inspection of windows phone
play

Inspection of Windows Phone applications Dmitriy Evdokimov Andrey - PowerPoint PPT Presentation

Dec 04, 2023 •192 likes •678 views

Inspection of Windows Phone applications Dmitriy Evdokimov Andrey Chasovskikh About us Dmitriy D1g1 Evdokimov - Security researcher at ERPScan - Editor of Russian hacking magazine - DEFCON Russia (DCG #7812) organizer Andrey

  1. Inspection of Windows Phone applications Dmitriy Evdokimov Andrey Chasovskikh

  2. About us Dmitriy ‘D1g1’ Evdokimov - Security researcher at ERPScan - Editor of Russian hacking magazine - DEFCON Russia (DCG #7812) organizer Andrey Chasovskikh - Software developer - Windows Phone addict 2

  3. Agenda - Windows Phone intro - Security model - All about applications - Not all applications are secure - Tools overview - Deep dive: finding vulnerabilities - Conclusion 3

  4. WINDOWS PHONE INTRO

  5. History of Windows Phone - The successor to the Windows Mobile OS - 15 Mar 2010 – Windows Phone 7 series announced - 21 Oct 2010 – Windows Phone 7 released - 29 Oct 2012 – Windows Phone 8 released WP8 WP7 WP7.5 Mango WP7 NoDo WP7.5 Tango version time 27 Sep 2011 29 Oct 2012 21 Oct 2011 5

  6. Market share Source: Gartner, November 2012 6

  7. Windows Phone Store - 125 000+ applications - Casual apps, social networks, mobile banking, enterprise applications etc. 7

  8. SECURITY MODEL

  9. Chamber concept, WP7 - Trusted Computing Base (TCB) Kernel, kernel-mode drivers - Elevated Rights Chamber (ERC) Services, user-mode drivers - Standard Rights Chamber (SRC) Pre-installed applications - Least Privileged Chamber (LPC) Applications from WP store 9

  10. Chamber concept, WP8 - Trusted Computing Base (TCB) Kernel, kernel-mode drivers - Least Privileged Chamber (LPC) All other software: services, pre-installed apps, application from WP store 10

  11. Capabilities WMAppManifest.xml Windows Phone 7 Windows Phone 8 Undocumented - Camera - All WP7 capabilities - Native code - Contacts - NFC - SMS API - Location services - SD card access - Access to user properties - Owner/phone identity - Wallet - SIM API - Network services - Speech recognition Etc. Etc. - Front camera Etc. 11

  12. Sandboxing concept - No app communication in WP7 - Limited app-to-app in WP8 - File system structure is Isolated chamber Isolated chamber hidden App1 App2 - Isolated storages Isolated storage Isolated storage for App1 for App2 12

  13. App-to-App, WP8 - File associations - LaunchFileAsync() - Reserved: xap, msi, bat, cmd, py, jar etc - URI associations - LaunchUriAsync() - Reserved: http, tel, wallet, LDAP, rlogin, telnet etc - Proximity communication using NFC 13

  14. Isolated Storage Physical File Storage Isolated Storage Isolated Settings Storage Isolated File Storage Files Directory Database 14

  15. Signing - Store applications are signed in WP7 - All binaries get signed since WP8 - Application file get signed - Kind of checksum file is put into applications - Applications XAP files have undocumented format (since Aug 2012) 15

  16. ALL ABOUT APPLICATIONS

  17. .NET and CLR, WP7 Applications Developer Platform (XAML, XNA, Device services) .NET Compact Framework (BCL + Silverlight flavor) WP7 OS, WinCE based 17

  18. Framework ??? 18

  19. .NET and CLR, WP8 Applications Developer Platform (XAML, XNA, Device services) .NET Framework (CoreCLR) WP8 OS, Win8 based 19

  20. Framework 20

  21. Application file structure - Application assemblies - Resources - AppManifest.xaml - WMAppManifest.xml - WMInteropManifest.xml* * — optional for WP7, absent in WP8 21

