Sunday, 11 November 2018

Post IETF103 Hackathon project work.


I finally completed my second open-source project on a sunday afternoon healing from the long hike I had the day before with my team at Linkbynet. A hike of 7km across the south coast of Mauritius.


One week has already passed by and I was still working on the putty project for the IETF103 which was deprecating RC4 from the source code.

At first we had difficulty to compile the source code but later on we found another tarball for the source code with which we successfully compiled the code.

I setup a vm with centos 7 on it with on old version of openssh-server (6.2) which had support for the rc4 encryption. Then i used the compiled version of putty and try to connect to the server, analyzing the communication with wireshark in the background. With some trials I found the rc4 encryption in the encryption exchange list.

After that success, I spent another night removing all traces of rc4 in the source code. It was with a lot of investigations and debugging that I removed rc4 from the source code.

Now the next step was to re-compile the code and see if the application still works and if rc4 has disappeared. But as always compiling code is not an easy job. I ran through some bugs which led to several failed attempts. However with some observation and debugging I solved the issue and it finally compiled without any errors.

To finally say "eureka" some testing has to be done to see if rc4 does not appear while trying to connect to the server.





As we can see from the pictures, the result was satisfying. No more rc4 in the source code of putty and it is now safer to use. Here is the link to my github.

See you on my next project.

Sunday, 4 November 2018

IETF 103 hackathon remotely by cyberstorm.mu – Day 1,2,3


Day 1:

We received a lot of goodies from wolfssl for the work Loky has done previously.

We continued our work on the Jsch deprecation of RC4, we have to compile the JSch.jar with example file to test if the SSH works while connecting to a remote server.

The best way to start working is to make a brainstorming to see where we are and what we have to do.


Together, several test were performed connecting to two type of server, one supporting RC4 and the other not.

We found proof of the existence of RC4 in the old ssh server while using Wireshark and analyzing the traffic.

Once we know everything is working fine and understand the library and the protocols.

Now our task is to remove RC4 support from the library. With a lot of debugging we found all the traces of RC4 and removed.

Day2:

The next step is to re-compile the code with all the modification we made. As all developers knows while recompilation always leads to errors. But with some help of other team members we finally re-compiled the java library with ANT Apache.

The next step is to perform all the test we had done previously before we patched it.

The results was satisfactory as our newly Jsch library still working fine and while observing the traffic in wireshark we can no more see RC4 response from the host server.


The last step is to create a pull request and commit our changes to the main repository.

To sums up, it was an intensive and fruitful hackathon.

Great thanks to Logan and Nitin for having me in the team.


 

See you in my next blog.

Saturday, 3 November 2018

IETF103

Hackathon with cyberstorm.mu

IETF - Internet Engineering Task Force
 The Internet Engineering Task Force is an open standards organization, which develops and promotes voluntary Internet standards, in particular the standards that comprise the Internet protocol suite. It has no formal membership or membership requirements.

Day 0 :

The Day started early in the morning preparing myself to go to the meetup point at Q.Bornes with my friend Rahul. After that we headed toward the north to wait for another pickup at Grand Baie La Croisette by Nitin. Unfortunately we spent 5hr at the mall, playing playstation and eating pizza. Finally we reached the flat at 4 pm.

Being a first timer for this event, I was not fully prepared and still did not know if I will be able to work on a level they are expecting.  So I braced myself and took the challenge I was given. I had to work the project ( depreciating RC4/ARCFOUR encryption algorithm in JSch library which is a pure Java SSH2 implementation (more detail on Jscraft).

Why we have to removing the ARCFOUR cipher in the Java SSH2 implementation:
  The usage of RC4 suites ( also designated as arcfour ) for SSH are specifies the allocation of the "arcfour" cipher for SSH. RC4 encryption is steadily weakening in cryptographic strength and the deprecation process should be begun for their use in Secure Shell (SSH).

Loky and I  start working together, we have to perform several test to see the encryption algorithms available with the Jsch Java library. With A lot of time spent debugging till late a t night.

We had awesome food to fill our bellies. The night passed by.

Some had a blast in the pool:


Project and members:

TLS 1.3 protocol
Loganaden Velvindron
Rahul Golam
Muzaffar Auhammud
Codarren Velvindron
Nathan Sunil Mangar
Jeremie Daniel

HTTP 451 protocol
Kheshav Sewnundun
Kifah Meeran
Veegish Ramdanee

SSH protocol
Nitin J Mutkawoa
Diresh Soomirtee
Jagveer Loky


Sunday, 26 November 2017

hackers.mu community meetup #2

Image result for githubImage result for ssh

For the second hackers.mu community meetup at University of Mauritius on the 25th November, Logan Velvindron talked about how to get started with GitHub and using it securely using SSH. The session was especially driven towards how university students can upload their projects or group projects collaboratively. 



After the session I have made a simple tutorial so you guys who was not present can still catch up for the next meetup. 

First make sure you have a GitHub  account. Now let`s see what is SSH for those who does not know. 

SSH (Secure Shell) is a cryptographic network protocol operating network services securely over an unsecured network. The best known example application is for remote login to computer systems by users. SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH-client application with an SSH Server.

Before we start using SSH, we rst need to create our ssh key so we can be securely authenticated with typing our passwords all the time. We will use OpenSSH to generate the key.

How to install ssh server on ubuntu. First open your terminal and type the following command:





Once you go through the process and complete the installation. Now you have to start the keygen to create a new key. Type the following command in your terminal: 






When you successfully created you key. You will find it in your home directory. Now go to your directory:





You can view your public key  by the cat command:





KEEP IN MIND, NEVER SHARE YOUR PRIVATE KEY WITH ANYONE!

Now that you have an SSH key, you can add it to your GitHub repository to unable your to access it easier and faster.

 Go to settings and to SSH and GPG keys. Click on New SSH key and paste your public SSH key here.






















To install GitHub on Ubuntu, just type the following command on your terminal:





When completed you can checkout the GitHub documentation on how to use the terminal to push your projects on your  GitHub repositories.

Lets see how we can use SSH to login in our linux machine. First of all you need to know the ip address of your machine or its dns name.

Using the following command you will get access to your machine in your terminal:





After being authenticated, you can do what you would like to do on your machine in the terminal.

But you might ask, how will i use a GUI app by using SSH, well its easier than you thought.

You will have to SSH with the following command:






Once logged in, you run any GUI app you want. By typing the name of the app on your terminal. For example if you use xpdf just type:





And voila!

Networking tip:


Tunneling all your trafic via your server so that you are not restricted on the current network you are using.





Tunneling via a specfic port on your server.





We will discuss about this in more details after the next meetup.

Presentation slide: hackers.mu community meetup #2




Post IETF103 Hackathon project work.

I finally completed my second open-source project on a sunday afternoon healing from the long hike I had the day before with my team at L...