in the initrd for the purpose of unlocking the remote system). If you are using the mkinitcpio-dropbear^AUR package and you also have the openssh package installed, then you most probably will not get any warnings before logging in, because it convert and use the same host keys openssh uses. (Except Ed25519 keys, dropbear does not support them). In case you are using mkinitcpio-tinyssh^AUR, you have the option of installing tinyssh-convert^AUR or tinyssh-convert-git^AUR so you can use the same keys as your openssh installation (currently only Ed25519 keys). In either case, you should have run the ssh daemon at least once, using the provided systemd units, so the keys can be generated first. After rebooting the machine, you should be prompted for the passphrase to unlock the root device. Afterwards, the system will complete its boot process and you can ssh to it as you normally would (with the remote user of your choice).

Tip: If you would simply like a nice solution to mount other encrypted partitions (such as /home) remotely, you may want to look at this forum thread.

Remote unlock via wifi (hooks: build your own)

The net hook is normally used with an ethernet connection. In case you want to setup a computer with wireless only, and unlock it via wifi, you can create a custom hook to connect to a wifi network before the net hook is run.

Below example shows a setup using a usb wifi adapter, connecting to a wifi network protected with WPA2-PSK. In case you use for example WEP or another boot loader, you might need to change some things.

1. Modify /etc/mkinitcpio.conf:
   • Add the needed kernel module for your specific wifi adatper.
   • Include the wpa_passphrase and wpa_supplicant binaries.
   • Add a hook wifi (or a name of your choice, this is the custom hook that will be created) before the net hook.

     MODULES="module"
     BINARIES="wpa_passphrase wpa_supplicant"
     HOOKS="base udev autodetect ... wifi net ... dropbear encryptssh ..."

2. Create the wifi hook in /etc/initcpio/hooks/wifi:

   run_hook ()
   {
    # sleep a couple of seconds so wlan0 is setup by kernel
    sleep 5
   
    # set wlan0 to up
    ip link set wlan0 up
   
    # assocciate with wifi network
    # 1. save temp config file
    wpa_passphrase "network ESSID" "pass phrase" > /tmp/wifi
   
    # 2. assocciate
    wpa_supplicant -B -D nl80211,wext -i wlan0 -c /tmp/wifi
   
    # sleep a couple of seconds so that wpa_supplicant finishes connecting
    sleep 5
   
    # wlan0 should now be connected and ready to be assigned an ip by the net hook
   }
   
   run_cleanuphook ()
   {
    # kill wpa_supplicant running in the background
    killall wpa_supplicant
   
    # set wlan0 link down
    ip link set wlan0 down
   
    # wlan0 should now be fully disconnected from the wifi network
   }

3. Create the hook installation file in /etc/initcpio/install/wifi:

   build ()
   {
    add_runscript
   }
   help ()
   {
   cat< Enables wifi on boot, for dropbear ssh unlocking of disk.
   HELPEOF
   }

4. Add ip=:::::wlan0:dhcp to the kernel parameters. Remove ip=:::::eth0:dhcp so it does not conflict.
5. Optionally create an additional boot entry with kernel parameter ip=:::::eth0:dhcp.
6. Regenerate the intiramfs image.
7. Update the configuration of your boot loader.

Remember to setup wifi, so you are able to login once the system is fully booted. In case you are unable to connect to the wifi network, try increasing the sleep times a bit.

https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Remote_unlocking_of_the_root_.28or_other.29_partition

AS&E - MINI Z

'm back...Snowden had litle level of access to information. couldn't plug in nothing, bring nothing inside...couldn't keystroke nothing...my wild guess...he sent a link trought the internal chatroom...OR

how to add http headers to a packet sniffed using scapy

....

f I understand correctly, the problem you're having is that you want to update an existing HTTP request with a new header. What you want is to update a string in place, which Python can't do directly (strings are immutable).

So what you should do is take the HTTP header:

old_hdr = pkt[Raw] or old_hdr = pkt[TCP].payload

and manipulate it like a string:

new_hdr = 'New Header: value'
hdr = old_hdr.split('\r\n') # This is a crappy hack. Parsing HTTP headers
hdr.insert(new_hdr, 2)      # is a [solved problem][1].
send_hdr = '\r\n'.join(hdr)
pkt[TCP].payload = send_hdr

If you find checksums are not updating, delete them before sending the packet:

del pkt[TCP].chksum

and Scapy will put them back for you, with the right values.

Edit: I just noticed that my link is fail. Here is how to parse HTTP headers.

https://stackoverflow.com/questions/13017797/how-to-add-http-headers-to-a-packet-sniffed-using-scapy?rq=1

THE GUARDIAN TOP SECRET

  the guardian top secret.docx by Elsa Cristina David on Scribd

Disclaimer: This piece of equipment may be used in potentially dangerous activities of which the seller carries no liability or responsibility of use, misuse, or accidents related to the use of this product.

Disclaimer: This piece of equipment may be used in potentially dangerous activities of which the seller carries no liability or responsibility of use, misuse, or accidents related to the use of this product.

...James Bond-like image - for instance, identification transmitters that can be hidden in an agent's shoes to enable the monitoring by satellite of their precise location....here it goes boys...you wear this little device (some how on your shoes..) because if you amplify the RF at junk on 1575.42MHz

Qinpu Q-2 Hybrid Audio Power Hi-end Ipod, CD Integrated Amplifier

Qinpu Q-2 Hybrid Audio Power Hi-end Ipod, CD Integrated Amplifier in Consumer Electronics, TV, Video & Home Audio, Home Audio Stereos, Components, Amplifiers & Preamps | eBay

EBAY.COM

Create artificial GPS RF Signals with SatGen GPS Simulation Software

SENSITIVE FIRMS LIST

Acquisition Domain:

• ACT-I
• AMDEX Corp.
• B3 Solutions
• BMK Consultants
• Bowhead Systems Management
• Culmen International
• Davis-Paige Management Systems
• Domain X Technologies
• ERP International
• Goldbelt Raven
• JRAD
• Markon Solutions
• Millennium Corporation
• MLT Systems
• Nexagen
• Patricio Enterprises
• SAMS
• Sentek Global
• SIM
• Syneren Technologies
• UCS
• USI

B&A Domain:

• BCF Solutions
• Celerity Government Solutions
• Deloitte Consulting
• ECS
• Engility Corp.
• Kalman & Co.
• Millennium Corp.
• SAIC
• SAMS
• TASC
• Tecolote Research;

E&T Domain:

• Alion Science and Technologies
• Booz Allen Hamilton
• CACI Technologies
• Camber Corp.
• Engility Corp.
• JRAD
• KASTLE
• SAIC
• Schafer Corp.

IT Domain:

• Alion Science and Technologies
• AMDEX Corporation
• Booz Allen Hamilton
• Camber Corp.
• Dovel Technologies
• DSA
• Engility Corp.
• ERP International
• Millennium Corp.
• Noblis
• SAIC
• Schafer Corp.
• TASC

Logistics Domain:

• Booz Allen Hamilton
• CACI Technologies
• Camber Corp.
• Engility Corp.
• ERP International
• MacB ESI
• Millennium Corp.
• Patricio Enterprises
• SAIC

Medical Domain:

• Booz Allen Hamilton
• ERP International
• Noblis
• SAIC
• TASC
• Tauri Group

https://washingtontechnology.com/articles/2013/02/06/biochemical-army-contract.aspx

It is possible to hack the fiber optics and copy optical signals?

• Publicado em 1 de novembro de 2015

• 21
• 9
• 0

Mahmoud Asaad

Network Management Supervisor at Ministry of National Guard, Saudi Arabia

One of the sounding topics that has been being argued recently is the Fiber-Based Communication Systems “the hacking possibility”. Is it possible to hack the fiber optical signals and take a copy of them? In addition, even if that is possible theoretically, is it possible for the hackers to go further and re-build the information from inside the optical signal?

Avoiding losing more time arguing the gap between the theoretical possibility and the real and practical facts, the easy way to build a solid and confident decision regarding any changes that the companies and institutions might take, which is likely expensive and interrupting, is to return the things back to their basics. Let us go through a review of what is going on inside the fiber communication system and see if it is possible to hack the optical signals.

The fiber communication systems convert the information into light signals through a series of digital communication processes and functions, and then send the light signals into the fiber strand.

The fiber strand consists of two layers of different refractive indexed glass, that difference in the indexes enables the transmitted light to reflect back and forth until it reaches the end of the strand where the light detector can take the signal to the receiving system for manipulation. Figure 1 clarifies what has been explained.

When the fiber strand is bent, a slight amount of the light power is lost and exits the track of the light “the inner core”, as shown in figure 2. When the bending radius decreases, the amount of lost power increases, until no more power can be received at the end, which can happen at very small bending radius. However, bending of the fiber should be avoided, and if it is necessary it mustn’t exceed the critical radius of the fiber, which is provided with the fiber data sheet.

 Getting back to our main topic “Hacking the Fiber Signals”.

The light signal is a beam of light generated using Light Emitting Diode (LED), or using LASER sources.

To receive the signal at the remote end successfully, the system must satisfy the following:

• The received power must be relatively strong enough, determined by the vendor who specifies the receiver power sensitivity.
• The detector input-spot must be very clear and perfectly aligned with the fiber connector.

One hacker claims that his setup is capable of detecting the lost light power, which is caused by bending the fiber strand. Theoretically, there is a certain amount of power lost, but it is very small in value, and the alignment tends to impossible to get the signal detected and copied. Hence, given the strict alignment and sufficient power requirements, it is not as-easy-as-said to copy the optical signals. 

In addition, and as we know, the fiber cables, especially the outdoor cables are strictly protected using multiple layers of different materials, including steel armoring. Assuming the hacker was able to break all the physical barriers to reach the fiber cable itself, he must open the cable, and remove all the protections until he reach the fiber strand. After that, he must strip the strand and reach the glass cladding, and he must be at the site with his extraordinary tools, which can detect a very weak optical signal without any alignment.

 Assuming the hacker did all of the tough steps mentioned above, detecting the optical signals doesn’t mean hacking the information at the higher layers, as it is only a carrier signal and not the information itself.

The optical signals come in many types and with different specifications, different wavelengths, and many other sensitive values. Hence the hacker needs hardware tools with matching design to detect and demodulate the physical optical signal, plus the hacker needs soft tools that can rebuild the information from inside the optical signal.

If-and only –if the hacker succeeds in getting a copy of the optical signal, the information inside the optical signal could be Ethernet frames, which can be rebuilt using special programs, or it could be telecom traffic and information.

When it comes to the telecom networks, I can safely say that it is impossible, and even a funny thing to talk about hacking multiple lambdas with multilayer-multiplexed and encrypted signals, given the physical protection of the cables.

For the institutions and companies, and for the executives and unspecialized people, such news may create fear and drive for changes, but in my opinion, and practically, we are very very far from hacking an optical signal.

The hackers are challenged to hack a normal fiber network without black boxes and pre-made setups.

The only measure that I can see it necessary is to protect the jointing points along the way of the fiber, which can easily by managed using physical locks.

Keep calm …

https://www.linkedin.com/pulse/possible-hack-fiber-optics-copy-optical-signals-mahmoud-asaad