Description
Objectives
In this assignment, you will implement a client which would hack into a server that communicates using an HTTP-like protocol. After completing this assignment, you should
- be able to implement a simple TCP-based client, and • have a good understanding of communication protocols.
- have a good understanding of FSM.
Testing Your Program
To test your program, please use your SoC UNIX ID and password to log on to stu as instructed on Assignment 0 paper.
- Your program should receive one command-line argument which is the student_key as the following command shows: python3 Hacker-A0165432X.py <student_key>
- The 6 digit <student_key> has already been mailed to you (kindly check your spam folder).
- Note that your program should not read from stdin. Your program can print anything to stdout or stderr, and our test script will silently ignore them.
There | is | no |
hid | den | test | cases | dur | ing | grad |
- We also release a set of grading scripts to you under the test ing. However, passing all the test cases does not
guarantee that you will get full marks.
- To use the grading script, please upload your program along with the test folder given in the package to stu. Make sure that your program and the test folder are in the same directory. Then, you can run the following command to test your server program: bash test/Hacker.sh <student_key>
tput: | un | known | ter | mi | nal | “xterm | -256color” |
- If you ever encounter this error: when testing your program using script provided, run the command: export TERM=xterm
once after you log in and before you run Hacker.sh.
“con | ges |
All of you will be connecting to a single server, hence start the assignment early to avoid tion” during last few days.
Question & Answer
If you have any doubts on this assignment, please post your questions on piazza before consulting the teaching team. However, the teaching team will NOT debug programs for students and we provide support for language-specific questions as a best-effort service. The intention of Q&A is to help clarify misconceptions or give you necessary directions.
FAQ
We will collate your questions here: link
The Hacker
In this assignment, you will be hacking into server 172.25.76.228 running a TCP server on port 4444.
- The server has 8 files protected by different passwords
- Each password is 4 digits long (0000-9999)
- You need to
- connect to the server with a handshake
- guess the correct password
- login
- get the file
- calculate the hexadecimal MD5 hash of the file
- write the hash on the server
- logout
- You earn 1 mark per correct hash written on the server.
- Forgot to mention; the sever really hates making friends. It will timeout a connection in 40 seconds. So you have 40 seconds to steal all the files.
The Protocol
Except for the “file contents”, all messages are strings encoded in utf-8.
RequestMessages
- These are messages sent from the client to the server
- All messages have a 5-byte “method” field, followed by a content
Method | Content | Interpretation | Server Action/Response |
STID_ | 6-byte
<Student_ key> |
Handshake | This is the first handshake message sent by the client to the server. If the
<Student_key> is valid server responds with code 200_. If not, the server disconnects. |
LGIN_ | 4-byte
<Password> |
Login request | If one of the 8 valid passwords, the sever responds with code 201_ and gives access to the stored file. If the password is invalid, you get code 403_ |
LOUT_ | – | Logout request | If the client is already logged in, the server logs the client out of the file access and responds with code 202_. Now the client is free to initiate a new login. |
GET__ | – | Request to get the file data in raw binary format | If the client is already logged in, the server will respond with code 100_, followed by the file content (to be described later). |
PUT__ | 32-byte hexadeci-
mal hash of the corresponding file |
Request to write the
“hash” corresponding to the file content |
The server would verify the correctness of the hash. If correct, the server responds with code 203_ and 404_ if incorrect. |
BYE__ | – | Final message, goodbye | Connection closed |
Table 1: Request Message
Code | Interpretation |
100_ | File data |
200_ | Handshake successful |
201_ | Login successful |
202_ | Logout successful |
203_ | Hash Matched |
401_ | Invalid Student_Key Handshake failure |
402_ | Invalid Operation, client request in violation of the current server state. |
403_ | Invalid Password |
404_ | Invalid Hash |
405_ | Permission Denied, the client tried to get a file without login. |
406_ | Invalid Request from the client. The Method in the request message is invalid. |
Table 2: Response Message
ResponseMessages
- These are messages sent from the server to the client
- All messages have a 4-byte “code” field
- Response code 100_ corresponds to the file data. It is followed by the file content in the format <length>_<data>.
- g 100_5_ABCDE
- Note, data content is not in string format. It is the binary file content.
The Server
The best way to understand the server is through the FSM.
Common Errors/Issues
- The request codes are case-sensitive
- To generate the MD5 hash you may use str(hashlib.md5(data).hexdigest())
- It is necessary to detect disconnection events reliably. If the bytes object returned by recv() is of zero length, then no more data could be recv()’ed from the connection.
- Like in the case of Assignment 0, ensure that you handle header and the data separately
Figure 1: Server FSM.
- Like in the case of Assignment 0, file data is to be treated as raw bytes (hence do not “decode” it).
- Print your debug messages to stdout, we have redirected stderr to a temporary file, hence you will not see the printed message.
- There is a low possibility that the Server gets overloaded. So start the assignment early to avoid “congestion” during last few days.