Deep Dive: PenTesting the Android and iphone

Transcription

1 Deep Dive: PenTesting the Android and iphone Session 1 October 4th, :00AM Max Veytsman & Subu Ramanathan

2 Us Security Consultants from Toronto Specialize in application security Especially MIS Training Institute Session 1 - Slide 2

3 You Security analysts, developers or QA testers Fairly familiar with web application pentesting Intrigued by mobile applications Have attempted to root an Android or Jailbreak an ios device Some knowledge of programming MIS Training Institute Session 1 - Slide 3

4 This Workshop Introducing ExploitMe Mobile Mobile threat model What you need to know about Android and iphone Intercepting traffic Filesystem access Static analysis Runtime analysis (Bonus!) Mobile cryptography pitfalls (Bonus!) MIS Training Institute Session 1 - Slide 4

5 Demo INTRODUCING EXPLOITME MOBILE MIS Training Institute Session 1 - Slide 5

6 ExploitMe Mobile iphone Labs Android Labs Server MIS Training Institute Session 1 - Slide 6

7 MOBILE THREAT MODEL MIS Training Institute Session 1 - Slide 7

8 What can the developers get wrong? Backend implementation Client behavior Client-server communication MIS Training Institute Session 1 - Slide 8

9 Backend Mobile backend implementations are all susceptible to Authentication/Authorization issues Privilege escalation Input validation errors Injection Threat model is the same as a web app MIS Training Institute Session 1 - Slide 9

10 Client Insecure data storage Poor cryptography Overzealous Logging Eg. Old Android browser Memory leakage Input validation Eg. Skype XSS bug Threat includes lost/stolen phone and mobile malware MIS Training Institute Session 1 - Slide 10

11 Client-Server Communication Insecure communication Not using SSL/TLS Leaking sensitive data GPS, identifying phone information, etc Threat includes Man-in-the-Middle attacks Malicious wifi hotspots GSM base station MIS Training Institute Session 1 - Slide 11

12 Demo (Also available at BYPASSING ANDROID PASSWORD MIS Training Institute Session 1 - Slide 12

13 Mobile Security Model ANDROID MIS Training Institute Session 1 - Slide 13

14 The architecture Multiuser OS running Dalvik VM. (root being highest user) Dalvik runs compiled.dex files, similar to.class files in JAVA, optimized for low powered devices MIS Training Institute Session 1 - Slide 14

15 Key design points Each app runs as its own user and group Each app runs its own Dalvik VM Breaking out of Dalvik is useless Dalvik does not manage security User permissions do this Apps interact using permission agreed upon on installation MIS Training Institute Session 1 - Slide 15

16 Android Application Packaging MIS Training Institute Session 1 - Slide 16 Image :

17 Permissions Unique UID / GID for each applica4on MIS Training Institute Session 1 - Slide 17

18 Permissions Applications must request permissions on install Phone calls SMS Location services Calendar access Etc. Unfortunately, you can t deny specifics Install or no install imgsource: techpp.com MIS Training Institute Session 1 - Slide 18

19 Permissions Permissions are configured in the APK packaging in AndroidManifest.xml If the permissions change, user will be requested to manually reaccept <permission android:description="string resource" android:icon="drawable resource" android:label="string resource" android:name="string" android:permissiongroup="string" android:protectionlevel=["normal" "dangerous" "signature" "signatureorsystem"] /> MIS Training Institute Session 1 - Slide 19

20 Android Security Model Summary Android runs.dex files on DalvikVM, each app runs own instance of Dalvik Apps run under their own user and group IDs for segregation of user processes Security is managed through users & file permissions App permissions set in AndroidManifest.xml on install MIS Training Institute Session 1 - Slide 20

21 Mobile Security Model IPHONE MIS Training Institute Session 1 - Slide 21

22 iphone Architecture ios executes applica4ons directly Apps compiled to na4ve code ios handles sandboxing itself no reliance on UNIX permissions Imgsrc: wikipedia.com MIS Training Institute Session 1 - Slide 22

23 iphone sandboxing Applica4on limited to it s own directory on FS Applica4on limited to it s own memory pages by ios File encryp4on supported, but per app basis No permission architecture like in Android MIS Training Institute Session 1 - Slide 23

