Thursday, June 27, 2013

Fake/Random Identity Generator


During my research on RSA cryptography and the importance of a truly random number for having a large key-space, I stumbled on to I thought the concept could be really useful for certain applications and could easily envision how to implement it in C#, and make it extensible/customizable.

Take a look at these:

<?xml version="1.0" standalone="yes"?>
    <TrackingNumber>1Z 8A8 238 01 9398 182 1</TrackingNumber>
    <FirstName>Keaton </FirstName>
    <StreetAddress>4828 Cherry St.</StreetAddress>

    <FirstName>Xyla </FirstName>
    <Address>8348 Court Ave.</Address>

 CREATE TABLE ReservationData (
  `id` mediumint(8) unsigned NOT NULL auto_increment,
  `UniqueID` MEDIUMINT default NULL,
  `TripDate` varchar(50) default NULL,
  `FirstName` varchar(255) default NULL,
  `LastName` varchar(255) default NULL,
  `Phone` varchar(100) default NULL,
  `AltPhone` varchar(100) default NULL,
  `Email` varchar(255) default NULL,
  `StreetAddress` varchar(255) default NULL,
  `City` varchar(50) default NULL,
  `State` varchar(50) default NULL,
  `Zip` varchar(10) default NULL,
  `Country` varchar(255) default NULL,
  `DayOfYear` varchar(50) default NULL,
  `TotalCost` varchar(50) default NULL,
  `Balance` varchar(10) default NULL,
  `CCard` varchar(18) default NULL,
  `Expires` varchar(5) default NULL,
  `CVC2` varchar(3) default NULL,
  PRIMARY KEY (`id`)

This would make great honey for a honey pot; just fill an SQL database with this random, realistic looking data, serve and log any and all attempts to access, query or dump the database. This can be done on a VM and you have a easily deployed, high interaction honeypot!

Aside from being able to see their IP address, I think the most useful data that can be attained is their behavior; what injection attacks are they using to drop the database? Write rules to prevent your honey against trivial attempts such as the ' AND 1=(SELECT attacks and see what they come up with next. Rule writing is inherently a cat-and-mouse game, honeypots like this clearly give the white-hats the upper hand.


A quick, fast and dirty solution is to simply read a random line from a text file (i.e. Name_First.txt and Address_Street.txt).

This way, you can choose from names that are common, or customize your list to for different nationalities.

One could read the whole file in to a string, Parse() it into an array of strings, then randomly select an index, but this would be unacceptable for very large files. Instead, we can set the file pointer to a random position that is less than its size, roll back to the last new line and call ReadLine.

public string ReturnRandomLine(string FileName)
 string sReturn = string.Empty;
 using(FileStream myFile = new FileStream(FileName,FileMode.Open,FileAccess.Read))
  using(StreamReader myStream = new StreamReader(myFile))
   // Seek file stream pointer to a rand position...
   // Read the rest of that line.
   // Return the next, full line...
   sReturn = myStream.ReadLine();
 // If our random file position was too close to the end of the file, it will return an empty string
 // I avoided a while loop in the case that the file is empty or contains only one line
 if(System.String.IsNullOrWhiteSpace(sReturn)) {
  sReturn = ReturnRandomLine(FileName);
 return sReturn;

Example use:

public string GenerateFistName()
 return ReturnRandomLine("Name_First.txt") + " ";

public string GenerateLastName()
 return ReturnRandomLine("Name_Last.txt");

public string GenerateFullName()
 return GenerateFistName() + GenerateLastName();

public string GenerateGender()
 if(ReturnPercent(84)) {
  return "Male";
 } else {
  return "Female";

public string GenerateStreetNumber()
 return rand.Next(1,9999).ToString();

public string GenerateStreetName()
 return ReturnRandomLine("Address_Street.txt");

One limitation is where the data is relational, such as in the case of generating a random zip code along with the city and state that it exists in.

A quick work-around would be CityZipState.txt

Other types of data that can be generated that would not make sense to put in a text file:

public bool ReturnPercent(int Percent) // Return true Percent times out of 100, randomly
 int iTemp = rand.Next(1,101);
 if(iTemp<=Percent) {
  return true;
 } else {
  return false;

public string GenerateDate(int YearFrom,int YearTo)
 int Month = rand.Next(1,13);
 int Day  = rand.Next(1,32);
 int Year = GenerateYear(YearFrom,YearTo);
 return Month.ToString() + "/" + Day.ToString() + "/" + Year.ToString();

public string GenerateYear(int YearFrom,int YearTo)
 return rand.Next(YearFrom,YearTo+1).ToString();

public string GeneratePhoneNumber()
 return GeneratePhoneNumber(ReturnRandomLine("PhoneNumber_Prefix.txt"));

public string GeneratePhoneNumber(string Prefix)
 int iThree = rand.Next(192,999);
 int iFour = rand.Next(1000,9999);
 return Prefix + iThree.ToString() + "-" + iFour.ToString();

public string GenerateSSN()
 int iThree = rand.Next(132,921);
 int iTwo = rand.Next(12,83);
 int iFour = rand.Next(1423,9211);
 return iThree.ToString() + "-" + iTwo.ToString() + "-" + iFour.ToString();

Obviously, these methods can be improved to conform to the standards of a real social security number, national identification number, credit card number, ect...

public string GenerateCCNum()
 string sCCNum = string.Empty;
 byte[] bCCNum = {0};
 // generate random 16 digit number
 int iTemp1 = rand.Next(10000000,99999999);
 int iTemp2 = rand.Next(10000000,99999999);
 string sTemp = iTemp1.ToString() + iTemp2.ToString();
 // while loop?
  iTemp1 = rand.Next(10000000,99999999);
  iTemp2 = rand.Next(10000000,99999999);
  sTemp = iTemp1.ToString() + iTemp2.ToString();
 sCCNum = sTemp;
 return sCCNum;

The implementation of IsValidNumber() is left as an exercise for the reader.

The serialization of your data is a trivial matter. Please see my post on a XML Serializable Dictionary, Tuple, and Object for the code to serialize an object (such as a list, or a class).