-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathrfc.txt
288 lines (159 loc) · 9.27 KB
/
rfc.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
Insecure File Transfer Over Ping degenerat3
Request for Comments: 7370848080 RITSEC Corp.
Category: RITSEC CTF Track April 2021
ISSN: 2070-1721
Insecure File Transfer Protocol over Ping (IFTPP)
Abstract
This document defines the standards for implementation of IFTPP
communications, which allows for encrypted file transfer over
ICMP. This protocol is a joke and its method of key generation and
encryption is horribly insecure. Please do not implement this
outside of CTF or joke scenerious, and please do not attempt to
send any sensitive data via this method.
Status of This Memo
This is an RITSEC CTF Track document.
This document is a product of the Radical Information Team Cyber
Intelligence Association. It represents the consensus of the
RITCIA community. It has received public review and has been
approved for publication by the Technology House of Intelligence
and Cyber Communications (THICC). Further information on Internet
Standards is available in Section 2 of RFC 6789666982.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http[:]//lol[.]jk/idontwant/yourfeedback.
degenerat3 RITSEC CTF [Page 1]
RFC 7370848080 Insecure File Transfer Prot. over Ping April 2021
1. Introduction
This document defines the protocol buffer format, session handhake
order, key generation, data transfer, checksum confirmation, and
ICMP data format that are utilized during an IFTPP file transfer.
Due to the poorly designed key generation method, this scheme is
not considered to be a secure method of file transfer unless used
in conjuction with some external secure system.
1.1 Terminology and Notation
The term "server" represents the host that is hosting the
file-to-be-aquired.
The term "client" represents the host that will be requesting and
downloading the file.
The term "proto" will be used to represent Protobuf/Protocol
Buffer.
2. The following Proto message (in proto3 format) is utilized for all
IFTPP communications.
```
message IFTPP {
int32 session_id = 1; // unique int for each ses
bytes payload = 2; // the actual data being sent
bytes checksum = 3; // checksum of payload
enum Flag {
SESSION_INIT = 0; // client to propose session ID
ACK = 1; // generic ack, multiple uses
CLIENT_KEY = 2; // client proposed key
SERVER_KEY = 3; // server proposed key
FILE_REQ = 4; // client requesting file
FILE_DATA = 5; // requested file data
FIN = 6; // transfer is complete
RETRANS = 7; // request retrans of prev packet
}
Flag type_flag = 4; // describe payload type
}
```
degenerat3 RITSEC CTF [Page 2]
RFC 7370848080 Insecure File Transfer Prot. over Ping April 2021
2.1 ICMP Packing
All data is sent over ICMP Echo requests. Each Echo request will
be followed by an Echo Reply (due to the nature of ICMP), but this
packet can be ignored. The ICMP body's "data" field will contain
the IFTPP proto data.
2.2 Checksum Generation
Each proto data block sent will have a checksum of the payload
field for data integrity purposes. The checksum is generated by
calculating the SHA1 hash of the payload (encoded to a B64
string), and deleting the last char of the b64 string. The last 8
chars of the resulting string will represent the checksum. For
instance, if the SHA1 hash of the payload equals
"abcdefghijklmnop" (ignore the fact that it isn't a valid hash),
the resulting checksum would be "hijklmno".
2.3 Session Initialization
To start a transfer request, the client will send an
initialization packet. The protobuf for the initialization will
use the `0` flag, will contain a new randomly generated int for
the SID, and will have the payload "newSession". The server will
respond with a "sidack" payload and the flag `1`.
2.4 Key Generation and Data Encryption
Following the session initialization, the client and server will
perform a key generation handshake. The client will generate a key
(16 bytes of random data, hereafter refererd to as ckey) and send
it to the server in the Payload field with the Flag set to `2`.
The server will generate a key in the same manner (skey) and send
it to the client in the Payload field with the Flag set to `3`.
The client/server will then take both the skey and ckey and
combine them in the following manner to produce the shared key:
Append the skey to the ckey (or vice-versa), sort the resulting
combined string in descending order, then calculate the sha1 hash
of the sorted combined string, resulting in the shared key. This
key is not sent over the wire, but is stored and used by both the
client and the server. Example shared key generation
implementation in Golang:
degenerat3 RITSEC CTF [Page 3]
RFC 7370848080 Insecure File Transfer Prot. over Ping April 2021
```
// calculate the shared key by combining keys, sort by
// descending, then taking sha1
func calcSharedKey(key1 []byte, key2 []byte) []byte {
combined := append(key1, key2...) // put two keys together
sort.Slice(combined, func(i int, j int) bool {
return combined[i] > combined[j]
}) // sort descending
hasher := sha1.New()
hasher.Write(combined)
sha := base64.URLEncoding.EncodeToString(hasher.Sum(nil))
return []byte(sha)
}
```
The shared key is used for encrypting the filedata proto field.
This encryption is done via simple XOR'ing.
2.5 File request
Following the key generation handhake, the client sends a request
for the file (including session ID and path) to the server. The
requested file path will be stored in the "payload" field of the
protobuf, with the current SID in the SessionID field and the Flag
set to `4`.
2.6 File Data Transfer
Once it recieves the file request, the server will begin chunking,
encrypting, and sending the content for the requested file. The
server will get the base64 for the file, then separate it into
chunks (based on max packet size determined by the
implementation, but not to exceed the limits of ICMP). For each
chunk, the server will encrypt the chunk (via XOR with the shared
key) and put the encrypted file data chunk into the "payload"
field; the Flag field will be set to `5`.
The client extracts the recieved `payload` and calculates a
checksum of it, this is then compared to the recieved `checksum`
field to ensure the correct file was recieved. If the checksums do
not align, the client requests a retransmission (via retrans
flag). If the checksums do align, the client decrypts the payload
with the shared key to get plaintext base64 of the file chunk (and
likelyappends it to the ongoing file object it's creating,
although this depends on implementation and is out of scope of
this RFC). Once the file chunk has been verified/decrypted/etc,
the client responds by sending `fDataAck` in the payload with the
Flag set to `1`.
degenerat3 RITSEC CTF [Page 4]
RFC 7370848080 Insecure File Transfer Prot. over Ping April 2021
If the server recieves a `retransmission` request, it simply
resends the previous packet.
If the server recieves a `fDataAck`, it selects the next chunk for
encrypting/sending/etc. This process continues until the server
has sent all the chunks.
After the final `fDataAck`, when the server has 0 chunks left to
send, it will send a final packet to the server by calculating a
checksum for the entire file and put this in the `payload`
field, and set the Flag to `6`.
When the client recieves the fin, it extracts the checksum for the
entire file from the payload, then calculates a checksum for its
new local version of the file. If these checksums align the
connection closes as the transfer is complete. If the checksums do
not align then the entire process starts over again, from the very
start of init a new session.
degenerat3 RITSEC CTF [Page 5]
RFC 7370848080 Insecure File Transfer Prot. over Ping April 2021