Do you know if exists a Java library for LLMNR responder? I looked for jmDns library but it seems designed only for Bonjour services.
If not I may make a UDP responder, but exists a library for parse/write DNS records?
I don't know of a Java LLMNR responder (*), but to your second question for a library to parse/write DNS records, there's dnsjava.
Record[] records = new Lookup("stackoverflow.com", Type.A).run();
for (Record record : records) {
ARecord a = (ARecord) record;
System.out.println("Host " + a.getName() + " has address " + a.getAddress().getHostAddress());
}
byte[] ip = {(byte)192, (byte)168, (byte)0, (byte)10};
Name zone = Name.fromString("dyn.test.example.");
Name host = Name.fromString("host", zone);
InetAddress address = InetAddress.getByAddress(ip);
ARecord r = new ARecord(host, DClass.IN, 3600, address);
System.out.println(new sun.misc.HexDumpEncoder().encode(r.toWireCanonical()));
(yes I'm using a Sun-private API to print the hex dump, sue me)
Result:
Host stackoverflow.com. has address 151.101.193.69
Host stackoverflow.com. has address 151.101.129.69
Host stackoverflow.com. has address 151.101.1.69
Host stackoverflow.com. has address 151.101.65.69
0000: 04 68 6F 73 74 03 64 79 6E 04 74 65 73 74 07 65 .host.dyn.test.e
0010: 78 61 6D 70 6C 65 00 00 01 00 01 00 00 0E 10 00 xample..........
0020: 04 C0 A8 00 0A
(*) or maybe mdnsjava? (which uses dnsjava). Anyway you might want to wait for the bounty to expire before you accept this, in case someone comes up with a complete answer. Also, usually requests for library recommendations are considered off-topic, but this is a rare topic and I find this interesting, I hope this won't be shut down.
Related
Background
I have recently just started to learn networking and google's protocol buffers to build a communication between my java client to a python server. Sending message from my python server to java client works perfect, but the reverse way (from java to python) was always failed.
Problem
After checking the length of message from both sides, I have found the receiver(python) missing some of the bytes transferred by the java code,
java side:
12 28 08 0b 12 24 15 00 00 80 3f 1a 1b 09 00 00 00 00 00 00 f0 3f 11 00 00 00 00 00 00 f0 3f 19 00 00 00 00 00 00 f0 3f 22 00
python side:
12 28 08 0b 12 24 15 00 00 80 3f 1a 1b 09 00 00 00 00 00 00 f0 3f 11 00 00 00 00 00 00 f0 3f
As you can see, the last 10 bytes is missing. I could not figure out the problem.
Codes
The following is my java code,
// Both Message and UPDATEs are message types I defined in my .proto file
Message message = Message.newBuilder()
.setUpdate(UPDATEs.newBuilder()
.setTimeStamp(11)
.addUpdates(state))
.build();
//System.out.println(message.toString());
System.out.println(message.toByteArray().length); // result -> 42
//System.out.println(byteArrayToHex(message.toByteArray()));
try {
OutputStream outputStream = socket.getOutputStream();
message.writeDelimitedTo(outputStream);
System.out.println("Sending finished.");
} catch (IOException e) {
System.err.println("SteerCommunicator_sendCarData(OutputStream output): " + e.toString());
System.exit(0);
}
and my python code,
def server_loop():
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print "Listening at port {}".format(PORT)
try:
server.bind(("localhost", PORT))
except:
print "Unable to listen on the Port" + PORT
sys.exit()
server.listen(10)
while True:
client_socket, addr = server.accept()
print "Received Message from Client {}:{}".format(addr[0],str(addr[1]))
msg = client_socket.recv(1024)
print len(msg) # result -> 32
Any ideas?
If the diagnosis that the stream is not being flushed is correct, then here is the solution:
try (OutputStream outputStream = socket.getOutputStream()) {
message.writeDelimitedTo(outputStream);
System.out.println("Sending finished.");
} catch (IOException e) {
// SEE NOTES!!
System.err.println("blah blah" + e.toString());
System.exit(0);
}
Explanation: by using try-with-resources, we ensure that the resource is always closed as the block exits, no matter how it exits. This has two benefits:
It ensures that the stream is flushed
It ensures that you don't leak the resource (i.e. the associated FileDescriptor). Resource leaks can cause various unrelated I/O activity to fail ... later on ... if the GC doesn't get a chance to clean up the mess first.
NOTES:
Calling System.exit(...) in the depths of your code is a bad idea. It preempts other possible approaches to recovery, and makes your code harder to extend and/or reuse.
If you catch and report an exception, you should also report the stacktrace ... somewhere.
A better strategy would be to declare IOException as thrown by the enclosing method, and catch / report / recover at a higher level.
