Cybersecurity: Malformed Packet Attacks & Defenses

In this first activity, you will experiment with the countdown timer app from the Send and Receive Packets activity. Its original form is vulnerable to malformed packet attacks you will learn how to harden it against them.  The malformed packet attack will cause the receiver to throw an exception.  At that point, it will become unresponsive until its script is restarted or reloaded with the Flash button.

This activity requires two micro:bit modules running different scripts, a Sender script and a Receiver script.

Parts

• Two micro:bit modules.
• Two USB A to micro-B cables.

Scripts

Running 2 micro:bit modules: You can either connect each micro:bit to a separate computer or connect both to separate USB ports on the same computer.

• Decide which micro:bit you want to be the countdown Sender and which one you want to be the countdown Receiver.
• Connect the two micro:bit modules to two USB ports with two USB cables.
• Open two separate browsers and navigate each one to the micro:bit Python Editor at python.microbit.org.
• If you are part of a class, and have been assigned a channel, make sure to adjust the script’s channel=7 argument to your assigned channel before you save and flash the scripts.
• Enter, name, save, and flash the countdown_sender_w_malformed_packet_option script into the Sender micro:bit.
• Enter, name, save, and flash the script countdown_receiver script into receiver micro:bit.  The Receiver Script is below the Sender Script on this page.
• Before continuing, find the # Sends malformed packet if value is -1 comment and examine how the dictionary can be changed before transmitting.  

Sender Script: countdown_sender_w_malformed_packet_option

# countdown_sender_w_malformed_packet_option
 
from microbit import *
import radio
 
radio.on()
radio.config(channel=7,length=128)
 
sleep(1000)
 
print("Countdown App")
print("micro:bit sender")
 
while True:
    text = input("Enter countdown start: ")
    value = int(text)
    message = input("Enter message after countdown: ")
    dictionary = {  }
    dictionary['start'] = value
    dictionary['after'] = message
    # Sends malformed packet if value is -1
    if value is -1:
        dictionary['start'] = "Not a number!"
 
    packet = str(dictionary)
    print("Send: ", packet)
    radio.send(packet)
    print()

Receiver Script: countdown_receiver

# countdown_receiver.py
 
from microbit import *
import radio
 
radio.on()
radio.config(channel=7,length=128)
 
sleep(1000)
 
print("Countdown App")
print("micro:bit receiver\n")
 
while True:
    packet = radio.receive()
    if packet is not None:
        print("Receive: ", packet)
 
        print()
        print("Parse: ")
 
        dictionary = eval(packet)
 
        value = dictionary['start']
        message = dictionary['after']
        print("value = ", value)
        print("message = ", message, "\n")
        while value >= 0:
            print(value)
            sleep(1000)
            value = value - 1
        print(message)
        print()

Let’s first make sure the sender and receiver micro:bit modules work as expected with normal packets.  If the terminal doesn’t display what you type or display messages, try closing and reopening the terminal by clicking Close Serial and then clicking Open Serial again.   

See Texting with Terminals if you need a reminder on how to set up the serial monitor and radio connections between the two micro:bit modules.

• Click the Show serial buttons in both python.microbit.org editors.
• In the serial monitor connected to the sender micro:bit, click to the right of the “Enter seconds to count down: “ prompt.
• Type a number and press Enter.
• The program will then prompt you with Enter message after countdown:.  Type the message you want it to display, then press Enter.
• Verify that the serial monitor connected to the receiver counts down to zero from the starting value you gave it, and then displays your custom message.

Now, it’s time to examine the effect a malformed packet can have on a script.  At this point, the Sender serial terminal should be prompting you to enter another number of seconds to count down.  

