Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//20350112
15 (U) Reference
15.1 (U) Flytrap <-> CherryTree Communication Details
(S) This section discusses at length the implementation of the communication protocol
between a Flytrap and the CherryTree. It is important to note that this communication
protocol is followed for all Flytrap <-> CherryTree communication except copy data.
Copy data is sent in the clear. The processing burden to encrypt copy data is too severe
for many wireless devices, and the sheer bandwidth of copy data make covert
communication difficult.
(S) It is reiterated here that all Flytrap <-> CherryTree communication flows through
intermediate Point of Presences (PoPs). The PoPs simply forward the data to the
appropriate address, but do no authentication or en/decryption.
15.1.1 (U) Messaging Protocol
(U) This section discusses the design and implementation of the underlying Cherry
Blossom messaging protocol. An extensible “Block” approach was used to build as broad
a spectrum of Missions as possible. Here is the “Block” approach:
(U) A message consists of:
Authentication/Initialization Vector (IV) Block of fixed length for the Header
(unencrypted)
Header Block (encrypted)
o message type (initial beacon, mission, periodic beacon, alert, etc.)
o message length in bytes (i.e., number of bytes remaining in the message to
read from socket)
o Authentication/IV Block of remaining Data
Data Block 1 type (encrypted)
Data Block 1 data (encrypted)
Data Block 2 type (encrypted)
Data Block 2 data (encrypted)
...
Data Block N type (encrypted)
Data Block N data (encrypted)
END Block type
(S) The first Authentication/IV Block is used to authenticate the Header Block. The
Authenticate/IV Block in the Header Block is used to authenticate the Data Blocks. This
is discussed more in the following section.
(U) Blocks contain data specific to a particular event/action/target/etc. Typically, blocks
are of fixed size, although, this architecture would not limit a variable size block. Fixed
size blocks are just easier to handle. An example of a variable size block would be
"FILE" block that would handle the transferring of a file of arbitrary size.
(S) Here are some example blocks:
127
SECRET//20350112

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh