remote control – Starting apps remotely via simple network protocols

I’m working on a project where I have several Android devices with certain apps installed on them that need to be started remotely via WiFi (or possibly Bluetooth) in response to a physical event detected by various sensors.

Does anyone if there is an app that can start other apps upon receiving some kind of network command? The protocol involved needs to be fairly simple as the commands are sent by a microcontroller-based system with no OS, so I would need to implement anything from scratch. UDP or simple TCP (i.e. HTTP) is fine, but I want to avoid having to deal with things like SSH or VNC.

I’ve found an app called ‘Remote App Launch’ which uses HTTP and does exactly what I need, but the issue is that it has quite a delay (randomly varying from around 1 to 10 seconds) when starting an app (especially with the screen off).

I guess it would be possible to write a dedicated app for this, but I don’t have any kind of experience with developing for mobile devices.

protocols – Defending against Wiegand sniffing (ESPKey) attacks in RFID card readers

It’s known that card readers, which use the Wiegand format, can be attacked by installing a sniffer, such as an ESPKey. After the sniffer is installed, whenever anyone uses the reader, their credentials get saved, and the attacker can clone them.

What is the defense against this? The article mentions that card readers have a tamper sensor. Is a correctly installed tamper sensor enough to thwart this attack? What exactly does the tamper sensor do, and what happens when it’s set off?

Also, since ESPKey attacks specifically target the interceptable wiegand protocol, is there some other protocol which provides secure communications? Many articles cite Wiegand as being the most common protocol. What percentage of card readers are vulnerable to this attack, and what’s the next most common non-vulnerable protocol?

cryptography – Non-Repudiation and Anonymity Protocols

For the Zhou-Gollman non-repudiation protocol discussed in the lecture on “Non-Repudiation and Anonymity Protocols”, which one of the following statements is false:

a] At time point 4, both A and B can produce evidence to prove that they received K
b] At time point 2, both A and B can produce evidence to prove that they received a signed
message from the other party
c] At time point 0, S cannot prove anything
d] At time point 3, B cannot produce evidence to prove that A has access to key K
e] At time point 1, A can prove that B is alive
f] At time point 4, S can prove that A is alive
g] At time point 3, S can produce evidence that A has access to key K
h] At time point 0, A is not alive
i] At time point 2, A can produce evidence to prove that B is alive
j] At time point 4, the protocol terminates

protocols – If FIDO2 just adds WebAuthn to CTAP why are only some keys compatible?

I’ve been trying to find the major differences between “U2F” versus “FIDO2” two-factor authentication standards. Reading some of the articles posted by different companies and even the FIDO site itself give the impression that the main work of the FIDO2 standard was the WebAuthn API, and that both U2F and FIDO2 are based on the “CTAP” protocol which at least one source (perhaps not a good one) claimed:

In the same release, FIDO also introduced CTAP2, which is basically the same as U2F but relaxes its requirements to also include mobile devices as acceptable external authenticators.

(Source: https(:)//doubleoctopus(.)com/blog/your-complete-guide-to-fido-fast-identity-online/)

So if all CTAP2 did was “relax requirements” then why do some USB keys only support U2F while others support FIDO2? Shouldn’t the changes have only been in the browser side, i.e. exposing the WebAuthn to JavaScript?

malware – Infecting peers downloading files using BitTorrent protocols

I have read about BitTorrent protocols and how uTorrent works specifically. The main idea is that instead of many clients accessing the same server for downloading a file, different parts of the file are given to the clients, and then it is shared among the peers (peer to peer). Therefore, improving efficiency and download speed by decreasing the overload on the server.

What if we look at it a little bit differently. We do take advantage of more commuters, but, those machines also gain others’ trust. Unlike a sole legitimate server, malicious users can join a p2p download session and share fake info instead of the real content of a file.

For example, consider the following. Two users (user1, user2) are trying to download a jpg image. Each of these users is responsible for sharing their part of the image to the other peers (in this case only one). The public server is responsible for 1/3, user1 is responsible for 1/3 and user2 is responsible for 1/3. What happens if user2 decides to forward fake data to user1? Theoretically, it can control 1/3 of user1’s image.

