Warm-Up

Network Security Fall 2023
Fri Sep 15 2023 18:00 EDT

The goals of this assignment are to:

Refresh your TCP and UDP programming skills
Practice building and running containers

“Packet Clapping”

Canvas contains a container image¹ named netsec_warmup.${arch}.img.zst that implements a “packet clapping” game. Analogous to hand clapping games, your goal is to write a program that follows the lead of the clap server by receiving instructions over a command channel and interpreting them to play the game.

The command channel implements the following protocol:²

\[ \begin{align*} C \rightarrow S &: \mathsf{u16}(|\mathsf{identifier}|) \cdot \mathsf{identifier} \\ S \rightarrow C &: \langle \mathsf{command} \rangle \\ S \rightarrow C &: \langle \mathsf{command} \rangle \\ S \rightarrow C &: \ldots \\ S \rightarrow C &: \langle \mathsf{secret} \rangle \\ \end{align*} \]

where

$\mathsf{identifier}$ is a UTF-8 string,
$|x|$ is the length of a byte array $x$,
$\mathsf{u16}(x)$ encodes an integer $x$ as two big-endian bytes, and
$\cdot$ is concatenation.

Feel free to use an arbitrary identifier. This will be used as your “hacker alias” for the rest of the semester.³

After the client sends its remote ID, the server repeatedly sends one or more command messages. Each command message takes the form

\[ \begin{align*} \langle \mathsf{command} \rangle &= \mathsf{u8}(\mathsf{type}) \cdot \mathsf{u16}(\mathsf{port}) \cdot \mathsf{u64}(\mathsf{challenge}) \\ \end{align*} \]

where $\mathsf{u8}$ and $\mathsf{u64}$ are 1 and 8-byte analogues of $\mathsf{u16}$.

Commands

If the client receives a type 1 command, it should listen for a TCP connection on the indicated port, send $\mathsf{u64}(\mathsf{challenge})$ on the first connected socket, and immediately close both the client and server socket.

If the client receives a type 2 command, it should connect a TCP socket to the server IP address using the indicated command port, send $\mathsf{u64}(\mathsf{challenge})$ on the socket, and immediately close the socket.

Finally, if the client receives a type 3 command, it should create a UDP socket, and send a datagram containing $\mathsf{u64}(\mathsf{challenge})$ to the server on the indicated port.

The secret command takes the form:

\[ \begin{align*} \langle \mathsf{secret} \rangle &= \mathsf{u8}(0) \cdot \mathsf{u16}(|\mathsf{value}|) \cdot \mathsf{value} \\ \end{align*} \]

The only content your program should write to stdout is the following JSON object:

{
    "id": "{{identifier}}",
    "value": "{{value}}"
}

Whitespace formatting doesn’t matter. Feel free to write whatever you like to stderr.

Canvas contains a validation script called validate_output.py you can use to check that the output of your solution is well-formed. It expects to read your solution’s output on its stdin.

Submission Instructions

Package your solution as a gzipped TAR archive. Your solution should expand to the following directory structure.

$ tree -F clap
clap
├── Dockerfile
└── src/

The source code to your solution should be contained in src/. Your Dockerfile should, when processed using docker, create a container image that runs your solution against a clap server given a server command channel socket address as an argument. For instance, if the clap server is running on 127.0.0.1:1100, then your container must successfully print the secret when executed like so:

$ docker run -it --rm --network=host ${solution_image} 127.0.0.1:1100

Canvas contains a validation script called validate_build.py you can use to check that your submission archive is well-formed. This script is provided as a convenience and may need to be adapted depending on your particular development environment.

Extra Credit

Recover the clap server HMAC key. Include a README that includes the key value and describes how you recovered it.