24 Application Distribution Android Installs from APK files or Market Market is vetted less strictly than Apple Sandboxing of apps managed by file permissions and UID/GID Permissions between apps managed by Manifest file on install Each app spawns its own Dalvik VM iphone App Store vetted by Apple (not clear how) Apps compiled to native code Sandboxing managed by OS (none of this permission stuff) MIS Training Institute Session 1 - Slide 24

25 INTERCEPTING TRAFFIC MIS Training Institute Session 1 - Slide 25

26 Android proxying Intercept with proxy Internet MIS Training Institute Session 1 - Slide 26

27 Proxy using what? We will discuss two Android proxy scenarios for an assessor The Android emulator A rooted Android device MIS Training Institute Session 1 - Slide 27

28 Quick requirements: The Android SDK hmp://developer.android.com/sdk/index.html Android Debugging Bridge (adb) Enable USB debugging (careful!) The Bouncy Castle Java Library hmp://bouncycastle.org/download Place in $JAVA_HOME/lib/ext Used for inser4on of cer4ficate into Android keystore MIS Training Institute Session 1 - Slide 28

29 Intercepting Traffic PROXYING THE ANDROID EMULATOR MIS Training Institute Session 1 - Slide 29

30 Proxying the Android Emulator Start up and configure an emulator using Android SDK./emulator -avd <name> -partition-size 128 MIS Training Institute Session 1 - Slide 30

31 A note on SSL Small issue: invalid SSL cert = dropped connection Proxying SSL will give invalid SSL certificate MIS Training Institute Session 1 - Slide 31

32 A note on SSL trusted certificate for our proxy Solution: modify the Android certificate store to trust our proxy certificate MIS Training Institute Session 1 - Slide 32

33 Adding a Trusted Certificate to Android adb pull /system/etc/security/cacerts.bks cacerts.bks Pull trusted cer4ficate store from device cacerts.bks MIS Training Institute Session 1 - Slide 33

34 Adding a Trusted Certificate to Android keytool -keystore cacerts.bks -storetype BKS -provider org.bouncycastle.jce.provider.bouncycastleprovider -storepass changeit -importcert -trustcacerts -alias <##CERT ALIAS HERE##> -file <##YOUR PROXY.CRT HERE##> Insert our cer4ficate into keystore using keytool Standard with JAVA JRE MIS Training Institute Session 1 - Slide 34

35 Adding a Trusted Certificate to Android adb remount Mount remote Android file system read & write MIS Training Institute Session 1 - Slide 35

36 Adding a Trusted Certificate to Android adb push cacerts.bks /system/etc/ security/ 4) Push modified CA keystore (May have to change permissions to overwrite) MIS Training Institute Session 1 - Slide 36

37 Save this system image Why? upon bootup, the keystores for the emulator reset To avoid hassle, you can save this version of system par44on MIS Training Institute Session 1 - Slide 37

38 Save this system image /adb push /path/to/mkfs.yaffs2.arm /data/mkfs 1) Upload YAFFS2 mkfs binary Here: MIS Training Institute Session 1 - Slide 38

39 >adb shell Save this system image #./data/mkfs /system /data/system.img mkfs.yaffs2: Android YAFFS2 Tool,Build by PowerGUI at Building... Build Ok. # 2) build system image on emulator MIS Training Institute Session 1 - Slide 39

40 Save this system image adb pull /data/system.img 3) Pull system image from emulator MIS Training Institute Session 1 - Slide 40

41 Restart emulator using proxy flag./emulator -avd myavd -partition-size 128 -system /path/to/system.img -http-proxy :8888 Here, we specify the hmp- proxy flag and the system par44on that we created MIS Training Institute Session 1 - Slide 41

42 A note about http-proxy flag -http-proxy :8888 Flag has problems. Browser traffic will proxy, however applica4on traffic is very hit or miss. If issues, try debug- proxy flag Used rooted Android device for true app assessments other tests can be done on the emulator MIS Training Institute Session 1 - Slide 42

43 Android emulator proxy complete! MIS Training Institute Session 1 - Slide 43

44 Tsocks for app traffic on emulator tsocks will be our solu4on to the inability to proxy app traffic in the emulator Encapsulates network traffic transparently into a SOCKS proxy Install tsocks and modify sekngs in /etc/ tsocks.conf MIS Training Institute Session 1 - Slide 44