I have an applet installed on a JavaCard. I want to delete this applet through over the air(OTA) message by sending APDU commands. following are the APDU command I send through card reader to delete th applet:
1) A4 04 00 00
2) ExAuth 00 02 00 01 00 404142434445464748494A4B4C4D4E4F
3) 80 E4 00 00 0D 4F 0B A0 00 00 00 00 01 02 03 03 01 02
4) 80 E4 00 00 0D 4F 0B A0 00 00 00 00 01 02 03 03 00 00
I have followed this :
https://adywicaksono.wordpress.com/2008/05/21/understanding-gsm-0348/
But I have not been able to delete the applet as there is some error everytime.
Thank You.
Under my assumption that your JavaCard is using the Global Platform framework (which almost every JavaCard does) you need to perform the following steps:
Select CardManager
Authenticate
Delete the applet
You probably succeeded the first step, although selecting the Cardmanager by its AID is the better way to go. The second step looks a bit weird to me from what you posted. The third step looks good as well.
To authenticate there are diffrent protocols, e.g. SCP01, SCP02, etc. SCP02 is the de facto standard for modern cards. Then of course you also need the right keys to authenticate, for most cards delivired there are the default keys that you already have. The exact procedure is explained in the Global Platform specification. A sample log from my tool looks like this:
=> 00 A4 04 00 08 A0 00 00 01 51 00 00 00 00 .........Q....
(9407 usec)
<= 6F 64 84 08 A0 00 00 01 51 00 00 00 A5 58 9F 65 od......Q....X.e
01 FF 9F 6E 06 47 91 23 47 41 00 73 49 06 07 2A ...n.G.#GA.sI..*
86 48 86 FC 6B 01 60 0B 06 09 2A 86 48 86 FC 6B .H..k.`...*.H..k
02 02 02 63 09 06 07 2A 86 48 86 FC 6B 03 64 0B ...c...*.H..k.d.
06 09 2A 86 48 86 FC 6B 04 02 55 65 0B 06 09 2B ..*.H..k..Ue...+
85 10 86 48 64 02 01 03 66 0C 06 0A 2B 06 01 04 ...Hd...f...+...
01 2A 02 6E 01 02 90 00 .*.n....
Status: No Error
cm> set-key 255/1/DES-ECB/404142434445464748494a4b4c4d4e4f 255/2/DES-ECB/404142434445464748494a4b4c4d4e4f 255/3/DES-ECB/404142434445464748494a4b4c4d4e4f
cm> init-update 255
=> 80 50 00 00 08 7D 62 4D F4 89 F6 07 E3 00 .P...}bM......
(55368 usec)
<= 00 00 42 87 00 17 97 93 24 74 FF 02 00 01 3C 2B ..B.....$t....<+
97 86 B8 3B 57 0A D0 9F 82 BF AD C2 90 00 ...;W.........
Status: No Error
cm> ext-auth plain
=> 84 82 00 00 10 EA 1A 9D A0 24 E6 00 9E F8 84 96 .........$......
1A 77 71 46 B4 .wqF.
(56879 usec)
<= 90 00 ..
Status: No Error
cm> delete ff4563686f4170706c6574
=> 80 E4 00 00 0D 4F 0B FF 45 63 68 6F 41 70 70 6C .....O..EchoAppl
65 74 00 et.
(956894 usec)
<= 00 90 00 ...
Status: No Error
As you don't want to perform all the cryptographic protocol by yourself there are tools out there, that do the job for you. The best freeware tool in my opinion is GlobalPlatformPro from Martin Paljek. Beware that there are plenty other tools that might be deprecated.
In order to perform remote application management on SIM you need to have OTA keys of SIM card and OTA platform to construct appropriate GSM 03.48 and 03.40 APDU commands to exchange secure data packets with SIM. SIM carries out authentication of mobile user in mobile networks and neither GSM nor OTA keys of SIM cards never shared by mobile operators to 3rd parties.
MNOs have OTA platform which maintains relational database to keep MSISDN-ICCID-OTA Keys(KiK,KiD and KiC) triplet. Apart from OTA keys, SPI, TAR and CNTR values as part of each SIM card profile is kept in OTA platform to generate GSM 03.48 packet. So to perform any applet provisioning (instal, update delete) generally secure data content must be encrypted with KiC and KiD.
Hello we are trying to create an iOS MDM server using java.
I am stuck at the very first point where we have to sign the certificate and send an SCEP.
I have first sent the enroll plist file to the ios device. In response to which I receive a HttpServletRequest from the ios device when we click on "Install" from the device.
It the uses the URL which contains the profile request url and a request is obtained for the same in java.