  22. Submission and certification .xap XAP File App Creation App Submission Validation Source Adding code Metadata Publication in Certification Signing Marketplace Testing 22

  23. Applications on a device WP7: \Applications \Install\<ProductID>\Install\ - Content from XAP - WMAppPRHeader.xml (package signature) \Data\<ProductID>\Data\IsolatedStorage Same idea in WP8, i.e. install path: C:\Data\Programs\<ProductID>\Install\ 23

  24. NOT ALL APPLICATIONS ARE SECURE

  25. Security assessment App Server Data channel App Device/Emulator 25

  26. Mobile applications security assessment Prepare environment - Get app (unpack/decrypt) - Configuration device/emulator Static analysis - Properties of program compilation - Metadata analysis - Code analysis Dynamic analysis - How application works with file system/network - Runtime code analysis 26

  27. OWASP Top 10 Mobile Risks 1. Insecure Data Storage 2. Weak Server Side Controls 3. Insufficient Transport Layer Protection 4. Client Side Injection 5. Poor Authorization and Authentication 6. Improper Session Handling 7. Security Decisions Via Untrusted Inputs 8. Side Channel Data Leakage 9. Broken Cryptography 10. Sensitive Information Disclosure 27

  28. WP vs. Android vs. iOS vulnerabilities WP7 (C#/VB) iOS WP8 (C#/VB/C/C++) (Objective-C) Platform independent vulnerabilities Platform specific vulnerabilities Android (Java) Note: Main programming languages in brackets 28

  29. TOOLS OVERVIEW

  30. Arsenal - Device - Full unlock - Emulator - Windows Phone Device Manager - Network proxy: Burp Suite, Charles etc. - .NET tools: .Net Reflector, ILSpy etc. - IDA Pro - RAIN, Boyan Balkanski - Windows Phone App Analyzer, David Rook - XAPSpy, Behrang Fouladi - XapSpyAnalysis, David Rook 30

  31. Main issue Static analysis is insufficient. Lack of dynamic analysis tools: • IDE allows debugging with source code only • No programmable debugging interface • Managed code Solution: static byte code instrumentation. 31

  32. Tangerine 32

  33. Automates routine with XAP files - Unpacking - Removing application signature - Resigning assemblies - Packing - Deploying 33

  34. Static analysis - Application info - Application capabilities - Code analysis - Code structure analysis - API usage analysis - View IL code 34

  35. Dynamic analysis - Log application stack trace - Method names - Method parameters - Return values - Run custom code - On method enter - Replace method - On method exit - Change parameters values 35

  36. DEEP DIVE: FINDING VULNERABILITIES

  37. DEMO

  38. How it works (1) Changing CIL code (2) Emulator console (writing/reading) Emulator Resign and Add Instrumented Target deploy hooks (1) application application Instrumented application Repeat Log data (2) Hooked Tangerine log Emulator console output (2) 38

  39. CIL Instrumentation 39

  40. Limitations - Emulator only - Does not help to overcome obfuscated code - Does not work with system assemblies - Applications from store need to be decrypted - Windows Phone 7 only 40

  41. Cloud Compilation, WP8 Cloud C# Source CIL MDIL MDIL C# Compiler Code Assembly Assembly Compiler Download Device Native MDIL Native Image Run DLL Assembly Generator 41

  42. MDIL in work R0 = this R1 = a R0 + 0x10 = j, where j is a field from base class 42

  43. MDILDump http://github.com/WalkingCat/mdildump/ 43

  44. Future work - Support Windows Phone 8 applications - MDIL instrumentation - Windows Phone RT - Add new features - Code graphical representation - Data flow analysis - Fix bugs ;) 44

  45. CONCLUSION

  46. Conclusion - Greater attack surface in WP8 - App-to-App - Applications that use native code - New technologies - Logical bugs never die 46

  47. Thanks - Evgeny Bechkalo - DSecRG team 47

  48. Q&A Dmitry Evdokimov d.evdokimov@erpscan.com @evdokimovds Andrey Chasovskikh http://andreycha.info @andreycha Tangerine: http://github.com/andreycha/tangerine

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Creating Multilingual Apps for Windows Phone 8 Jan Anders Nelson Senior Program Manager Lead

Creating Multilingual Apps for Windows Phone 8 Jan Anders Nelson Senior Program Manager Lead

Creating Multilingual Apps for Windows Phone 8 Jan Anders Nelson Senior Program Manager Lead Microsoft Corporation Windows Introducing the Multilingual App Toolkit for Phone 8 Windows Phone 8 needs a - Uses the same workflow as the

120 views • 8 slides
Windows Not just for houses Windows 1-10 Windows Server Essentially a jacked up windows 8 box

Windows Not just for houses Windows 1-10 Windows Server Essentially a jacked up windows 8 box

Windows Not just for houses Windows 1-10 Windows Server Essentially a jacked up windows 8 box - Still GUI based - Still makes no sense - No start menu :( - (Install classic shell)... trust me... Windows Server What can it do? - Email

1.06k views • 37 slides
Architecting &amp; Developing for Windows Phone Philipp Bauknecht CEO &amp; Software Architect

Architecting &amp; Developing for Windows Phone Philipp Bauknecht CEO &amp; Software Architect

Architecting &amp; Developing for Windows Phone Philipp Bauknecht CEO &amp; Software Architect medialesson GmbH Session Outline WP7 Basics Design Patterns Unit T ests Application Lifecycle Localization Coming up:

415 views • 37 slides
Xamarin.Forms: Native iOS, Android, and Windows Phone apps from ONE C# Codebase James Montemagno

Xamarin.Forms: Native iOS, Android, and Windows Phone apps from ONE C# Codebase James Montemagno

Xamarin.Forms: Native iOS, Android, and Windows Phone apps from ONE C# Codebase James Montemagno Xamarin, Developer Evangelist @JamesMontemagno | @XamarinHQ Create native iOS, Android, Mac and Automatically test your app on Windows apps in

948 views • 32 slides
Windows Phone development Rajen Kishna T echnical Evangelist @rajen_k blog.rajenki.com

Windows Phone development Rajen Kishna T echnical Evangelist @rajen_k blog.rajenki.com

Windows Phone development Rajen Kishna T echnical Evangelist @rajen_k blog.rajenki.com rajenki@microsoft.com Evaluations and questions GO GOTO O GU GUIDE DE AP APP Dev Center &amp; T ools Design Principles UI Framework &amp; XAML

682 views • 46 slides
Windows Not Just For Houses Everyone Uses Windows! Versions of Windows 10 There are multiple

Windows Not Just For Houses Everyone Uses Windows! Versions of Windows 10 There are multiple

Windows Not Just For Houses Everyone Uses Windows! Versions of Windows 10 There are multiple different versions of Windows 10 that support different features The version of Windows that we will be using is Enterprise edition This

973 views • 53 slides
RVI DACON INSPECTION TECHNOLOGIES INSPECTION Who we are Conventional and Oil and Gas,

RVI DACON INSPECTION TECHNOLOGIES INSPECTION Who we are Conventional and Oil and Gas,

RVI DACON INSPECTION TECHNOLOGIES INSPECTION Who we are Conventional and Oil and Gas, Refinery, Over 400 personnel Thailand headquarters Advanced NDT and Petrochemical, Heavy including more than with International Inspection Services

427 views • 11 slides
NEOLOGICS, FEBRUARY 2007 The Current Phone Problem. PC Mobile Phone Service Google, Yahoo,

NEOLOGICS, FEBRUARY 2007 The Current Phone Problem. PC Mobile Phone Service Google, Yahoo,

