|
@@ -2,7 +2,7 @@
|
|
|
The Covert Protocol is the protocol used to communicate over the covert channel. The communication over the covert channels aims mainly on file transfers.
|
|
|
|
|
|
# Bidirectional Covert Protocol
|
|
|
-A bidirectional communication which uses commands to manage a file transfer.
|
|
|
+A bidirectional communication which uses segment numbers to prevent data loss.
|
|
|
|
|
|
A packet is at least 2 bytes big. The first byte is the header followed by one or multiple data bytes.
|
|
|
|
|
@@ -17,58 +17,13 @@ A packet is at least 2 bytes big. The first byte is the header followed by one o
|
|
|
A header contains a command and a segment number. Even if the `no operation` command is used the segment number must be counted.
|
|
|
|
|
|
```
|
|
|
-| 8 bit |
|
|
|
-| header |
|
|
|
+| 8 bit |
|
|
|
+| header |
|
|
|
|
|
|
-| 2 bit | 3 bit | 3 bit |
|
|
|
-| seg | - | com |
|
|
|
+| 2 bit | 5 bit | 1 bit |
|
|
|
+| seg | - | reset |
|
|
|
```
|
|
|
|
|
|
-### Command
|
|
|
-Commands which indicate
|
|
|
-
|
|
|
-```
|
|
|
-0x0 no operation
|
|
|
-0x1 send file name size
|
|
|
-0x2 send file name
|
|
|
-0x3 send data size
|
|
|
-0x4 send data
|
|
|
-0x5 -
|
|
|
-0x6 cancel / reset
|
|
|
-0x7 error
|
|
|
-```
|
|
|
-
|
|
|
-The sending commands must be sent in the right order: lower number to higher number
|
|
|
-You can of course send a `no operation` or a `cancel / reset` command. If the order is not followed an `error` answer should be invoked.
|
|
|
-
|
|
|
-
|
|
|
-#### `0x0 no operation`
|
|
|
-No operation is the command which indicates to do nothing. It simply works as ACK to signal the packet was received.
|
|
|
-
|
|
|
-#### `0x1 send file name size`
|
|
|
-A file name size is a one byte number.
|
|
|
-```
|
|
|
-0 < file name size < 256
|
|
|
-```
|
|
|
-
|
|
|
-#### `0x2 send file name`
|
|
|
-A file name is a string which can be up to 255 bytes long.
|
|
|
-This command must be looped until the file name is fully transmitted!
|
|
|
-
|
|
|
-#### `0x3 send data size`
|
|
|
-A data size is a 4 byte unsigned int.
|
|
|
-This command must be looped until the data size is fully transmitted!
|
|
|
-
|
|
|
-#### `0x4 send data`
|
|
|
-Data are as much bytes as communicated in `send data size`.
|
|
|
-This command must be looped until the data is fully transmitted!
|
|
|
-
|
|
|
-#### `0x6 cancel / reset`
|
|
|
-This command resets the transmission. The following segment number is the segment number of the reset packet plus 1.
|
|
|
-
|
|
|
-#### `0x7 error`
|
|
|
-This command signals there was an error and the transmission is to be resetted. The following segment number is the segnemtn number of the error packet plus 1.
|
|
|
-
|
|
|
|
|
|
### Segment
|
|
|
The segment number is a counter for the packets in the covert channels. The segment number is increased on the passive server side.
|
|
@@ -94,14 +49,16 @@ seg seg
|
|
|
<-------------------- 5
|
|
|
```
|
|
|
|
|
|
+### Reset
|
|
|
+A reset will will be triggered by a set reset bit.
|
|
|
+Running file transfers will be canceled and the segment counter will be reset to its initial value.
|
|
|
|
|
|
+## Data
|
|
|
+The data will be transmitted over a sequential protocol. You could in fact use the data protocol and ditch the bidirectional protocol.
|
|
|
+There are several states of a transfer:
|
|
|
|
|
|
-It might happen that a server is not possible to answer or all the answers won't be transmitted. This case should be handled with the `cancel / reset` or `error` command upon reconnection. Maybe the session is recoverable without a reset.
|
|
|
-```
|
|
|
-A B
|
|
|
-seg seg
|
|
|
-=========================
|
|
|
-1 -------------------->
|
|
|
-1 -------------------->
|
|
|
-1 -------------------->
|
|
|
-```
|
|
|
+0. idle - does nothing
|
|
|
+1. file name size - sends size of file name as 1 byte unsigned int
|
|
|
+2. file name - sends file name chars and loops until the full file name is transmitted
|
|
|
+3. data size - sends 4 bytes of data size and loops until the full data size is transmitted
|
|
|
+4. data - sends n bytes of data and loops until the full file is transmitted
|