Deep Dive: PenTesting the Android and iphone Session 1 October 4th, 2011 11:00AM Max Veytsman & Subu Ramanathan
Us Security Consultants from Toronto Specialize in application security Especially mobile security max@securitycompass.com @mveytsman subu@securitycompass.com @subuonsecurity MIS Training Institute Session 1 - Slide 2
You Security analysts, developers or QA testers Fairly familiar with web application pentesting Intrigued by mobile applications Have attempted to root an Android or Jailbreak an ios device Some knowledge of programming MIS Training Institute Session 1 - Slide 3
This Workshop Introducing ExploitMe Mobile Mobile threat model What you need to know about Android and iphone Intercepting traffic Filesystem access Static analysis Runtime analysis (Bonus!) Mobile cryptography pitfalls (Bonus!) MIS Training Institute Session 1 - Slide 4
Demo INTRODUCING EXPLOITME MOBILE MIS Training Institute Session 1 - Slide 5
ExploitMe Mobile iphone Labs http://securitycompass.github.com/iphonelabs/ Android Labs http://securitycompass.github.com/androidlabs/ Server https://github.com/securitycompass/labserver MIS Training Institute Session 1 - Slide 6
MOBILE THREAT MODEL MIS Training Institute Session 1 - Slide 7
What can the developers get wrong? Backend implementation Client behavior Client-server communication MIS Training Institute Session 1 - Slide 8
Backend Mobile backend implementations are all susceptible to Authentication/Authorization issues Privilege escalation Input validation errors Injection Threat model is the same as a web app MIS Training Institute Session 1 - Slide 9
Client Insecure data storage Poor cryptography Overzealous Logging Eg. Old Android browser Memory leakage Input validation Eg. Skype XSS bug Threat includes lost/stolen phone and mobile malware MIS Training Institute Session 1 - Slide 10
Client-Server Communication Insecure communication Not using SSL/TLS Leaking sensitive data GPS, identifying phone information, etc Threat includes Man-in-the-Middle attacks Malicious wifi hotspots GSM base station MIS Training Institute Session 1 - Slide 11
Demo (Also available at http://www.youtube.com/watch?v=x7mcmb_gbj8) BYPASSING ANDROID PASSWORD MIS Training Institute Session 1 - Slide 12
Mobile Security Model ANDROID MIS Training Institute Session 1 - Slide 13
The architecture Multiuser OS running Dalvik VM. (root being highest user) Dalvik runs compiled.dex files, similar to.class files in JAVA, optimized for low powered devices MIS Training Institute Session 1 - Slide 14
Key design points Each app runs as its own user and group Each app runs its own Dalvik VM Breaking out of Dalvik is useless Dalvik does not manage security User permissions do this Apps interact using permission agreed upon on installation MIS Training Institute Session 1 - Slide 15
Android Application Packaging MIS Training Institute Session 1 - Slide 16 Image : http://forum.sdx-developers.com/index.php?topic=3472.0
Permissions Unique UID / GID for each applica4on MIS Training Institute Session 1 - Slide 17
Permissions Applications must request permissions on install Phone calls SMS Location services Calendar access Etc. Unfortunately, you can t deny specifics Install or no install imgsource: techpp.com MIS Training Institute Session 1 - Slide 18
Permissions Permissions are configured in the APK packaging in AndroidManifest.xml If the permissions change, user will be requested to manually reaccept <permission android:description="string resource" android:icon="drawable resource" android:label="string resource" android:name="string" android:permissiongroup="string" android:protectionlevel=["normal" "dangerous" "signature" "signatureorsystem"] /> MIS Training Institute Session 1 - Slide 19
Android Security Model Summary Android runs.dex files on DalvikVM, each app runs own instance of Dalvik Apps run under their own user and group IDs for segregation of user processes Security is managed through users & file permissions App permissions set in AndroidManifest.xml on install MIS Training Institute Session 1 - Slide 20
Mobile Security Model IPHONE MIS Training Institute Session 1 - Slide 21
iphone Architecture ios executes applica4ons directly Apps compiled to na4ve code ios handles sandboxing itself no reliance on UNIX permissions Imgsrc: wikipedia.com MIS Training Institute Session 1 - Slide 22
iphone sandboxing Applica4on limited to it s own directory on FS Applica4on limited to it s own memory pages by ios File encryp4on supported, but per app basis No permission architecture like in Android MIS Training Institute Session 1 - Slide 23
Application Distribution Android Installs from APK files or Market Market is vetted less strictly than Apple Sandboxing of apps managed by file permissions and UID/GID Permissions between apps managed by Manifest file on install Each app spawns its own Dalvik VM iphone App Store vetted by Apple (not clear how) Apps compiled to native code Sandboxing managed by OS (none of this permission stuff) MIS Training Institute Session 1 - Slide 24
INTERCEPTING TRAFFIC MIS Training Institute Session 1 - Slide 25
Android proxying Intercept with proxy Internet MIS Training Institute Session 1 - Slide 26
Proxy using what? We will discuss two Android proxy scenarios for an assessor The Android emulator A rooted Android device MIS Training Institute Session 1 - Slide 27
Quick requirements: The Android SDK hmp://developer.android.com/sdk/index.html Android Debugging Bridge (adb) Enable USB debugging (careful!) The Bouncy Castle Java Library hmp://bouncycastle.org/download Place in $JAVA_HOME/lib/ext Used for inser4on of cer4ficate into Android keystore MIS Training Institute Session 1 - Slide 28
Intercepting Traffic PROXYING THE ANDROID EMULATOR MIS Training Institute Session 1 - Slide 29