45 Intercepting Traffic PROXYING AN ANDROID DEVICE MIS Training Institute Session 1 - Slide 45

46 Proxy real device Android does not include built in proxy support Network proxy is for browser, not apps There are workarounds we ll show you best way to proxy apps is using a device! Note: You ll need to be root and have a ROM that supports iptables such as CyanogenMod hmp:// MIS Training Institute Session 1 - Slide 46

47 Proxy real device To proxy a Android device we ll go through three steps: 1. Have rooted ROM with iptables (Cyanogen) 2. Install Superuser (if not already part of ROM) 3. Install a proxy tool such as Autoproxy MIS Training Institute Session 1 - Slide 47

48 Proxy real device Connect device to computer with USB Enable USB Debugging Sekngs > Manage Applica4ons > Development MIS Training Institute Session 1 - Slide 48

49 If you need SSL, same steps: adb pull /system/etc/security/cacerts.bks cacerts.bks keytool -keystore cacerts.bks -storetype BKS -provider org.bouncycastle.jce.provider.bouncycastlepr ovider -storepass changeit -importcert - trustcacerts -alias <##CERT ALIAS HERE##> - file <##YOUR PROXY.CRT HERE##> adb remount adb push cacerts.bks /system/etc/security/ MIS Training Institute Session 1 - Slide 49

50 Install tools 1) Enable Unknown sources MIS Training Institute Session 1 - Slide 50

51 adb install superuser.apk 2) Install Superuser (reboot) MIS Training Institute Session 1 - Slide 51

52 adb install transproxy.apk 3) Install TransProxy or AutoProxy MIS Training Institute Session 1 - Slide 52

53 Configure proxy app MIS Training Institute Session 1 - Slide 53

54 Device proxy complete! Why do we need such tools? As discussed, by default Android has no proxy mechanism for applica4on traffic these tools act as a front end to iptables If you are elite, then you can use iptables command line in Cyanogen MIS Training Institute Session 1 - Slide 54

55 One last thing tcpdump Emulator supports - tcpdump <file> flag Captures network traffic to file Great for debugging or understanding network side of emulator Use for quick traffic analysis for apps.. Doesn t need proxy MIS Training Institute Session 1 - Slide 55

56 TCPDump open with wireshark emulator -avd LabAVD tcpdump dump.cap MIS Training Institute Session 1 - Slide 56

57 Intercepting Traffic IPHONE MIS Training Institute Session 1 - Slide 57

58 iphone proxying how to Intercept with proxy Internet MIS Training Institute Session 1 - Slide 58

59 iphone proxying For the iphone, the basic proxy tools are already supported out of the box It will s4ll drop SSL traffic for an invalid cert! But, much easier to trust a cert on iphone Even easier to use the iphone simulator to intercept app traffic MIS Training Institute Session 1 - Slide 59

60 Intercepting Traffic PROXYING THE IOS SIMULATOR MIS Training Institute Session 1 - Slide 60

61 Proxy ios simulator 1) Configure your proxy app on OSX MIS Training Institute Session 1 - Slide 61 Img:

62 Proxy ios simulator 2) Change OSX network to use proxy MIS Training Institute Session 1 - Slide 62 Img:

63 Proxy ios simulator 2) If you need SSL, trust SSL cer4ficate in OSX keychain MIS Training Institute Session 1 - Slide 63

64 Proxy ios simulator 3) Simulator traffic should be captured MIS Training Institute Session 1 - Slide 64

65 Intercepting Traffic PROXYING AN IPHONE MIS Training Institute Session 1 - Slide 65

66 Set up for device proxy Router Internet Host with proxy MIS Training Institute Session 1 - Slide 66

67 Proxy iphone device The process of proxying the iphone is simple by comparison to Android can all be done on the device! Whew! MIS Training Institute Session 1 - Slide 67

68 Accepting a custom SSL certificate 1) Browse to your custom SSL cert with Safari 2) Accept custom SSL Cer@ficate MIS Training Institute Session 1 - Slide 68