• In response to the Enter seconds to count down: prompt, type -1 and press Enter.
• In response to the Enter message after countdown: prompt, you can just press Enter again without typing any text.
• Verify that one of the lines displayed reads: “TypeError: can’t convert ’int’ object to str implicitly“.
• Try entering another number and message into the sender’s serial monitor.  The receiver serial monitor should be unresponsive.
• You can manually restart the receiver micro:bit by pressing and releasing its reset button.  It’s right next to the MicroUSB connector on the underside of the micro:bit.  After that, the receiver will resume working as a countdown timer.
• Click Hide serial in both python.microbit.org editors.   

How the Tests Work

For background info on how the scripts work without the malformed packets, see How Radio Data Packets Work from the Cybersecurity: Radio Data tutorial.

Here is an example of a properly formed packet, sent by the sender micro:bit:

{'after': 'All done!', 'start': 3}

Even when you type -1 for the countdown start, the dictionary that’s created is this:

{'after': 'All done!', 'start': -1}

…but then, the script reaches these statements:

    # Sends malformed packet if value is -1
    if value is -1:
        dictionary['start'] = "Not a number!"    

After that, the packet is changed to this:

{'after': 'Add done!', 'start': 'Not a number!'}

In the receiver script, the value corresponding to the dictionary’s ’start’ key is stored in a variable named value.  When the receiver script gets to this line:

            value = value - 1

…it tries to subtract 1 from the ’Not a number!’ string, and throws this runtime exception: TypeError: can’t convert ’int’ object to str implicitly.  After the exception, the receiver micro:bit will not respond until it is restarted.  

Try This: Add Exception Handling

The receiver’s runtime exception from the malformed packet is easily preventable with exception handling.  For the basics of how exception handling works, try or review the Exception Handling Primer. 

After placing the susceptible portion of the script into a try: block and handling the exception with except:, the receiver will no longer stop running its script when it receives that kind of malformed packet.

This modified receiver script puts the while value >= 0: countdown loop into a try-except statement.  

• Modify the receiver script as shown in the Receiver Script Changes image below.
• Set the project name to countdown_receiver_w_exception_handling_try_this, and then click Save.
• Flash it into the receiver micro:bit with the Send to micro:bit button.
• Repeat the instructions in the Sender & Receiver Tests section.  With the exception handling added, the micro:bit should no longer stop in its tracks and become unresponsive when it receives the  malformed packet.

Receiver Script Changes

Did You Know: It’s Complicated!

Applications don’t normally have just one vulnerability, so it’s best to test for more than one scenario.  For example, what if the dictionary packet is changed to some other object, like maybe a string?  This is just one example of the kinds of questions that application security validation specialists help with as part of software development.

Your Turn: Add Another Vulnerability

Your receive script is hardened against one kind of malformed packet attack, but what if there are more?  In the first example, the dictionary contained an unexpected term.  What if the dictionary is instead not a dictionary?  That would cause another kind of exception that the receiver script is not yet hardened against.  

• Modify the sender script as shown.
• Set its project name to countdown_sender_w_malformed_packet_options_your_turn.
• Flash it into the sender micro:bit by clicking Send to micro:bit.
• Repeat the tests, but also try entering the value -2 in response to the Enter seconds to count down:  prompt.
• Verify that this also causes an exception and make a note of the line number where the exception occurs.
• In the Receiver Script, move the Try: statement above where the exception occurred and indent all the lines between where the Try: statement was and where it is now.
• Set the project name of the modified Receiver script to countdown_receiver_w_more_exception_handling_your_turn.
• In both micro:bit Python Editors, click Save. 
• Flash it into the receiver micro:bit by clicking Send to micro:bit.
• Repeat the tests again and verify that the second malformed packet attack using a countdown of -2  has been mitigated.

Sender Script

Receiver Script

In Cybersecurity: Sniffing Attacks & Defenses, the Share Something Personal – Unencrypted? activity involved testing unencrypted transmission of emoji from one micro:bit to another. 

In this activity, the application is a little more versatile, allowing you to scroll through the emoji with the micro:bit module’s A button and send it with the B button. 

