RSA HTML Reference

The BXA were quoted by Peter Junger, in a written reply to his questions to them about what he can "export" in teaching his law class about export controls:

> "While the use of html links by a person might, in some
> applications, involve an export . . . we reiterate that the activity
> described by your submission is not an export activity that is subject
> to the EAR and would also not constitute conduct prohibited by Section
> 744.9 of the EAR."

Antonomasia speculated on cypherpunks thusly:

> I think a mere pointer is not an export, no matter what it points to,
> but a link with prohibited smuggled _content_ might be:
> <A HREF=" pack"C*",split/\D+/,echo.....
> although the quoting would probably take a lot of thought.
> Perhaps that's the kind of thing they mean ?

So the challenge is set, can we create an html HREF to a link where the link's name is a non-exportable program, and can we simulatneously persuade a unix shell to create a series of funny named directories, and file which is a non exportable program, and will the web server and web browser be willing to serve/request this file.

Lets find out...

Creating the file

My prompt is aba:cwd/ where cwd is the current working directory, my prompt is shown below in bold typewriter font, comments are in italics, commands and computer output are in normal typewriter font. I use tcsh, which means I was pressing the TAB key rather than constructing all those quoted symbols manually.

aba:~/ cd ~/public_html/rsa/
aba:~/public_html/rsa/ mkdir -p 'print pack"C*",split/\D+/,`echo "16iII*o\U@{$//=$z;[(pop,pop,unpack"H*",<>)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`;$'

Wow worked right off, now try changing into those directories:

aba:~/public_html/rsa/ cd print\ pack\"C\*\",split/
aba:~/public_html/rsa/print pack"C*",split/ cd \\D+/
cd: No match.

hmmm tcsh is getting confused here, lets try pwd

aba:~/public_html/rsa/print pack"C*",split/ pwd
/home/aba/public_html/rsa/print pack"C*",split/\D+

ahh yep, it's actually working just tcsh is confused

aba:~/public_html/rsa/print pack"C*",split/ cd ,\`echo\ \"16iII\*o\\U@\{\$/
Unmatched `.

more confusion, it's still working see:

aba:~/public_html/rsa/print pack"C*",split/ pwd
/home/aba/public_html/rsa/print pack"C*",split/\D+/,`echo "16iII*o\U@{$
aba:~/public_html/rsa/print pack"C*",split/ cd =\$z\;\[\(pop,pop,unpack\"H\*\",\<\>\)]}\\EsMsKsN0\[lN\*1lK\[d2%Sa2/
Unmatched `.

more tcsh confusion

aba:~/public_html/rsa/print pack"C*",split/ cd d0\<X+d\*lMLa^\*lN%0]dsXx++lMlN/
Unmatched `.

and again

aba:~/public_html/rsa/print pack"C*",split/ cd dsM0\<J]dsJxp\"\|dc\`/
Illegal variable name.
cd: No match.

one very confused tcsh!

aba:~/public_html/rsa/print pack"C*",split/ ln -s ~/public_html/rsa/link.html index.html

link to this web document self referentially

aba:~/public_html/rsa/print pack"C*",split/ cd ~/public_html/rsa
aba:~/public_html/rsa/ cat print\ pack\"C\*\",split/\\D+/,\`echo\ \"16iII\*o\\U@\{\$/=\$z\;\[\(pop,pop,unpack\"H\*\",\<\>\)]}\\EsMsKsN0\[lN\*1lK\[d2%Sa2/d0\<X+d\*lMLa^\*lN%0]dsXx++lMlN/dsM0\<J]dsJxp\"\|dc\`/index.html

Creating the HREF

Rather than work out manually how to quote all those characters, move the file into a new directory without an index.html file. As there is no index file, I let the browser do the rest for me by then viewing the directories by clicking on the funny named directories in the browser, till I got to the file. Then I cut and pasted the full quoted URL from the URL box in netscape.

Here's the URL: Have you exported RSA today?

The HTML code you'll need looks like this:

<A HREF="*%22,split/%5cD+/,%60echo%20%2216iII*o%5cU@%7b$/=$z%3b%5b(pop,pop,unpack%22H*%22,%3c%3e)%5d%7d%5cEsMsKsN0%5blN*1lK%5bd2%25Sa2/d0%3cX+d*lMLa%5e*lN%250%5ddsXx++lMlN/dsM0%3cJ%5ddsJxp%22%7cdc%60%3b$/"> Have <EM>you</EM> exported RSA today?</A>

The Saga Continues

Chyden.Net <> complained thusly following up to my post showing off the non exportable link above:

> mmm...
> If one tried to run the above string, would it run? There is a
> difference between " and %22, no? If I am correct, the above code is not
> executable, and thus exportable.

I protested:

> It's not directly executable, agreed. What you have to do is save it
> in a file, and convert %xx into the ascii character for that hex number.
> Here do this, cut and paste:
> % perl -pe 's/%(..)/pack H2,$1/eg' >
> print%20pack%22C*%22,split/%5cD+/,%60echo%20%2216iII*o%5cU@%7b$/=$z%3b%5b(pop,pop,unpack%22H*%22,%3c%3e)%5d%7d%5cEsMsKsN0%5blN*1lK%5bd2%25Sa2/d0%3cX+d*lMLa%5e*lN%250%5ddsXx++lMlN/dsM0%3cJ%5ddsJxp%22%7cdc%60
> ^D
> %
> Then you're ready to rock:
> % perl 13 99D61071378EE2C0C8C9C4B7786B203DEDF2D6E526F24F7E83F3E0F960FB66B9CB81C04E89D70689A4866F21AD1BB5BA6AEE51469E5B59B121BA6F3F8D776B627253BA5DC9FCA8155A565B9893F695D83A0496EB977EE4659EE20E0F2EB49B2593C11487B377CC5D767C79FB985B464D4AE94A5F45E42E3B29C8B89D556A4A67 < national_sikrits | mail -s "rsa mail"
> %

And then relented:

> However... I do take your point that the code contains some naughty
> characters which mean that you need to use %xx to allow it to be a
> valid URL.
> Challenge #2 then is can we change the code so that it no longer has
> any naughty characters and hence works without quoting, in such a way
> that it still works as perl! Hmm...

So the next challenge then is to create a link which doesn't have any characters which the URL spec requires to be quoted, had to break this up with /s because otherwise we were going over the limit on filenames on SunOS4.x (which is what the webserver at dcs is running).

Have you exported RSA today?

The HTML code for that one is:

<A HREF="*),q/7072696e74207061636b22432a222c73706c69742f5c442b2f2c606563686f202231366949492a6f5c55407b242f3d24/.q(7a3b5b28706f702c706f702c756e7061636b22482a222c3c3e295d7d5c45734d734b734e305b6c4e2a316c4b5b6432255361322f64303c582b642a6c4d4c615e2a6c4e25305d647358782b2b6c4d6c4e2f64734d303c4a5d64734a7870227c646360))),$/"> Have <EM>you</EM> exported RSA today?</A> However, it's not nearly so readable. And it's longer. I really don't think I can do it readable as well. (The approach above being to hexadecimal encode the program, and make the new program unhex decode that, and eval it, which means it will decode and run transparently each time you use it).

(The trailing ,$ is needed to make the code still executable in the presence of the trailing /. This means it's safe even if people use a trailing / after the directory name. We want to create a directory so that we can put an index.html in it, and have a browser recognize it as html, otherwise it wouldn't end in .html, and you would get to view the HTML source).

Comments, html bugs to me (Adam Back) at <>