69 Accepting a custom SSL certificate 3) Install trusted SSL Cer4ficate MIS Training Institute Session 1 - Slide 69

70 Configure proxy from iphone 4) Set up connec4on to proxy on iphone device MIS Training Institute Session 1 - Slide 70

71 Proxy iphone 5) Proxy iphone SSL Traffic MIS Training Institute Session 1 - Slide 71

72 Summary Both devices and emulators support SSL proxying with some work Setting up a proxy for Android is much more difficult than iphone Android needs to modify keystores on emulator / device for SSL Android apps to modify iptables Proxy on Android emulator is unreliable iphone has built in GUI making it simple MIS Training Institute Session 1 - Slide 72

73 Summary As a mobile app assessor, setting up a proxy to inspect application traffic is required You will encounter SSL traffic! Know how to trust certificates Proxying helps trap and intercept requests, invaluable tool Many devices changes have to be made, don t use your primary device as a testing tool MIS Training Institute Session 1 - Slide 73

74 Demo PARAMETER MANIPULATION MIS Training Institute Session 1 - Slide 74

75 FILESYSTEM ACCESS MIS Training Institute Session 1 - Slide 75

76 Filesystem Access ANDROID MIS Training Institute Session 1 - Slide 76

77 Android Filesystem Access We want to analyze files within the device, so how do we do this? ADB (windows, linux, mac) MIS Training Institute Session 1 - Slide 77

78 Android Filesystem Access Android Debug Bridge (adb) command Access a shell Pull/push files Many more MIS Training Institute Session 1 - Slide 78

79 ADB MIS Training Institute Session 1 - Slide 79

80 Example of ADB MIS Training Institute Session 1 - Slide 80

81 Quick look at some apps We re going to use Android s default mail client (Note this is for a rooted device) Navigate to the shared_prefs directory of the applica4on MIS Training Institute Session 1 - Slide 81

82 Quick look at some apps cat (read) the file MIS Training Institute Session 1 - Slide 82

83 Quick look at some apps aw1hcctzc2wroi8vc2ntb2jpbgvhchb0zxn0jtqwz21hawwuy29tomf iy0rfrjeym0bpbwfwlmdtywlslmnvbto5otm= Base 64 decode imap+ssl+://scmobileapptest SCMOBILETESTAPP:abcDEF123 MIS Training Institute Session 1 - Slide 83

84 Pull: Push: MIS Training Institute Session 1 - Slide 84

85 Advanced Shell (BusyBox) Alterna4ve shells exist such as Busybox. These include features not in ADB Grep, find, vi, etc. MIS Training Institute Session 1 - Slide 85

86 Filesystem Access IPHONE MIS Training Institute Session 1 - Slide 86

87 iphone Filesystem Access No file system access by default iphone is more locked down out of the box To test apps, either use the iphone simulator or Jailbreak (SSH access) MIS Training Institute Session 1 - Slide 87

88 iphone Filesystem Access MIS Training Institute Session 1 - Slide 88

89 Example: Accessing Mail in FS 1) First, set up the iphone Mail client 2) SSH to access file system The default password is alpine MIS Training Institute Session 1 - Slide 89

90 Example: Accessing Mail in FS SCP files on/off the device SQLite database MIS Training Institute Session 1 - Slide 90

91 What if the phone isn t rooted? Android ADB is limited to a few directories iphone can only grab photos/music via itunes MIS Training Institute Session 1 - Slide 91

92 Filesystem Access DATA STORAGE MIS Training Institute Session 1 - Slide 92

93 SQLite Single file rela4onal database Supported by Android & iphone APIs to store applica4on sekngs/data iphone keychains and cer4ficate chains are stored in sqlite databases MIS Training Institute Session 1 - Slide 93

94 SQLite Lis4ng tables:.tables Select statements for queries, SQL syntax MIS Training Institute Session 1 - Slide 94

95 XML Used by Android to store many things (shared prefs, manifest, etc.) Oren contains data stored by apps such as usernames or passwords MIS Training Institute Session 1 - Slide 95

96 Plist Used by iphone to store saved proper4es A.plist is: XML Binary (compressed XML) For binary files you can use: Property List Editor (in XCode) plu4l to convert to XML MIS Training Institute Session 1 - Slide 96

97 Plist Changing plists Some4mes can access hidden sekngs Example: ipod touch plist hacks to enable func4onality on less capable devices Oren useful to check preferences stored for the app Is valida4on performed? MIS Training Institute Session 1 - Slide 97