NEOLOGICS, FEBRUARY 2007 The Current Phone Problem. PC Mobile Phone Service Google, Yahoo, AOL, Windows Live, YouTube Web browser. All kinds of vertical Apps niche applications. No Open Solution GUI Common desktop paradigm

670 views • 50 slides
Windows 8 Heap Internals Windows 8 Heap Internals Windows 8 Heap Internals INTRODUCTION Windows 8

Windows 8 Heap Internals Windows 8 Heap Internals Windows 8 Heap Internals INTRODUCTION Windows 8

Windows 8 Heap Internals Windows 8 Heap Internals Windows 8 Heap Internals INTRODUCTION Windows 8 Heap Internals Who Chris Valasek (@nudehaberdasher) Sr. Research Scientist Coverity Tarjei Mandt (@kernelpool) Vulnerability

1.33k views • 91 slides
Usability and Small Screens SWEN-444 iPhone Android Windows Phone 8 The phrase mobile

Usability and Small Screens SWEN-444 iPhone Android Windows Phone 8 The phrase mobile

Usability and Small Screens SWEN-444 iPhone Android Windows Phone 8 The phrase mobile usability is pretty much an oxymoron. It's neither easy nor pleasant to use the Web on mobile devices. designing for mobile is hard

337 views • 14 slides
HMIP Inspection Derbys Experience AYM 3.4.19. HMIP Inspection New HMIP inspection cycle

HMIP Inspection Derbys Experience AYM 3.4.19. HMIP Inspection New HMIP inspection cycle

HMIP Inspection Derbys Experience AYM 3.4.19. HMIP Inspection New HMIP inspection cycle implemented from June 2018. Derby YOS first YJ partnership to be inspected in England and Wales. Fieldwork commenced 18.6.18. 2 weeks of

276 views • 6 slides
Back to the future: sockets and relational data in your (Windows) pocket Dragos Manolescu

Back to the future: sockets and relational data in your (Windows) pocket Dragos Manolescu

Back to the future: sockets and relational data in your (Windows) pocket Dragos Manolescu Microsoft, Windows Phone Engineering Hewlett-Packard Cloud Services Background APIs Performance and Health Data and Cloud RTM Networking:

578 views • 54 slides
mc-a ISSUED DATE McAlpine Architecture PC (T) E-mail: 34-26 Street 212.366 .0700

mc-a ISSUED DATE McAlpine Architecture PC (T) E-mail: 34-26 Street 212.366 .0700

WINDOWS TO BE REPLACED, APT. 508/509 UPPER SASH OF BATHROOM WINDOW WINDOWS TO BE REPLACED, APT. 508/509 WINDOWS TO BE REPLACED, APT. 508/509 WINDOWS TO BE REPLACED, APT. 508/509 WITH LOUVER IN PLACE OF GLASS FOR A/C mc-a mc-a mc-a mc-a

217 views • 8 slides
Windows NT Security Windows 95, 3.1, 3.11 are basically DOS and they have no security

Windows NT Security Windows 95, 3.1, 3.11 are basically DOS and they have no security

Windows NT Security Windows 95, 3.1, 3.11 are basically DOS and they have no security whatsoever. Windows NT has security features, especially as a computer in a network. Security of Windows NT should be understood correctly. In

592 views • 31 slides
Roadmap for Section B A Brief History of Windows and Linux Comparing the Windows and Linux kernel

Roadmap for Section B A Brief History of Windows and Linux Comparing the Windows and Linux kernel

Unit OS B: Comparing the Linux and Windows Kernels Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section B A Brief History of Windows and Linux Comparing the Windows and Linux

430 views • 25 slides
1. 2. 3. 1. 2. 3. Windows 10 IoT Core Universal Windows Platform (UWP) Microsoft Azure v7

1. 2. 3. 1. 2. 3. Windows 10 IoT Core Universal Windows Platform (UWP) Microsoft Azure v7

1. 2. 3. 1. 2. 3. Windows 10 IoT Core Universal Windows Platform (UWP) Microsoft Azure v7 v8 Windows Embedded Standard One core Multiple SKUs v8. Windows Embedded 1 Windows 10 Windows Embedded Handheld Converged OS kernel Converged