This example can be used with any other file format (exe, libraries, or any other files which can theoretically lead to remote code execution).

I know, it is possible to detect this by comparing the file signatures with the original server. However, do BitTorrents protocols do this?
Is this technique even possible at all?

windows – Error “DCOM was unable to communicate with the computer using any of the configured protocols” is generated for every 5 mins for a nonexistent server

In our server event log, for every 5 mins the below error will appear.

DCOM was unable to communicate with the computer RemovedServerName using any of
the configured protocols.

How to identify which process generating this error ?

Here is the details from Event Viewer

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" /> 
  <EventID Qualifiers="49152">10009</EventID> 
  <Version>0</Version> 
  <Level>2</Level> 
  <Task>0</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x80000000000000</Keywords> 
  <TimeCreated SystemTime="2021-01-28T09:53:13.000000000Z" /> 
  <EventRecordID>1728777</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="0" ThreadID="0" /> 
  <Channel>System</Channel> 
  <Computer>CurrentServerName</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data Name="param1">RemovedServerName</Data> 
  <Binary>dsfdsfgsdfdfsdfdfg</Binary> 
  </EventData>
  </Event>

windows – Can I elicit responses from “any remote host” on “all protocols” if I want to?

An nmap scan of my test computer returns a result of “5357 / tcp open wsdapi”.
After some research, this is something that can be exploited.

It is explained here that:

By default, WSDAPI will listen on TCP ports 5357 and 5358. The Windows Firewall will allow messages in to these ports if the interface firewall profile is anything other than Public. This means under non-Public profiles (e.g. Private or Domain) the vulnerability can be reached by remote, unauthenticated users.

For an attacker to be able to trigger the vulnerability on a target, they need to know the WSD Address value for the target, which is a UUID (Universally Unique Identifier). This value is automatically sent in broadcast UDP messages to port 3702 (WS-Discovery) in an effort to discover devices that support WSD. Being broadcast UDP the message will only be visible to attackers on the same subnet. Attackers on other subnets, or on the Internet, will not be able to launch attacks against distant targets using this approach.

A system could also be exploited by a malicious device which responds to a client computer using WSDAPI. It is possible for the user to manually enter the URL of a device to connect to, in which case the device could respond with a malformed message and trigger the vulnerability. This requires user-interaction and social engineering, however.

This makes me think.

Since I am fairly new to this field and struggling with this, my question now is whether I should and can generally elicit, in this case, an UDP packet response from a “remote host” to get this information and how can I do that? Or that something like this happens automatically and that the “remote host” in question does this on its own?

In addition, I would like to know whether it is possible for other protocols to elicit responses from any random device, whether it is connected to a network or not.

windows – Can I elicit responses from ” any remote host ” on “all protocols” if choose want to?

An nmap scan of my test computer returns a result of “5357 / tcp open wsdapi”
After some research, this is something that can be exploited.

Vulnerability in Web Services on Devices (WSD) API

It is explained here that:

By default, WSDAPI will listen on TCP ports 5357 and 5358. The Windows Firewall will allow messages in to these ports if the interface firewall profile is anything other than Public. This means under non-Public profiles (e.g. Private or Domain) the vulnerability can be reached by remote, unauthenticated users.

For an attacker to be able to trigger the vulnerability on a target, they need to know the WSD Address value for the target, which is a UUID (Universally Unique Identifier). This value is automatically sent in broadcast UDP messages to port 3702 (WS-Discovery) in an effort to discover devices that support WSD. Being broadcast UDP the message will only be visible to attackers on the same subnet. Attackers on other subnets, or on the Internet, will not be able to launch attacks against distant targets using this approach.

A system could also be exploited by a malicious device which responds to a client computer using WSDAPI. It is possible for the user to manually enter the URL of a device to connect to, in which case the device could respond with a malformed message and trigger the vulnerability. This requires user-interaction and social engineering, however.
This makes me think.

Since I am fairly new to this field and struggling with this, my question now is whether I should and can generally elicit a, in this case, an UPD packet response from a “remote host” to get this information and how I can That do? Or that something like this happens automatically and that the “remote host” in question does this on its own?

In addition, I would like to know whether it is possible for other protocols to elicit responses from any random device that, whether or not, is connected to a network.