hacker

CS2105 Assignment 1 Solved

60.00 $

Category: Tags: , ,

Description

5/5 - (1 vote)

Objectives

In this assignment, you will implement a client which would hack into a server that communicates using an HTTP-like protocol. After completing this assignment, you should

  • be able to implement a simple TCP-based client, and • have a good understanding of communication protocols.
  • have a good understanding of FSM.

 

Testing Your Program

To test your program, please use your SoC UNIX ID and password to log on to stu as instructed on Assignment 0 paper.

  • Your program should receive one command-line argument which is the student_key as the following command shows: python3 Hacker-A0165432X.py <student_key>
  • The 6 digit <student_key> has already been mailed to you (kindly check your spam folder).
  • Note that your program should not read from stdin. Your program can print anything to stdout or stderr, and our test script will silently ignore them.
There is no
hid den test cases dur ing grad
  • We also release a set of grading scripts to you under the test ing. However, passing all the test cases does not

guarantee that you will get full marks.

  • To use the grading script, please upload your program along with the test folder given in the package to stu. Make sure that your program and the test folder are in the same directory. Then, you can run the following command to test your server program: bash test/Hacker.sh <student_key>
tput: un known ter mi nal “xterm -256color”
  • If you ever encounter this error: when testing your program using script provided, run the command: export TERM=xterm

once after you log in and before you run Hacker.sh.

“con ges

All of you will be connecting to a single server, hence start the assignment early to avoid tion” during last few days.

 

Question & Answer

If you have any doubts on this assignment, please post your questions on piazza before consulting the teaching team. However, the teaching team will NOT debug programs for students and we provide support for language-specific questions as a best-effort service. The intention of Q&A is to help clarify misconceptions or give you necessary directions.

FAQ

We will collate your questions here: link

The Hacker

In this assignment, you will be hacking into server 172.25.76.228 running a TCP server on port 4444.

  • The server has 8 files protected by different passwords
  • Each password is 4 digits long (0000-9999)
  • You need to
    • connect to the server with a handshake
    • guess the correct password
    • login
    • get the file
    • calculate the hexadecimal MD5 hash of the file
    • write the hash on the server
    • logout
  • You earn 1 mark per correct hash written on the server.
  • Forgot to mention; the sever really hates making friends. It will timeout a connection in 40 seconds. So you have 40 seconds to steal all the files.

The Protocol

Except for the “file contents”, all messages are strings encoded in utf-8.

RequestMessages

  • These are messages sent from the client to the server
  • All messages have a 5-byte “method” field, followed by a content
Method Content Interpretation Server Action/Response
STID_ 6-byte

<Student_ key>

 Handshake This is the first handshake message sent by the client to the server. If the

<Student_key> is valid server responds with code 200_. If not, the server disconnects.
LGIN_ 4-byte

<Password>

 Login request If one of the 8 valid passwords, the sever responds with code 201_ and gives access to the stored file. If the password is invalid, you get code 403_
LOUT_ Logout request If the client is already logged in, the server logs the client out of the file access and responds with code 202_. Now the client is free to initiate a new login.
GET__ Request to get the file data in raw binary format If the client is already logged in, the server will respond with code 100_, followed by the file content (to be described later).
PUT__ 32-byte hexadeci-

mal hash of the corresponding

file

 Request to write the

“hash” corresponding to the file content

 The server would verify the correctness of the hash. If correct, the server responds with code 203_ and 404_ if incorrect.
BYE__ Final message, goodbye Connection closed

Table 1: Request Message

Code Interpretation
100_ File data
200_ Handshake successful
201_ Login successful
202_ Logout successful
203_ Hash Matched
401_ Invalid Student_Key Handshake failure
402_ Invalid Operation, client request in violation of the current server state.
403_ Invalid Password
404_ Invalid Hash
405_ Permission Denied, the client tried to get a file without login.
406_ Invalid Request from the client. The Method in the request message is invalid.

Table 2: Response Message

ResponseMessages

  • These are messages sent from the server to the client
  • All messages have a 4-byte “code” field
  • Response code 100_ corresponds to the file data. It is followed by the file content in the format <length>_<data>.
    • g 100_5_ABCDE
    • Note, data content is not in string format. It is the binary file content.

The Server

The best way to understand the server is through the FSM.

Common Errors/Issues

  • The request codes are case-sensitive
  • To generate the MD5 hash you may use str(hashlib.md5(data).hexdigest())
  • It is necessary to detect disconnection events reliably. If the bytes object returned by recv() is of zero length, then no more data could be recv()’ed from the connection.
  • Like in the case of Assignment 0, ensure that you handle header and the data separately

Figure 1: Server FSM.

  • Like in the case of Assignment 0, file data is to be treated as raw bytes (hence do not “decode” it).
  • Print your debug messages to stdout, we have redirected stderr to a temporary file, hence you will not see the printed message.
  • There is a low possibility that the Server gets overloaded. So start the assignment early to avoid “congestion” during last few days.
  • CS2105_Assignment_1-buedh0.zip

Related products