98 Property List Editor MIS Training Institute Session 1 - Slide 98

99 plutil MIS Training Institute Session 1 - Slide 99

100 Demo EXTRACTING CREDENTIALS MIS Training Institute Session 1 - Slide 100

101 LOGGING MIS Training Institute Session 1 - Slide 101

102 Logging Applica4ons may leak data through gratuitous logging In older versions of Android, the browser would log URLs visited This also logged session IDs for websites that put it in the GET request MIS Training Institute Session 1 - Slide 102

103 Viewing Android Logs Use adb logcat MIS Training Institute Session 1 - Slide 103

104 Viewing iphone Logs Use the Organizer window in xcode MIS Training Institute Session 1 - Slide 104

105 Demo INSECURE LOGGING MIS Training Institute Session 1 - Slide 105

106 Summary As amacker, file systems: Provide valuable insight into inner applica4on workings May be able to hack preferences or change app func4onality Are used by developers to store files for various reasons (offline access, autologin, etc.) Worth looking into the file system of the app Needs root access / jailbreak access MIS Training Institute Session 1 - Slide 106

107 Summary File system access: Android use ADB to access device file system (if rooted) iphone use SSH on a Jailbroken device MIS Training Institute Session 1 - Slide 107

108 Summary Important Android files XML files such as Shared preferences file Android manifest file Other XML storage SQLite Used for database storage as a lightweight database in a self contained file. Oren is a gold mine of informa4on Use standard SQL commands MIS Training Institute Session 1 - Slide 108

109 Summary Important iphone files plist files iphones version of stored configura4on, XML or compressed binary Contain configura4on that may be altered to change app behavior May contain sensi4ve informa4on depending on developer SQLite Same as for android MIS Training Institute Session 1 - Slide 109

110 CLIENT ANALYSIS MIS Training Institute Session 1 - Slide 110

111 Client Analysis ANDROID MIS Training Institute Session 1 - Slide 111

112 Android Application Layout Apps are packaged in an APK file (zip archive) What s in it? Dalvik class files (dex) Assets and Resources AndroidManifest.xml (packed in a binary format) APKs stored at /data/app on a device Can extract this MIS Training Institute Session 1 - Slide 112

113 Android Application Layout Android JAVA Original.java.java Compiled.dex.class Optimized.odex n/a Packaging.apk.jar Modification Apktool, baksmali Jad, java decompiler MIS Training Institute Session 1 - Slide 113

114 Android Application Layout MIS Training Institute Session 1 - Slide 114 Image :

115 AndroidManifest.xml Enumerates permissions We are most interested in permissions and metadata MIS Training Institute Session 1 - Slide 115

116 Analyzing an APK The files inside an APK aren t directly useful Need to unpack the XML, disassemble the dex class files Apktool does this!! hmp://code.google.com/p/android- apktool/ MIS Training Institute Session 1 - Slide 116

117 Apktool Uses APK APK (reengineered) MIS Training Institute Session 1 - Slide 117

118 Disassembly to Smali Smali is the Dalvik assembly Unlike JVM, register based Fairly readable.class public LHelloWorld;.super Ljava/lang/Object;.method public sta4c main([ljava/lang/string;)v.registers 2 sget- object v0, Ljava/lang/System;- >out:ljava/io/printstream; const- string v1, "Hello World! invoke- virtual {v0, v1}, Ljava/io/PrintStream;- >println(ljava/lang/string;)v return- void.end method MIS Training Institute Session 1 - Slide 118

119 Decompilation Looking at decompiled java is easier than reading Smali You may be familiar with jad or jdgui Use dex2jar to get a (JVM) jar from an apk Perform source review on decompiled app Doesnt work for all apks MIS Training Institute Session 1 - Slide 119

120 Decompilation MIS Training Institute Session 1 - Slide 120

121 Client Analysis IPHONE MIS Training Institute Session 1 - Slide 121

122 iphone Application Layout An iphone applica4on is packaged in.ipa file Stored in.app directory Executable code Assets and Resources Info.plist and other preset property lists /private/var/mobile/applica4ons/ MIS Training Institute Session 1 - Slide 122

123 Info.plist Stores applica4on metadata Package name File type associa4ons Applica4on- wide se4ngs Example: DetectJailbreaking flag in Info.plist set whether app will run on a jailbroken phone We can change this on a jailbroken phone at run4me MIS Training Institute Session 1 - Slide 123