This application also has a routine for sending a malformed packet.  In this activity, you will again study how the malformed packet can cause problems, mitigate them, and then also encrypt the communication.

Parts:

• Two micro:bit modules
• Two USB A to micro-B cables

Script: radio_send_receive_images_w_buttons

You can either connect each micro:bit to a separate computer, or both to separate USB ports on the same computer.

• Connect the two micro:bit modules to two USB ports with two USB cables.
• Open two separate browsers and navigate each one to python.microbit.org.
• If you are part of a class, and have been assigned a channel, make sure to adjust the script’s channel=7 argument to your assigned channel before you save and flash the scripts.
• Enter, name, save, and flash the radio_send_receive_images_w_buttons script into both micro:bit modules.
• Before continuing, find the # Sends malformed packet comment and examine how the packet is changed before transmitting.  

# radio_send_receive_images_w_buttons

from microbit import *
import radio

radio.on()
radio.config(channel=7)

n = 0
emoji = [ 'Image.YES', 'Image.NO', 'Image.HEART', 'Image.SKULL' ]
image = eval(emoji[n])
display.show(image)

while True:
    if button_a.was_pressed():
        n = n + 1
        n = n % len(emoji)
        image = eval(emoji[n])
        display.show(image)

    if button_b.was_pressed():
        packet = emoji[n]
        print('packet:', packet)
        if image is Image.SKULL:              # Sends malformed packet
            packet = 'malformed packet'       # Sends malformed packet
        radio.send(packet)
        
    packet = radio.receive()

    if packet:
        print('packet:', packet)

        n = emoji.index(packet, 0, len(emoji))
        image = eval(packet)
        display.show(image)

Here you will first send correctly formed data by sending the YES, NO, or HEART images.  After that, you will send the SKULL to trigger the malformed packet and observe the effect on the receiver micro:bit.

• Use the A button on the micro:bit module to page through the images you can send.
• Decide on an image you want to send.  Choose from YES, NO, and HEART.  (Do not send SKULL yet.) 
• Press the B button to send the image.
• Verify that the image you sent is displayed by the other micro:bit.

• Now, use the A button to page to the SKULL and the B button to send it.  What does the receiving micro:bit display in response?  Does the micro:bit that received the malformed packet display any more images transmitted to it, or is it unresponsive?
• Repeat the above tests while monitoring with the serial terminal.  In other words, click Open Serial in both python.microbit.org/v/2 editors, and observe the data that is sent and received.

The script starts with its name as a comment, followed by importing the microbit and radio modules.  Then, initialization starts by setting the radio to on and the channel to 7.

# radio_send_receive_images_w_buttons

from microbit import *
import radio

radio.on()
radio.config(channel=7)

The initialization continues by creating a global variable n and setting it to zero.  Then, a list of emoji is created and named emoji.  The image = eval(emoji[n]) statement uses eval to convert the string  emoji[0] = ’Image.YES’ to the object Image.YES, and stores the result in a variable named image.  Then, display.show(image) makes the micro:bit modules LED matrix display the Image.YES image, which is a checkmark.

n = 0
emoji = [ 'Image.YES', 'Image.NO', 'Image.HEART', 'Image.SKULL' ]
image = eval(emoji[n])
display.show(image)

The main loop starts with a statement checking if the A button has been pressed.  If so, it adds 1 to n.  The statement n = n % len(emoji) is a trick to keep the value of n cycling through index values of n that never go out of range.  With four emoji in the list, repeatedly pressing and releasing the A button result in n incrementing 0, 1, 2, 3, 0, 1, 2, 3,… and so on.  After the first press of A, the value of n has been incremented from 0 to 1. So, instead of Image.YES (a checkmark), eval(emoji[n]) returns Image.NO (an X), which is stored in the image variable and then displayed by display.show(image).

while True:
    if button_a.was_pressed():
        n = n + 1
        n = n % len(emoji)
        image = eval(emoji[n])
        display.show(image)

If the B button is pressed, the packet variable is set to emoji[n].  For example, if n is 2, packet will be set to ’Image.HEART’, or if n is 3, packet will be set to ’Image.SKULL’.  Both of those are strings that represent the image to transmit.  The print(’packet:’, packet) statement displays the string that packet stores in the Serial terminal.  Back when button A was pressed, the image variable was set to the corresponding Image object.  So, when n was 2, image became Image.HEART or when n was 3, image was set to Image.SKULL.  Basically, the image variable stores the Image object that is displayed, and packet stores the corresponding string that will be sent to the receiver.  The receiver will convert that string to an Image object and display it.

    if button_b.was_pressed():
        packet = emoji[n]
        print('packet:', packet)
        if image is Image.SKULL:              # Sends malformed packet
            packet = 'malformed packet'       # Sends malformed packet
        radio.send(packet)

The if image is Image.SKULL: statement above compares the image the transmitting micro:bit displays to Image.SKULL.  If it’s a match, the packet is changed from ’Image.SKULL’ to a string that simply says ’malformed packet’.  If the string does not contain an image that the receiver recognizes, it will cause a runtime exception, so the string could instead contain something else, like ’abcdefg…’, for example, and it would have the same effect.

Every time through the while True: loop, the packet = radio.receive() statement checks for incoming packets.  If one is waiting in the radio receiver’s buffer, the if packet: statement processes and displays it.  First, it displays it in the Serial terminal with a print statement.  Then, it uses n = emoji.index(packet, 0, len(emoji)) to find the index value that matches the incoming string. 

For example, if the incoming string is ’Image.HEART’, the emoji.index method will return 2, which gets stored in n.  Without this statement, you might have received an image and press B to try to send it back since it’s displaying, but without updating the value of n like this, it might send a different image.  Then, image = eval(packet) changes a string like ’Image.HEART’ to an Image object like Image.HEART, and finally, display.show(image) displays the incoming image on the receiving micro:bit.

    packet = radio.receive()

    if packet:
        print('packet:', packet)

        n = emoji.index(packet, 0, len(emoji))
        image = eval(packet)
        display.show(image)

Try This: Prevent Freezing

As with the first activity, exception handling can prevent the micro:bit from freezing in response to a malformed packet.  

• Set the project name to radio_send_receive_images_w_buttons.
• Modify the script as shown below to handle exceptions when receiving malformed packets.
• Click Save and then flash the script into both micro:bit modules with the Send to micro:bit button.
• Verify that both micro:bit modules can still send and receive images.
• Try sending the SKULL image.  What does the receiving micro:bit’s LED matrix show in response?
• Was the receiving micro:bit disabled by the malformed packet, or can it continue to function?
• If the serial monitor isn’t already open, click the Show serial buttons in both python.microbit.org editors, and observe the activity as you use the A and B buttons on the micro:bit module to exchange images.  

What does a micro:bit terminal now display when it receives a malformed packet?

Did You Know: Stronger Together

Neither encryption nor exception handling alone can entirely protect an app, but used together, they improve its chances of not being intercepted AND not halting script execution due to an exception.

Your Turn: Add Encryption

Now it is time to implement exception handling + encryption with the Share Something Personal app.

• Insert the ascii_shift function immediately above the while True: statement in both copies of the radio_send_receive_images_w_buttons script.

• Insert the two lines of code shown above radio.send(packet) in the image below.
• Change and add the lines shown below the if packet: statement.

• Change the script project name, appending it with _your_turn.
• Save the modified script and flash it into both micro:bit modules with the Send to micro:bit button.
• Test the application to make sure it still exchanges images the way it did previously.
• If the serial monitors aren’t already open, click Show serial in the python.microbit.org editors, and monitor the encryption and decryption.