1.08k views • 60 slides
Providing R Reporting Capabilities

Providing R Reporting Capabilities

345 views • 8 slides
Big Data Management &amp; Analytics EXERCISE 3 16th of November 2015 Sabrina Friedl LMU Munich

Big Data Management &amp; Analytics EXERCISE 3 16th of November 2015 Sabrina Friedl LMU Munich

Big Data Management &amp; Analytics EXERCISE 3 16th of November 2015 Sabrina Friedl LMU Munich 1. Revision of Lecture PARALLEL COMPUTING, MAPREDUCE Parallel Computing Architectures Required to analyse large amounts of data

423 views • 15 slides
DM550/DM857 Introduction to Programming Peter Schneider-Kamp petersk@imada.sdu.dk

DM550/DM857 Introduction to Programming Peter Schneider-Kamp petersk@imada.sdu.dk

DM550/DM857 Introduction to Programming Peter Schneider-Kamp petersk@imada.sdu.dk http://imada.sdu.dk/~petersk/DM550/ http://imada.sdu.dk/~petersk/DM857/ Lists vs Strings string = sequence of letters list = sequence of values

769 views • 27 slides
DE AQUI Y DE ALLA: Essential Topics in Latinx Humanities Curriculum Miguel Correa, the Berkeley

DE AQUI Y DE ALLA: Essential Topics in Latinx Humanities Curriculum Miguel Correa, the Berkeley

DE AQUI Y DE ALLA: Essential Topics in Latinx Humanities Curriculum Miguel Correa, the Berkeley Carroll School, Brooklyn, NY Priscilla Morales, The Park School, Baltimore, MD Spanish lesson! Ni de aqui, ni de alla = not from here, not

190 views • 14 slides
Shell Characteristics Command-line interface between the user and the system Automatically

Shell Characteristics Command-line interface between the user and the system Automatically

Shell Characteristics Command-line interface between the user and the system Automatically starts when you log in, waits for user to type in commands A Unix shell is both a command interpreter, which provides the user interface to

198 views • 18 slides
WITH C++ Prof. Amr Goneid AUC Part 6. Simple and User Defined Data Types Prof. amr Goneid, AUC

WITH C++ Prof. Amr Goneid AUC Part 6. Simple and User Defined Data Types Prof. amr Goneid, AUC

CSCE 110 PROGRAMMING FUNDAMENTALS WITH C++ Prof. Amr Goneid AUC Part 6. Simple and User Defined Data Types Prof. amr Goneid, AUC 1 More on Simple Data Types Prof. amr Goneid, AUC 2 More on Simple Data Types #define Directive

510 views • 20 slides
Opening Remarks on AIRS Validation Eric J. Fetzer Eric J. Fetzer California Institute of

Opening Remarks on AIRS Validation Eric J. Fetzer Eric J. Fetzer California Institute of

National Aeronautics and Space Administration Jet Propulsion Laboratory California Institute of Technology Pasadena, California Opening Remarks on AIRS Validation Eric J. Fetzer Eric J. Fetzer California Institute of Technology California

86 views • 6 slides
4th Grade! SLIDESMANIA.COM - Jennifer Leban &amp; Omar Lpez SLIDESMANIA.COM - Jennifer Leban

4th Grade! SLIDESMANIA.COM - Jennifer Leban &amp; Omar Lpez SLIDESMANIA.COM - Jennifer Leban

Welcome to 4th Grade! SLIDESMANIA.COM - Jennifer Leban &amp; Omar Lpez SLIDESMANIA.COM - Jennifer Leban &amp; Omar Lpez Team Teaching Approach SLIDESMANIA.COM - Jennifer Leban &amp; Omar Lpez SLIDESMANIA.COM - Jennifer Leban &amp; Omar

205 views • 18 slides

More recommend