Trojan Project

As part of the COSC429 Information Warfare course, development of a Trojan module is required.

Background

The software should have command and remote modules, which are connected together via sockets. Functionality such as screen capture, key log capture and remote file browsing is required. Due to the complete assignment spec not being available, more functionality will be added later. The command module will be running on the attackers computer, while the remote module will be running on the targeted computer. Bypassing security and installing the remote component onto the targeted computer is not required. It is assumed that the remote module can be installed by a 3rd party and will be constantly running. Therefore, the focus of this design is providing the functionality required and ensuring secure communication.

Design Study

A current log of work spent on the project can be found here Design Project Log

Functionality

Basic

• Remote command channel
• Implant registration with server
• Screen capture
• Keyboard capture
• Target File browse
• File upload/download

Advanced Features

• Cryptographic channel protection
• Implant hiding
• Targer user list
• List of active processes
• Extract web history
• Extract email
• Audit log

Requirements

1. Secure - Components and communication of software should be secure and unable to modify
2. Maintainability - Easy to add new functionality (e.g. Multiple remote modules)
3. Extensible - Add additional software components easily (e.g. Software to deliver remote module onto target system)

Constraints

Remote and control module communication, processing speed and associated overhead costs.

Many of the tasks require use of the Win32 API. I'm not sure how this impacts on the implementation language choice. I know languages such as C# provide relatively straight forward access to this interface, but I'm not so sure it is so simple using Java. If anyone's reading this, I would be very interested to know what you think. You can leave comments at the bottom of the page, under the 'Comments' section. The language I choose to implement in must have support for serialization and an easy Win32 API.

Initial Design

This is my current UML diagram -- a work in progress. I think I have the basic structure, but obviously there are a few class attributes and functions missing.

Description of Classes

ControlUnit ControlUnit is the main class of the control module. An observer pattern is used with the GUI and Controller. It contains a list of data objects which can then be displayed by the GUI. The data objects have a specified type e.g. Picture, Text, ... and so it will be up to the GUI to organise how to display them. Therefore any knowledge of the task from which the data came is unnecessary. The ControlUnit class will also have the appropriate update functions to enable an observer pattern.

Communicator Communicator is used to set up a connection between the control and remote modules. The type of encryption can be set, by passing an EncryptionStandard object. Both the ControlUnit and Remote objects create instances of the Communicator object. The main way the remote and control units will communicate, is by serializing and sending Task objects. Once an object is serialized it is then encrypted and sent. When received it is first decrypted and then de-serialized.

Serializer The serializer class is used to serialize task objects and return them as a byte array. It is also used to de-serialize objects.

EncryptionStandard The use of EncryptionStandard with the various subclasses allows the program to be extended to incorporate various encryption types. For the current implementation, it is expected that "Unsecured" and "RSA" Encryption Standards will be implemented. But in future it is possible to add say, AES encryption. By using the Strategy pattern, each subclass overrides the EncryptionStandard's functions such as encrypt and decrypt.

Task By using the strategy pattern for the Task class, it allows easy modification to add new functionality to the program. Currently, Screenshot and Keylog functionality is provided, but it should be relatively simple to add more. Once a task is performed by the remote program, data is added to the task which is then sent back to the control unit. The data class can be one of various types.

Data Data is a class that carries information produced on the Remote host from performing a Task. It has a type attribute which describes the type of data it is, as well as a text heading.

Design Critique

Displaying of the data by a list of Data objects in ControlUnit is perhaps not optimal? The GUI still has to know about the Data types that are possible, but is this an inevitable coupling?

Design patterns/ideas/principles used

Strategy is used in the Task and EncryptionStandard class design. In both classes, different types of tasks and encryption standards perform various functions differently. Because of this, strategy was used to create subclasses with functions that override that of it's super class.

Open Closed Principle The open closed principle states that the design should be open for extension but closed to modification. Taking the example of Tasks, a new task subclass can be easily added (extension), without the Task object itself being changed (no modification). In saying this, modification will be required in relation to the GUI providing the option to select this new task, but this is an inevitable problem.

Singleton Only one communicator object can exist in each program??

Observer The design pattern used linking the ControlUnit class with the GUI is an Observer pattern. The GUI will look at the list of data objects and display them according to their type.

Separation of concerns The classes are created to capture a single abstraction in each class.

Design Improvements

Here is a slightly more updated version of my UML diagram. The basic structure is correct I think, but many more functions will be added to Communicator once I learn more about socket programming.

Design Critique

There are still a number of design issues with this version. Namely, what's the best way for the GUI to know about display information regarded to each task? At this point I have opted for the GUI to only know about how to display a type T data. The DataType is defined as an Enum - which will be updated as the types of data required become clearer. This may be a unnecessary though, as the GUI is probably going to have to know about the various tasks that can be performed. This would be so that the user could choose which task they want performed.

Another issue is how the Communicator object will communicate with its counterpart object. This is related to how socket programming works, and will be updated once I learn more on the subject.

The design presents a simple version of the Observer pattern. This version is still very much in its infancy, and the specifics will be described once the implementation language is chosen. The basic idea is that once a task is complete, it will add the collected data to it the ControlUnit's taskData list. The ControlUnit will then call notifyGUI, which calls the GUI's update method. The GUI's update method will look for new data to display from the getTaskData method in ControlUnit and display it. In this way, the ControlUnit doesn't have to know what data the GUI is interested in displaying, it only tells it when something changes.

The EncryptionStandard object may not be as extensible as first thought. I originally planned for it to be able to handle all encryption standard types. At the moment I'm thinking the design may be limited to symmetric cryptography. Using asymmetric (public key) cryptography could be more of an issue with key development and negotiation, so at this stage it is based on a shared key system. However, through this design it should still be possible to add public key cryptography later. Effort will have to be made with the way that Communicator connects to its counterpart object, so that the connection procedure does not inhibit any possible key negotiation procedure.

Comments

Please feel free to leave any comments, criticisms, ideas or problems you have. Speak your mind! :P

Thanks to User: James Ashford for the project page template.