Changeset 24

Timestamp:

11/05/16 19:03:28 (7 years ago)

Author:

tim

Message:

migration

Files:

• README.wiki (moved) (moved from README.md) (3 diffs)
• trunk/lib/nanownlib/stats.py (modified) (1 diff)
• trunk/lib/nanownlib/train.py (modified) (1 diff)

README.wiki

@@ -1 @@
-# Nanown
-
+<h2>Nanown</h2>
+<p>
 A tool for identifying, evaluating, and exploiting timing
 vulnerabilities remotely.  This is part of the output from a research
@@ -6 +6 @@
 This project is still highly experimental and not particularly easy to
 use at this point.
+</p>
 
-
-# Prerequisites
-
+<h2> Prerequisites</h2>
+<p>
 Linux and Python 3.4+ are required.  Yes, really, your Python needs to
 be that new.  You will also need to install the following modules for
 this version of Python:
-```
+</p>
+<pre>
 requests
 numpy
 netifaces 
 matplotlib
-```
+</pre>
+<p>
 On Debian unstable, you can get these by running:
-```
-apt-get install python3-requests python3-numpy python3-netifaces python3-matplotlib
-```
-If you can't get the appropriate packages from your distro, resort to `pip3`.
-
+</p>
+<pre>
+  apt-get install python3-requests python3-numpy python3-netifaces python3-matplotlib
+</pre>
+<p>
+If you can't get the appropriate packages from your distro, resort to <code>pip3</code>.
+</p><p>
 In addition, you'll need to have a C compiler and the development
 package for libpcap installed.  Under Debian this is probably sufficient:
-```
-apt-get install libpcap-dev gcc
-```
+</p>
+<pre>
+  apt-get install libpcap-dev gcc
+</pre>
 
 
-# Installation
-
+<h2> Installation</h2>
+<p>
 Hah! Funny.
-
+</p><p>
 Currently there's no installation script...
-
+</p><p>
 To attempt to use this code, clone the repository and build the
-`nanown-listen` tool with:
-```
-cd nanown/trunk/src && ./compile.sh
-```
-
-That will drop the `nanown-listen` binary under nanown/trunk/bin.  You
-must then put this directory in your `$PATH` in order to perform any
+<code>nanown-listen</code> tool with:
+</p>
+<pre>
+  cd nanown/trunk/src && ./compile.sh
+</pre>
+<p>
+That will drop the <code>nanown-listen</code> binary under <code>nanown/trunk/bin</code>.  You
+must then put this directory in your <code>$PATH</code> in order to perform any
 data collection.
-
+</p><p>
 To run any of the other scripts, change to the nanown/trunk directory
 and run them directly from there.  E.g.:
-```
-bin/train ...args...
-bin/graph ...args...
-```
+</p>
+<pre>
+  bin/train ...args...
+  bin/graph ...args...
+</pre>
 
 
-# Usage
-
+<h2> Usage</h2>
+<p>
 Our goal for a usage workflow is this:
-
-1. Based on example HTTP requests, and test cases supplied by the user,
+</p>
+<ol>
+<li>Based on example HTTP requests, and test cases supplied by the user,
    a script generator creates a new script.  This new script serves
    as the sample collection script, customized for your web
    application.
-
-2. After collecting samples using the script from step 1, you run a
+</li>
+<li>After collecting samples using the script from step 1, you run a
    mostly automated script to train and test various classifiers on your
    samples.  This will then tell you how many samples you need to
    reliably detect the timing difference.
-
-3. Given the output from step 3 and inputs to step 1, a second script
+</li>
+<li>Given the output from step 3 and inputs to step 1, a second script
    generator creates an attack script for you as a starting point.  You
    customize this and run your attacks.
-
+</li>
+</ol>
+<p>
 Sounds great, yeah?  Well steps 1 and 3 aren't quite implemented yet. =\
-
+</p><p>
 If you are really dying to use this code right now, just make a copy of
-the `trunk/bin/sampler` script and hack on it until it sends HTTP requests
+the <code>trunk/bin/sampler</code> script and hack on it until it sends HTTP requests
 that your targeted web application expects.  Be sure to define the test
 cases appropriately.  Then run it to collect at least
 50,000 samples for each of the train, test and train_null data sets
-(150,000 samples total).  NOTE: Your sampler script must be run as `root`
+(150,000 samples total).  NOTE: Your sampler script must be run as <code>root</code>
 so it can tweak local networking settings and sniff packets.
-
+</p><p>
 Next you can move on to step 2, where you simply run the train script
 against the database created by your sampler script:
-```
-bin/train mysamples.db
-```
+</p>
+<pre>
+  bin/train mysamples.db
+</pre>
+<p>
 This will run for a while.  If you cancel out and re-run it, it will
 pick up where it left off.  Pay special attention to the final results
@@ -94 +106 @@
 distinguish between the test cases.  Do a little math on your own to
 decide how feasible your overall attack will be.
-
+</p><p>
 Finally, we come to step 3.  If you choose to carry out an attack, you
 will need to implement your own attack script that collects batches of
 samples, distinguishes between them using the best classifier available
 (from step 2) and then repeats as needed.  Consider starting with the
-sample script at `test/blackhat-demo/jregistrate-attack`.
+sample script at <code>test/blackhat-demo/jregistrate-attack</code>.
+</p><p>
+Any questions?  See the source, watch our <a href="https://www.youtube.com/watch?v=k-Pv3sf3G2A">BlackHat presentation</a>, read
+our <a href="https://www.blackhat.com/docs/us-15/materials/us-15-Morgan-Web-Timing-Attacks-Made-Practical-wp.pdf">research paper</a>),
+or <a href="https://code.blindspotsecurity.com/trac/nanown/newticket">post a ticket</a>.
+</p>
 