Many robots and other manufacturing machines have their work orchestrated by computers on a factory network.  If there is any kind of connection to the outside world, a malformed packet might provide a cyberattack entry and then cause malfunctions. 

Similarly, in a remote-controlled navigation contest, your cyber:bot robot might also be vulnerable to malformed packets in addition to sniffing attacks.  So, we’ll now enhance the application from Cybersecurity: Navigation Control from a Keyboard.

In Your Turn: Handle Transmitter Exceptions, you already hardened the sender against accidentally entering malformed packet data, but the receiver is not yet hardened against intentional attacks.  So, in this activity, you will harden the Terminal Control — Go Wireless! app against both kinds of attacks.  

Parts

• One micro:bit module with USB cable (this can be a short cable that comes with a micro:bit GO kit).
• One built and tested cyber:bot robot (which also has a micro:bit) and the longer USB cable that came with the robot

Scripts

• Connect a micro:bit and a cyber:bot robot to two USB ports with two USB cables.
• Open two separate browsers and navigate each one to python.microbit.org.
• If you are part of a class, and have been assigned a channel, make sure to adjust the script’s channel=7 argument to your assigned channel before you save and flash them.
• Enter, Name, Save, and Flash the Sender Script terminal_bot_controller_wireless_malfomred_packet_attack into the Sender micro:bit.
• Enter, name, save, and flash the script terminal_controlled_bot_wireless script into cyber:bot robot’s receiver micro:bit.  The Receiver Script is below the Sender Script.
• Before continuing, find the # Sends malformed packet… comment and examine how the dictionary is changed before transmitting.  

Sender Script: terminal_bot_controller_wireless_malfomred_packet_attack

# terminal_bot_controller_wireless_malfomred_packet_attack

from microbit import *
import radio

radio.on()
radio.config(channel=7,length=64)

sleep(1000)

print("\nSpeeds are -100 to 100\n")

while True:
    try:
        vL = int(input("Enter left speed: "))
        vR = int(input("Enter right speed: "))
        ms = int(input("Enter ms to run: "))

        dictionary = {  }
        dictionary['vL'] = vL
        dictionary['vR'] = vR
        dictionary['ms'] = ms

        # Sends malformed packet attack if ms to run is negative.
        if ms < 0:
            dictionary = { 'vL': -20, 'vR': 20, 'ms': "Not a number!" }

        packet = str(dictionary)
    
        print("Send: ", packet)
        radio.send(packet)
    
        print()
    
    except:
        print("Error in value entered.")
        print("Please try again. \n")

Receiver Script for cyber:bot: terminal_controlled_bot_wireless

# terminal_controlled_bot_wireless

from cyberbot import *
import radio

radio.on()
radio.config(channel=7,length=64)

sleep(1000)

print("Ready...\n")

while True:
    packet = radio.receive()
    if packet is not None:
        print("Receive: ", packet)

        dictionary = eval(packet)

        vL = dictionary['vL']
        vR = dictionary['vR']
        ms = dictionary['ms']
        
        bot(18).servo_speed(vL)
        bot(19).servo_speed(-vR)
        sleep(ms)
        bot(18).servo_speed(None)
        bot(19).servo_speed(None)

Let’s first make sure the sender micro:bit and receiver micro:bit in the cyber:bot work as expected with normal packets.  Since we are going to leave the cyber:bot tethered with USB, we’ll use some short distance maneuvers with low speeds and short run times.   

• Plug the battery pack’s plug into the cyber:bot board’s battery jack.
• Set the cyber:bot board’s PWR switch to 2.
• Click the Show serial buttons in both python.microbit.org editors.
• If the left speed prompt does not appear in the sender Serial terminal connected to the sender micro:bit, try clicking Hide serial, and then Show serial again.
• Type these responses to the prompts, and remember to press Enter after typing each value:
  • Enter left speed: 25
  • Enter right speed: 25
  • Enter ms to run: 500
• Verify that the cyber:bot moved forward slowly for a half a second.
• Decide on another maneuver, type in the prompts, and verify that the cyber:bot maneuvers as expected.

