Hacking Roman Codes with Mobile Phones

HISTORICAL CODE CRACKING WITH PHONES: WHAT IF PONTUS, THE GAULS, GERMANS, NERVII, EGYPTIANS AND HELVETII HAD IPHONES?OVER THE AIR 2011, BLETCHLEY PARK

David Rogers, Copper Horse Solutions Ltd.

1st October 2011

http://www.mobilephonesecurity.org

About Me 12 years in the mobile industry Hardware and software background Head of Product Security at Panasonic Mobile

Worked with industry and government on IMEI and SIMlock security Pioneered some early work in mobile phone forensics Brought industry together on security information sharing

Director of External Relations at OMTP Programme Manager for advanced hardware security tasks Chair of Incident Handling task

Head of Security and Chair of Security Group at WAC Owner and Director at Copper Horse Solutions Blog: http://blog.mobilephonesecurity.org, Twitter: @drogersuk

About Copper Horse Solutions Ltd. Established in 2011 Software and security company

Focussed on the mobile phone industry Services:

Mobile phone security consultancy Industry expertise Standards representation Mobile application development

http://www.copperhorsesolutions.com

SOME INFORMATION

HISTIAEOUS

In 499BC sent a trusted slave to encourage a revolt against the Persians

Shaved the head of the slave Tattooed a message to his head, let the hair grow back Recipient shave off the slave’s hair to get the message This is an early form of steganography

From: http://www.retroworks.co/scytale.htm

SCYTALE

Transposition cipher Ancient Greeks, particularly the Spartans used it for military

communication (also apparently used by the Romans):

CAESAR SHIFT

Supposedly used by Caesar to protect military messages – by shifting the alphabet 3 places to the left:

Still used today (scarily!) – e.g. ROT13 It helped that a lot of Caesar’s enemies were illiterate

anyway…From: http://www.retroworks.co/scytale.htm

PHAISTOS DISC…

Still plenty of mystery text to decipher out there…

Source: PRA

CODE CRACKING CHALLENGE

After each battle I describe there will be some codes to crack in which you would be able to change the course of history. You can also get these at:

http://blog.mobilephonesecurity.org

SOME SOURCE CODE TO HELP!

Hint: The codes are all Caesar ciphers but with different rotations https://github.com/mkoby/RotationCipher (not mine!) and a cheat: http://

textmechanic.com/ROT13-Caesar-Cipher.html

JULIUS CAESAR (BRIEFLY!)

100BC – 44BC Spent 9 years campaigning in

Gaul (and made a fortune) Invaded Britain

Was involved in a civil war with Pompey

Defeated the Egyptians Assassinated on the ‘Ides of

March’ in 44BC

LIST OF BATTLES

58BC Battle of the Arar – Helvetii 58BC Battle of Vosges - Germans 57BC Battle of the Sabis – Nervii 52BC Battle of Alesia - Gauls 47BC Battle of the Nile - Egyptians 47BC Battle of Zela - Pontus

BATTLE OF THE ARAR

58BC Caesar v Helvetii, Switzerland

BREAK THIS ROMAN CODE!

Also here: http://blog.mobilephonesecurity.org

Can the Helvetians defeat Caesar?

bgxxwfhkxmbfxyhkkxbgyhkvxfxgml

BATTLE OF VOSGES

58BC Caesar v Germans, River Rhine, Alsace

Should the Germans attack the Romans?

bpmumvizmnqopbqvonqbemkivpwtlwcbnwzivwbpmzemms

BATTLE OF THE SABIS

57BC Caesar v Nervii, Wallonia

Are the Nervii ready for Caesar?

muqhuweydwjeruqjiqryiydjmetqoi

BATTLE OF ALESIA

52BC Caesar v Gauls, France

Is there anything the Gauls do to help themselves?

qebobfpxtbxhmlfkqfklrotxiikbxoqebqobbp

BATTLE OF THE NILE

47BC Caesar & Cleopatra v Ptoloemic forces, Alexandria, Egypt

Are the Egyptians ready for action?

wbssrgiddcfhhcpfsoycihobrtwuvhdhczsam

BATTLE OF ZELA 47BC Caesar v Pontus, Turkey

Save Pontus?

sbkfsfafsfzf

Mobile Phones!

Open discussion on mobile application security

DON’T USE ROMAN CODES!

ROT13 and XORing / obfuscation are not adequate!! Modern crypto (not surprisingly) is significantly better However, developers don’t have access to secure hardware

APIs on mobile

MOBILE DEVELOPMENT

How are you storing keys for both symmetric and asymmetric ciphers? Common issue amongst developers Also application signing keys

MOBILE DEVELOPMENT

Think about security when designing your apps Are you playing fast and loose with your users’ private

data? Have you explained to users why you used certain

permissions? What have you (not) encrypted? Is your application designed badly? – gift to hackers /

fraudsters? E.g. asking for credit card details from a QR code

MOBILE DEVELOPMENT

Do your research Are you using weak / insecure methods? Do you understand basic secure coding

techniques? Do you understand the platform security

guidelines?