-Any questions?  See the source, watch our [BlackHat presentation](https://www.youtube.com/watch?v=k-Pv3sf3G2A), read
-our [research paper](https://www.blackhat.com/docs/us-15/materials/us-15-Morgan-Web-Timing-Attacks-Made-Practical-wp.pdf),
-or [post an issue](https://github.com/ecbftw/nanown/issues) on GitHub.
+<h2> License</h2>
+<p>
+Unless otherwise indicated in the source code, this software is licensed under the GNU GPL version 3.  See the LICENSE file for details.
+</p>
 
-
-# License
-
-Unless otherwise indicated in the source code, this software is licensed
-under the GNU GPL version 3.  See the LICENSE file for details.
-
-
-# Contributing
-
+<h2> Contributing</h2>
+<p>
 We certainly welcome and encourage code contributions, no matter how
-small. Currently, this GitHub repository is a mirror of an SVN
-repository. Please don't submit pull requests.  Instead, just contact us
-through the issue tracker and send us a patch if needed.  We may switch
-to git later.
+small.  To submit a patch, please check out the latest revision with:
+</p>
+<pre>  svn co https://code.blindspotsecurity.com/dav/nanown/</pre>
+<p>
+Then apply your changes and run "<code>svn diff</code>".  Save the resulting diff and attach it to a <a href="https://code.blindspotsecurity.com/trac/nanown/newticket">ticket</a>.
+</p>

trunk/lib/nanownlib/stats.py

@@ -365 +365 @@
 
 
-from pykalman import KalmanFilter
+#from pykalman import KalmanFilter
 def pyKalman4DTest(params, greater, samples):
     kp = params['kparams']

trunk/lib/nanownlib/train.py

@@ -300 +300 @@
 
 
-from pykalman import KalmanFilter
+#from pykalman import KalmanFilter
 _pykalman4d_params = None
 _pykalman4d_params = {'observation_covariance': [[11960180434.411114, 4760272534.795976, 8797551081.431936, 6908794128.927051], [4760272534.795962, 12383598172.428213, 5470747537.2599745, 11252625555.297853], [8797551081.431955, 5470747537.2601185, 1466222848395.7058, 72565713883.12643], [6908794128.927095, 11252625555.297981, 72565713883.12654, 1519760903943.507]], 'transition_offsets': [592.5708159274, 583.3804671015271, 414.4187239098291, 562.166786712371], 'observation_offsets': [165.2279084503762, 157.76807691937614, 168.4235495099334, 225.33433430227353], 'initial_state_covariance': [[33599047.5, -18251285.25, 3242535690.59375, -8560730487.84375], [-18251285.25, 9914252.3125, -1761372688.59375, 4650260880.1875], [3242535690.59375, -1761372688.59375, 312926663745.03125, -826168494791.7188], [-8560730487.84375, 4650260880.1875, -826168494791.7188, 2181195982530.4688]], 'initial_state_mean': [12939012.5625, 12934563.71875, 13134751.608, 13138990.9985], 'transition_covariance': [[2515479496.145993, -401423541.70620924, 1409951418.1627903, 255932902.74454522], [-401423541.706214, 2744353887.676857, 1162316.2019491254, 1857251491.3987627], [1409951418.1628358, 1162316.2020361447, 543279068599.8229, -39399311190.5746], [255932902.74459982, 1857251491.398838, -39399311190.574585, 537826124257.5266]], 'observation_matrices': [[1.4255288693095167, -0.4254638445329988, 0.0003406844036817347, -0.0005475021956726778], [-0.46467270827589857, 1.4654311778340343, -0.0003321330280128265, -0.0002853945703691352], [-0.2644570970067974, -0.33955835481495455, 1.7494161615202275, -0.15394117603733548], [-0.3419097544041847, -0.23992883666045373, -0.15587790880447727, 1.7292393175137022]], 'transition_matrices': [[0.52163952865412, 0.47872618354122665, -0.0004322286766109684, 0.00017293351811531466], [0.5167436693545113, 0.48319044922845933, 7.765428142114672e-05, -0.00021518950285326355], [0.2091705950622469, 0.41051399729482796, 0.19341113299389256, 0.19562916616052917], [0.368592004009912, 0.22263632461118732, 0.20756792378812872, 0.20977025833570906]]}