124 Enabling hidden functionality Facebook ipad GUI hidden in iphone Not a hack, but demonstrates possibility Weaknesses in hiding func4onality in config files MIS Training Institute Session 1 - Slide 124

125 Analyzing the Binary Analyzing the binary is much more difficult than Android Use a disassembler like IDA Pro App Store binaries are DRM encrypted Use gdb to decrypt and dump code MIS Training Institute Session 1 - Slide 125

126 IDA for iphone Not a joke! But not that useful either MIS Training Institute Session 1 - Slide 126

127 Demo CLIENT ANALYSIS MIS Training Institute Session 1 - Slide 127

128 Summary Android Apps are compiled into dex format. Use APKtool to extract APKs and disassemble into smali format to read Can also be decompiled (less reliable) APKtool can also reengineer APKs MIS Training Institute Session 1 - Slide 128

129 Summary iphone Native code, so binary analysis of iphone apps are more low level, can use IDAPro AppStore files are DRM encrypted, use gdb to decrypt MIS Training Institute Session 1 - Slide 129

130 Summary Approach like traditional application reverse engineering Be aware of attack vectors buffer overflow type bugs not always fruitful Lot s of apps have poor key management Try to turn off jailbreaking detection either through patching or application settings MIS Training Institute Session 1 - Slide 130

131 RUNTIME ANALYSIS MIS Training Institute Session 1 - Slide 131

132 Why Do Runtime Analysis Companion to sta4c analysis Explore execu4on through a debugger Access stack values Extract code from encrypted binary (ios only) Possible amack vector Use a debugger to jump through a security check MIS Training Institute Session 1 - Slide 132

133 Why Do Runtime Analysis Many things that happen in an app lifecycle memory branch MIS Training Institute Session 1 - Slide 133

134 Debugging as an Attack Vector Jump over client- side business logic checks ipad app client- enforced restric4ons Jump over the branch to access other areas of code MIS Training Institute Session 1 - Slide 134

135 Debugging as an Attack Vector Using a debugger to get confidential data in memory (lost or stolen phone) MIS Training Institute Session 1 - Slide 135

136 Debugging as an Attack Vector Locked banking app manually call Intents? Certain 4mes can bypass screens by directly launching ac4vi4es MIS Training Institute Session 1 - Slide 136

137 Side topic: How easy to root? how easy is it to root a found device? If lockscreen isn t enabled we can enable USB debugging to provide ADB access (yes big if) ADB server is created on a uid=shell user which is not a privileged user in the android world. MIS Training Institute Session 1 - Slide 137

138 Side topic: How easy to root? Quick example Rage against the cage (Android local root exploit) MIS Training Institute Session 1 - Slide 138

139 Side topic: How easy to root? Arer restar4ng adb, you ll be connected as root Exploited shell to perform root ac4ons on device Install shell, busybox, pull data, apks MIS Training Institute Session 1 - Slide 139

140 Runtime Analysis ANDROID DEBUGGING MIS Training Institute Session 1 - Slide 140

141 Android Debugging We use ddms (Dalvik Debug Monitor Server) available in the SDK Dump the applica4on's heap AMach a remote debugger MIS Training Institute Session 1 - Slide 141

142 Attach to process MIS Training Institute Session 1 - Slide 142

143 Dump the heap (hprof) MIS Training Institute Session 1 - Slide 143

144 A Note on HPROF HPROF is java s heap and cpu profiling file format This is used by developers to profile cpu and memory usage We use it to browse heap values at the 4me of the heap dump MIS Training Institute Session 1 - Slide 144

145 Convert HPROF file We need to convert the file from the Dalvik HPROF format to the format used by Java We can then use Java tools to analyze it hprof- conv com.android. .hprof com.android. .fixed.hprof MIS Training Institute Session 1 - Slide 145

146 Analyze Heap MIS Training Institute Session 1 - Slide 146

147 Memory Analyzer Dominator tree Group by List objects MIS Training Institute Session 1 - Slide 147

148 Finding Heap Values MIS Training Institute Session 1 - Slide 148

149 Finding Heap Values MIS Training Institute Session 1 - Slide 149

150 Demo (Android) DUMPING MEMORY MIS Training Institute Session 1 - Slide 150

151 iphone Debugging iphone apps don t retain symbols Debugging is more blind than in Android Xcode won t help us debug without sources We install gdb on a jailbroken phone and use that MIS Training Institute Session 1 - Slide 151