Now it is time to see the effect that a malformed packet can have.  

• Type these responses to the prompts, and remember to press Enter after typing each value:
  • Enter left speed: 25
  • Enter right speed: 25
  • Enter ms to run: -1
• Did the cyber:bot robot’s micro:bit display an error?  
• Did an exception appear in the terminal connected to the cyber:bot robot’s receiver micro:bit?

If your micro:bit was not tethered, it would be stuck until a human came and restarted it by pressing and releasing the micro:bit module’s reset button! That is not always possible in a competition, but you can do it now.

• On the cyber:bot, locate the micro:bit module’s reset button; it’s on the bottom side between the USB and battery sockets.
• Press and release it to restart the receiver micro:bit script execution.
• Type a maneuver into the Serial terminal connected to the sender micro:bit, and verify that you can control the cyber:bot robot’s motion again.

How the Test Scripts Work

The original Sender script terminal_bot_controller_wireless.py is explained here: How the Wireless Controller Script Works.  

The exception handling added to the Sender script is explained here: Your Turn: Handle Transmitter Exceptions.  

The cyber:bot Receiver script terminal_controlled_bot_wireless is explained here: How the Wireless Controlled Bot Script Works.

With that aside, let’s look at how the Receiver script terminal_controlled_bot_wireless was modified to send a malformed packet in response to a negative value. 

At this point in the Sender script, the maneuver values have all been collected, and before the statements below, the dictionary looks like this: { ’vL’: 25, ’vR’: 25, ’ms’: -1 }.  If the ms variable receives -1 from ms = int(input(“Enter ms to run: “)) earlier in the script, the if ms < 0: statement detects it, and changes the dictionary to dictionary = { ’vL’: -20, ’vR’: 20, ’ms’: “Not a number!” }.

    # Sends malformed packet attack if ms to run is negative.
    if ms < 0:
        dictionary = { 'vL': -20, 'vR': 20, 'ms': "Not a number!" }

Try This: Modify the Reciever Script

If you guessed that the receiver script also needs protection with a try-except statement, you were right!  

• Make the changes in the receiver script as shown in the image below, and then save the script.
• Flash it into the cyber:bot robot’s receiver micro:bit.
• Repeat the steps from the previous page, and verify that the malformed packet no longer disables the cyber:bot.

Did You Know: Again, Stronger Together

As mentioned earlier, devices on a network need both encryption AND protection from malformed packets.  This does not normally take many lines of code.  Like the earlier example, both Sender and Receiver scripts need the encrypt/decrypt function (ascii_shift in our example).  

def ascii_shift(key, text):
    result = ''
    for letter in text:
        ascii = ( ord(letter) + key - 32 ) % 94 + 32
        result = result + chr(ascii)
    return result

The Sender script also needs to encrypt the packet before sending:

        packet = ascii_shift(17, packet)

…and the Receiver needs to decrypt the packet after receiving:

        packet = ascii_shift(-17, packet)

In Python for computers (as opposed to MicroPython for the micro:bit), an encryption/decryption module would be imported.  Instead of adding a comparatively weak encryption function, you’d import a module like PyCryptodome, Cryptography, or PyNaCl and use its stronger cryptography methods to encrypt and decrypt.

Your Turn: Add Encryption

The last task in hardening the keyboard-controlled cyber:bot is to implement both encryption and exception handling.

• Modify the sender and receiver scripts using the comments tagged (Your Turn) in the images below as a guide.
• Name and save your modified sender and receiver scripts.
• Repeat the tests yet again, this time to verify that the application still works and is still immune to malformed packets.
• Examine the transmitter and receiver micro:bit serial monitors, and verify that the encryption and decryption are happening as planned.

Sender Script Modifications

Receiver Script Modifications