A Covert Channel using Game Numeral Systems

By Noel Kim –

INTRODUCTION

A numeral system (or system of numeration) is a writing system for expressing numbers using digits of other symbols in a consistent manner

  • Base 2[0,1]
  • Base 10[0,1,2,3,4,5,6,8,9]
  • Base16[0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F]

The symbols are arbitrary, therefore it is possible to replace these numbers with game items and their quantities to create a Covert channel. White this system can be used in virtually any game with an inventory system, I will be using the game Minecraft as the working example of my working covert channel.

OVERVIEW/HYPOTHESIS

In the creation of the covert channel, we must first make a list of all of the items that can be used within the game. When thinking of some games to mind with an inventory system, 2 games that came to mind were Minecraft and Runescape. In the case of Minecraft there are 624 tradable items with the maximum quantity of each item at 64. This means that maximum numeral set would be 40005. In the example of Runescape there are 3720 tradable items with each item being able to be stacked to a maximum size of 2,147,483,647. When calculating the size of the numeral set it came out to a size of 7,988,639,166,840 or a base of ~8 trillion. However since this is the maximum set size, the number calculated is unrealistic, due to the limited resources within the game. To alleviate this issue, my hypothesis was to either shrink the item set to X amount of time which are less than Y resources, or shrink the possible stack size so not as many items are required. I originally was going to create the covert channel for Runescape due to the sheer size of the numeral set, however since I could not find all of the items in the game that were under a value of X, I decided that Minecraft Covert channel would be more consistent due to less physical limitations within the game, as the price of items would stay consistent. To effectively build a realistic base number for Runescape, the dictionary being used would be constantly changing due to price fluctuations and inflation within the game. Additionally there is no mode within Runescape to allot unlimited resources to the user unlike Minecraft. Due to this limitation it would take a great amount of in game time to gather the resources, or require the user to spend real money to buy the virtual items required.

Encoding Mechanism

To first create an encoding mechanism I first created a small 6-bit Text encoding channel. With this channel I created a character list of 64 possible characters in the set. I then assigned a binary number to each of the characters in the list. Examples of this encoding scheme are as follows:

  • a = 000001
  • b = 000010
  • ! = 100110

After encoding the character set into binary in a simple python script I created appended each of the binary numbers into a list.  After creating this binary encoding script I started contemplate of ways to send the least amount of data as possible before the message would be encoded with the item set. In doing this, I then continued with my script to covert the binary to decimal, and then to UTF8 which has a base of 65535. By doing this I found that I can significantly cut down the number of bytes of data being sent or stored. After dong some basic searching I was able to find a paste bin text file with all of the items within the game with their corresponding ID’s.  Then I created the method to incorporate and encode the Minecraft items for the corresponding message being sent. Furthermore for a fun measures, I created a custom text encoding scheme using a Latin words from a website as a dictionary to illustrate that the numeral system can even be used in a covert channel to encode messages outside a game setting.

k1

Figure 1: Script output

CONCLUSION

After writing the script I observed that the items set within the dictionary act as the encoding mechanism while the order of the items within the dictionary/text file is acting as the encryption mechanism of the covert channel. The purpose of this discussion illustrates the possibility of creating a covert channel within any game that uses an inventory system to send messages covertly.  If I were to create additional functionality to this project I would start by incorporating the coordinate system within the game to add another layer of encoding/encryption to the existing numeral system. I would also try to attempt to have a server hosting the dictionary file of all the items in game and implement a random number generator to randomize the order of the items in a certain time frame to add another layer of stealth for my covert channel.

References/Websites Used

http://latin-dictionary.net/list/letter

http://pastebin.com/3SNmeg2n

Code for this project can be found here: https://mega.nz/#!O1AlFZ7D!NSwGrOFDbJyszegqtyYTXtWdQHCRcFU5888PQqYUIrQ

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s