The Covert Protocol is the protocol used to communicate over the covert channel. The communication over the covert channels aims mainly on file transfers.
A bidirectional communication which uses commands to manage a file transfer.
A packet is at least 2 bytes big. The first byte is the header followed by one or multiple data bytes.
| 1 byte | n bytes |
| header | data |
A header contains a command and a segment number. Even if the no operation
command is used the segment number must be counted.
| 8 bit |
| header |
| 2 bit | 3 bit | 3 bit |
| seg | - | com |
Commands which indicate
0x0 no operation
0x1 send file name size
0x2 send file name
0x3 send data size
0x4 send data
0x5 -
0x6 cancel / reset
0x7 error
The sending commands must be sent in the right order: lower number to higher number
You can of course send a no operation
or a cancel / reset
command. If the order is not followed an error
answer should be invoked.
0x0 no operation
No operation is the command which indicates to do nothing. It simply works as ACK to signal the packet was received.
0x1 send file name size
A file name size is a one byte number.
0 < file name size < 256
0x2 send file name
A file name is a string which can be up to 255 bytes long. This command must be looped until the file name is fully transmitted!
0x3 send data size
A data size is a 4 byte unsigned int. This command must be looped until the data size is fully transmitted!
0x4 send data
Data are as much bytes as communicated in send data size
.
This command must be looped until the data is fully transmitted!
0x6 cancel / reset
This command resets the transmission. The following segment number is the segment number of the reset packet plus 1.
0x7 error
This command signals there was an error and the transmission is to be resetted. The following segment number is the segnemtn number of the error packet plus 1.
The segment number is a counter for the packets in the covert channels. The segment number is increased on the passive server side.
An example how the packet exchange might look like.
A B
seg seg
=========================
1 -------------------->
<-------------------- 2
2 -------------------->
<-------------------- 3
3 --------- X Packet lost
3 --------------------> Retransmission from A
<-------------------- 4
4 -------------------->
X --------- 5 Packet lost
X --------- 5 Retransmission from B
4 --------------------> 4 Retransmission from A
<-------------------- 5
It might happen that a server is not possible to answer or all the answers won't be transmitted. This case should be handled with the cancel / reset
or error
command upon reconnection. Maybe the session is recoverable without a reset.
A B
seg seg
=========================
1 -------------------->
1 -------------------->
1 -------------------->