DISCUSSION

From: http://stackoverflow.com/questions/4671859/storing-api-keys-in-android-is-obfustication-enough

DISCUSSION

“I look at KeyStore but it does not really solve my problem. It can store my keys given that I can provide

a password. Then I need to find a secure place to store this password which is same as my original

problem.”

PLATFORM SECURITY GUIDELINES

Apple: http://developer.apple.com/library/mac/#documentation/Security/Conceptual/SecureCodingGuide/Introduction.html

Android:http://developer.android.com/guide/topics/security/security.html

Blackberry: http://docs.blackberry.com/en/developers/deliverables/29302/index.jsp?name=Security+-+Development+Guide+-+BlackBerry+Java+SDK7.0&language=English&userType=21&category=Java+Development+Guides+and+API+Reference&subCategory=

Windows Phone 7 (Nokia Guidelines): http://

www.developer.nokia.com/Community/Wiki/Windows_Phone_Platform_Security

ROMANS WITH IPHONES….

http://www.flickr.com/photos/laurenthaug/4127870976/sizes/l/in/photostream/

ContactEmail: david.rogers@copperhorses.comTwitter: @drogersukBlog: http://blog.mobilephonesecurity.org

Code Solutions

Don’t look at the next slide if you don’t want the answers!

CODE SOLUTIONS

Helvetii: I need more time for reinforcements (h shift) Germans: the men are fighting fit we can hold out for

another week (s shift) Nervii: we are going to beat sabis in two days (k shift) Gauls: there is a weak point in our wall near the trees

(d) Egyptians: I need support to break out and fight

ptolemy (m shift) Pontus: veni vidi vici (d shift)

The famous: I came, I saw, I conquered message Of course, the Pontic army could not save themselves!

Hacking Roman Codes with Mobile Phones

Technology

What is hacking | Types of Hacking

Hacking Bluetooth enabled mobile phones and beyond â€“ Full Disclosure

Ethical Hacking and Countermeasures - Varutra · Hacking Concepts o Hacking vs. Ethical Hacking o Effects of Hacking on Business o Who Is a Hacker? o Hacker Classes ... Ethical Hacking

BlackHat Hacking - Hacking VoIP

Hacking Bluetooth enabled mobile phones and beyond – Full ... Ge… · Bluetooth Hacking – Full Disclosure @ 21C3 History (4) Bluebugging – First publicised by Martin Herfurt,

Hacking Google AdWords - DEF CON® Hacking … · Hacking Google AdWords ... • Use general Google hacking techniques • Bust anyone who is “Google hacking”! Other Interesting

Cell Phone Codes for All Types of Phones -- PHONE PHREAKING & HACKING FORUM

Forensics Analysis On Smart Phones Using Mobile … · hacking, Smishing, SMS ... Mobile phones are tiny computers which can ... many different types of hardware and software, huge

6.858: Hacking Bluetooth - css.csail.mit.edu · 6.858: Hacking Bluetooth ... currently the most cost eﬀective hardware device for ... mobile phones, telephones, laptops,

A Hacking Atlas: Holistic Hacking in the Urban Theater€¦ · of hacking and holistic hacking, and hacking spaces (and seven types of hacking spaces, each described below) are introduced

Hacking health-camp - Hacking Health

Hacking / Hacking Exposed 6: Network Security Secrets & …cdn.ttgtmedia.com/searchMidmarketSecurity/downloads/Hacking... · 153 Hacking / Hacking Exposed 6: Network Security Secrets

GLOBALIZATION AND TECHNOLOGY · 05/01/2018 · people to afford. The devices and hardware ... Hacking is the manipulation of the ... and mobile phones, even

Hacking: Computer Hacking Beginners Guide

Hacking Bluetooth enabled mobile phones and beyond – Full … · 2016-11-23 · Bluetooth Hacking – Full Disclosure @ 21C3 Hacking Bluetooth enabled mobile phones and beyond –

Hacking Bluetooth enabled mobile phones and beyond – · PDF fileBluetooth Hacking – Full Disclosure @ 21C3 Hacking Bluetooth enabled mobile phones and beyond – Full Disclosure

Hacking Training - flane.de · Infrastructure Hacking Web Hacking The Art of Hacking 75% reales Hacking und praktisches Training in unserem Advanced “Hack-Lab” Entwickelt von

Vulnerabilities in the software of Yota telecommunication ... · •“Hacking routers as Web Hacker” at Defcon Moscow •Member of DC7499. Modems, routers, mobile routers, phones,

Hacking Bluetooth enabled mobile phones and beyond Full Disclosure-3

GOOGLE HACKING GOOGLE HACKING