152 Summary Run4me analysis is complimentary Can use debugging tools to jump rou4nes and access hidden areas of applica4ons Analyze memory to see how informa4on may be stored within a snapshot of 4me As a developer Ensure you clear variables and use garbage collec4on if sensi4ve data no longer required MIS Training Institute Session 1 - Slide 152

153 MOBILE CRYPTOGRAPHY MIS Training Institute Session 1 - Slide 153

154 Mobile Cryptography We must treat the mobile device as hos4le Don t store sensi4ve data unencrypted! (Basic Encryp4on lab) Doing encryp4on well is HARD (Advanced Encryp4on lab) Best prac4ce: don t store any sensi4ve data on device MIS Training Institute Session 1 - Slide 154

155 If You Must Encrypt Issues of cryptography are issues of implementa4on This is oren taken to mean Don t write your own AES library, but no. We mean key management We mean how the cipher is used MIS Training Institute Session 1 - Slide 155

156 Data in transit SSL/TLS is the golden standard here Easy to plug into mobile app, use HTTPS We find some mobile apps add a second layer of encryp4on over SSL/TLS Make it harder to analyze app s traffic Extra security MIS Training Institute Session 1 - Slide 156

157 Data at rest Easier to get right than data in transit S4ll hard to do right Your main concern is key management If the client can decrypt data on its own, an amacker can too (reverse engineering) We need to have a secret not stored on the client MIS Training Institute Session 1 - Slide 157

158 External Secret The user can type in the encryp4on key Difficult to remember/type The backend can give the client the encryp4on key arer user authen4cates Need secure authen4ca4on framework OR we can have the user remember a password, and somehow derive a key from it MIS Training Institute Session 1 - Slide 158

159 Password Based Key Derivation In ExploitMe Mobile we had the user authen4cate with local password This was ini4ally used as a UI lock, in case the phone was lost/stolen We will use this password to generate a key The standard we use is PBKDF2 MIS Training Institute Session 1 - Slide 159

160 Password Based Key Derivation public SecretKey genkeypwkdf2(string password, byte[] salt, int iterations) throws { SecretKeyFactory f =SecretKeyFactory.getInstance ("PBKDF2WithHmacSHA1"); PBEKeySpec keyspec = new PBEKeySpec( password.tochararray(), salt, iterations, KEY_BITS); SecretKey generatedkey = f.generatesecret(keyspec); return generatedkey; } MIS Training Institute Session 1 - Slide 160

161 How Do We Use This? public int unlockapplication(string password) throws exceptions { if (checkpassword(password)) { mcryptokey=mcipher.genkeypwkdf2(password, getpbksalt(), CryptoTool.NUM_ITERATIONS).getEncoded(); cleartextserveruser = mcipher.decryptb64string( getrestusername(), mcryptokey, getrestusernameiv()); cleartextserverpass = mcipher.decryptb64string( getrestpassword(), mcryptokey, getrestpasswordiv()); int statuscode = performlogin( cleartextserveruser, cleartextserverpass); if (statuscode == RestClient.NULL_ERROR) { locked = false; return statuscode; } } return RestClient.NO_OP; } MIS Training Institute Session 1 - Slide 161

162 Checking the Password Note if (checkpassword(password)) We perform a password check against a hash If we stored hashed passwords on the device, an amacker could crack it We can also use PBKD as an authen4ca4on mechanism MIS Training Institute Session 1 - Slide 162

163 Using PBE for authentication As before, use the password entered by the user to generate the key Now encrypt a known value with that key When the user enters a password, try to decrypt the known value with the derived key If it is successful, the user has the correct password, otherwise the user doesn t MIS Training Institute Session 1 - Slide 163

164 Other Considerations An amacker can build up a rainbow table, especially if they know an encrypted value we store Or they can pre- compute keys derived from common passwords Salt the password used for PBKDF Enforce strong local passwords MIS Training Institute Session 1 - Slide 164

165 Questions? Max Veytsman Subu Ramanathan MIS Training Institute Session 1 - Slide 165