After reading the request.getInputStream i got to know that the request has two parts within. One is a plist another is the certificate of the device.
printing the file i got the below plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CHALLENGE</key>
<string>challengesessionvalue1234</string>
<key>UDID</key>
<string>b3d8980d72a6c2abf4f936862e8c50a734ccc030</string>
</dict>
</plist>
It contains the "Challenge" string which was sent during enrollment. Also it gives the device UDID. This part was retrieve by reading the inputStream of the request in java using bytes.
Another part the request.getInputStream contains is the pkcs signed certificate details of Apple certificate as shown below:
PKCS7 :: signer infos:
0. Signer Info for (issuer): CN=Apple iPhone Device CA, OU=Apple iPhone, O=Apple Inc., C=US
version: 01
certificateSerialNumber: 0252f631 cadff5f3 99986
digestAlgorithmId: SHA
authenticatedAttributes: PKCS9 Attributes: [
[ContentType: 1.2.840.113549.1.7.1];
[MessageDigest: 0000: E1 BF 36 1B 11 5C CB 0E E6 1C 57 4F 09 FC 55 B4 ..6..\....WO..U.
0010: D9 C1 E0 1E ....
];
[SigningTime: Wed Jul 30 11:46:02 UTC 2014]
] (end PKCS9 Attributes)
digestEncryptionAlgorithmId: RSA
encryptedDigest:
0000: C5 11 AC 76 89 E7 43 BD A3 03 5F 14 4B 08 BD E4 ...v..C..._.K...
0010: 5E F9 55 BA A7 F5 4E 43 E0 74 FD 06 D2 E2 88 03 ^.U...NC.t......
0020: C4 9C 88 A2 01 E0 9C 63 62 C2 D9 1A BD FC 00 B3 .......cb.......
0030: 64 30 8F 00 BD F4 4A B9 4E EA D5 C6 7B 26 1C 01 d0....J.N....&..
0040: A5 E2 B7 27 B9 7A A8 2D 22 97 E3 D9 24 7B 8B 24 ...'.z.-"...$..$
0050: 84 49 7C 38 1B A7 56 80 B8 CD 1A 44 9C AF 79 D9 .I.8..V....D..y.
0060: 86 12 B5 31 D1 BD 5C 27 F6 64 BC EC DC 02 19 A5 ...1..\'.d......
0070: 25 A5 09 F2 BB 11 67 78 3E DC D4 03 F2 E4 8D C0 %.....gx>.......
I have not copied the whole file as it was a huge. To read this part i used PKCS7 available for java from sun.security.pkcs package.
I would first like to read the "Challenge" value and authenticate the certificate using challenge itself as it will be a uniquely identified session value for us. I just want to pass back a sign certificate to iOS device so that i can proceed further.
Please provide a java code which will help in parse this request.getInputStream.
The content type of the request is = "application/pkcs7-signature"
And how should i pass back the response. Do i need to create the certificate again?
Please help.
Hope i made myself clear with the doubt.
Thanks in advance.!!
Let me try to break down your question to multiple subquestion and answer the.
I am stuck at the very first point where we have to sign the certificate and send an SCEP.
Frankly, I wasn't able to understand what you are talking about.
Based on the response which you got, you are doing this:
https://developer.apple.com/library/ios/documentation/networkinginternet/conceptual/iphoneotaconfiguration/OTASecurity/OTASecurity.html
And you are on phase 2, step 1.
I would first like to read the "Challenge" value and authenticate the certificate using challenge itself as it will be a uniquely identified session value for us
Again. I am not 100% sure what you mean. Specifically "authenticate the certificate using challenge itself"
You should do two things at this steps
Authenticate this request using the challenge extract from the request
Validate the signature (make sure that it's correct signature and that it's signed by appropriate Apple certificate).
if everything is correct (the challange and the certificate) then you should send either a profile with SCEP payload or PKCS12 payload
Please provide a java code which will help in parse this request.getInputStream.
To read this part i used PKCS7 available for java from sun.security.pkcs package.
I would recommend to look at Bouncy Castle. It's excellent library which handles crypto.
And search for "Bouncy castle validate signature":
X.509 Certificate validation with Java and Bouncycastle
http://www.nakov.com/blog/2009/12/01/x509-certificate-validation-in-java-build-and-verify-chain-and-verify-clr-with-bouncy-castle/
I have a java card. How I can find the algorithms that the card support and use for it's cryptography? What happens when I click on the authenticate button in jcmanager (for example)? How I can authenticate with APDUs?
This is output of jcmanager when I clicked on Authenticate :
Open terminal ...
EstablishContext(): ...
Wait for card in a certain reader ...
Pick reader ...
**********************
Selecting Card Manager
***********************
-> 00 A4 04 00 08 A0 00 00 00 03 00 00 00
<- 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 01 FF 90 00
************
Init Update
*************
-> 80 50 00 00 08 D3 90 22 B2 C5 7C D4 DD
<- 00 00 11 60 01 00 7F 8B 0A F9 02 02 00 99 3E 01 33 1B 3F 8E 33 BA E4 AD 82 6E 3C C1 90 00
HostChallenge: D3 90 22 B2 C5 7C D4 DD
CardChallenge: 3E 01 33 1B 3F 8E
Card Calculated Card Cryptogram: 33 BA E4 AD 82 6E 3C C1
Derivation Data is 01 82 00 99 00 00 00 00 00 00 00 00 00 00 00 00
Host Cryptogram Data (to encrypt) 00 99 3E 01 33 1B 3F 8E D3 90 22 B2 C5 7C D4 DD 80 00 00 00 00 00 00 00
Card Cryptogram Data (to encrypt for verification) D3 90 22 B2 C5 7C D4 DD 00 99 3E 01 33 1B 3F 8E 80 00 00 00 00 00 00 00
S_ENC: CE 69 1B 1E C8 EC DB B0 0A 9B 18 4A 53 58 04 BB CE 69 1B 1E C8 EC DB B0
The Current session MAC key is F8 85 4D 94 19 BC 83 4C 99 BA E9 94 15 00 A6 B8
The Current session DEK key is 6D 72 48 D4 23 BF 3B 1C 7C 2F 1F BC 7C 04 E9 F6
Encrypted CardCryptoGram is 58 20 23 4E 14 8B FE AA F8 6D 14 20 3D 41 18 E4 33 BA E4 AD 82 6E 3C C1
Encrypted HostCryptoGram is 07 D0 B3 EB 0F 1B 7E 54 84 34 08 6C 5F D9 E5 55 4B 5F 0D F6 87 52 99 2E
-> 84 82 03 00 10 4B 5F 0D F6 87 52 99 2E 17 29 AA 68 12 98 CE 2D
<- 90 00
Authenticated
Is this right :
I send a random 8 byte number to the card:
-> 80 50 00 00 08 D3 90 22 B2 C5 7C D4 DD
and in the answer of my command, card give me a random numbers + the encrypted random number that I sent to the card. What happens next? my card and my reader with which algorithm encrypt and decrypt random numbers (cardchallenge and host challenge)?
you are totally mixing up things.
FIRST there is Global Platform. Global Platform specifies how to interact with the card manager/security domain: e.g. how to authenticate with the card manager, how to upload a cap file, how to install a cap file, to lock the card to unlock the card to change the keys you mentioned above etc...
SECOND there is the Java Card applet which you code in a way you want your smartcard to behave lateron.
your question is very unclear.
do you mean cryptographic algorithms regarding global platform or jor java card code?
for first identiy your card and read the corresponding Global Platform Specification, there are various authentication modes called scp01 scp02 ...
if you mean javacard: the JC Specification is not mandatory so its the manufactureres choice what crypto to implement. to find out you can either trial&error or you talk to the manufacturer
for authentication to the card manager you should always use a tool (either GPJ GPshell or JCOP tools<--last one is not freely available) generating the APDUs and crypto behind it instead of manually sending APDUs.
however, if you want to know the details read Global Platform Specification instead of asking on a forum
The algorithms supported by your particular card can be obtained via JCAlgTest project. JCAlgTest project page also provides results for 63+ cards gathered by other users. Use ATR of your card to search for similar one in JCAlgTest database. Alternatively, use ATR parsing tool and find match your card by name. The JCAlgTest project also provides performance comparison for selected cards.
I am using energy meter. How to that meter data reading and writing code in Java?
It will be power line node to send and transferring the data it will be convert the concentrator in RS232 to display in serial port. Windows using Java.
Output example in reading meter value is:
A 00 09 14 03 81 0C 03 10 03 00 30 B0 03 3A 00 :.........0°.:.
09 14 03 81 02 03 10 03 00 30 B1 2D 3A 00 09 14 ........0±-:...
03 81 02 03 10 03 00 04 B0 FA 3A 00 09 14 5C 81 .......°ú:...\
02 03 10 03 00 04 B0 FA
For reading and writing data to a serial port under windows i recomend using rxtx
http://rxtx.qbang.org/wiki/index.php/Main_Page
There are samples for reading and writing:
http://rxtx.qbang.org/wiki/index.php/Using_RXTX
There is a com api from oracle, but the actual version has only implementations for Solaris SPARC, Solaris x86, and Linux x86
http://www.oracle.com/technetwork/java/index-jsp-141752.html
I used an older version for windows, but it is hard to find and has some shortcommings (e.g. didn't found ports above com4 without 'helping', has problems with spaces in path to dll and so on)