Proxying the Android Emulator Start up and configure an emulator using Android SDK./emulator -avd <name> -partition-size 128 MIS Training Institute Session 1 - Slide 30
A note on SSL Small issue: invalid SSL cert = dropped connection Proxying SSL will give invalid SSL certificate MIS Training Institute Session 1 - Slide 31
A note on SSL trusted certificate for our proxy Solution: modify the Android certificate store to trust our proxy certificate MIS Training Institute Session 1 - Slide 32
Adding a Trusted Certificate to Android adb pull /system/etc/security/cacerts.bks cacerts.bks Pull trusted cer4ficate store from device cacerts.bks MIS Training Institute Session 1 - Slide 33
Adding a Trusted Certificate to Android keytool -keystore cacerts.bks -storetype BKS -provider org.bouncycastle.jce.provider.bouncycastleprovider -storepass changeit -importcert -trustcacerts -alias <##CERT ALIAS HERE##> -file <##YOUR PROXY.CRT HERE##> Insert our cer4ficate into keystore using keytool Standard with JAVA JRE MIS Training Institute Session 1 - Slide 34
Adding a Trusted Certificate to Android adb remount Mount remote Android file system read & write MIS Training Institute Session 1 - Slide 35
Adding a Trusted Certificate to Android adb push cacerts.bks /system/etc/ security/ 4) Push modified CA keystore (May have to change permissions to overwrite) MIS Training Institute Session 1 - Slide 36
Save this system image Why? upon bootup, the keystores for the emulator reset To avoid hassle, you can save this version of system par44on MIS Training Institute Session 1 - Slide 37
Save this system image /adb push /path/to/mkfs.yaffs2.arm /data/mkfs 1) Upload YAFFS2 mkfs binary Here: http://code.google.com/p/android-group-korea/downloads/detail?name=mkfs.yaffs2.arm MIS Training Institute Session 1 - Slide 38
>adb shell Save this system image #./data/mkfs /system /data/system.img mkfs.yaffs2: Android YAFFS2 Tool,Build by PowerGUI at http://www.openhandsetalliance.org.cn Building... Build Ok. # 2) build system image on emulator MIS Training Institute Session 1 - Slide 39
Save this system image adb pull /data/system.img 3) Pull system image from emulator MIS Training Institute Session 1 - Slide 40
Restart emulator using proxy flag./emulator -avd myavd -partition-size 128 -system /path/to/system.img -http-proxy 192.168.1.144:8888 Here, we specify the hmp- proxy flag and the system par44on that we created MIS Training Institute Session 1 - Slide 41
A note about http-proxy flag -http-proxy 192.168.1.144:8888 Flag has problems. Browser traffic will proxy, however applica4on traffic is very hit or miss. If issues, try debug- proxy flag Used rooted Android device for true app assessments other tests can be done on the emulator MIS Training Institute Session 1 - Slide 42
Android emulator proxy complete! MIS Training Institute Session 1 - Slide 43
Tsocks for app traffic on emulator tsocks will be our solu4on to the inability to proxy app traffic in the emulator Encapsulates network traffic transparently into a SOCKS proxy Install tsocks and modify sekngs in /etc/ tsocks.conf MIS Training Institute Session 1 - Slide 44
Intercepting Traffic PROXYING AN ANDROID DEVICE MIS Training Institute Session 1 - Slide 45
Proxy real device Android does not include built in proxy support Network proxy is for browser, not apps There are workarounds we ll show you best way to proxy apps is using a device! Note: You ll need to be root and have a ROM that supports iptables such as CyanogenMod hmp://www.cyanogenmod.com/ MIS Training Institute Session 1 - Slide 46
Proxy real device To proxy a Android device we ll go through three steps: 1. Have rooted ROM with iptables (Cyanogen) 2. Install Superuser (if not already part of ROM) 3. Install a proxy tool such as Autoproxy MIS Training Institute Session 1 - Slide 47
Proxy real device Connect device to computer with USB Enable USB Debugging Sekngs > Manage Applica4ons > Development MIS Training Institute Session 1 - Slide 48
If you need SSL, same steps: adb pull /system/etc/security/cacerts.bks cacerts.bks keytool -keystore cacerts.bks -storetype BKS -provider org.bouncycastle.jce.provider.bouncycastlepr ovider -storepass changeit -importcert - trustcacerts -alias <##CERT ALIAS HERE##> - file <##YOUR PROXY.CRT HERE##> adb remount adb push cacerts.bks /system/etc/security/ MIS Training Institute Session 1 - Slide 49
Install tools 1) Enable Unknown sources MIS Training Institute Session 1 - Slide 50
adb install superuser.apk 2) Install Superuser (reboot) MIS Training Institute Session 1 - Slide 51
adb install transproxy.apk 3) Install TransProxy or AutoProxy MIS Training Institute Session 1 - Slide 52
Configure proxy app MIS Training Institute Session 1 - Slide 53
Device proxy complete! Why do we need such tools? As discussed, by default Android has no proxy mechanism for applica4on traffic these tools act as a front end to iptables If you are elite, then you can use iptables command line in Cyanogen MIS Training Institute Session 1 - Slide 54
One last thing tcpdump Emulator supports - tcpdump <file> flag Captures network traffic to file Great for debugging or understanding network side of emulator Use for quick traffic analysis for apps.. Doesn t need proxy MIS Training Institute Session 1 - Slide 55
TCPDump open with wireshark emulator -avd LabAVD tcpdump dump.cap MIS Training Institute Session 1 - Slide 56
Intercepting Traffic IPHONE MIS Training Institute Session 1 - Slide 57
iphone proxying how to Intercept with proxy Internet MIS Training Institute Session 1 - Slide 58
iphone proxying For the iphone, the basic proxy tools are already supported out of the box It will s4ll drop SSL traffic for an invalid cert! But, much easier to trust a cert on iphone Even easier to use the iphone simulator to intercept app traffic MIS Training Institute Session 1 - Slide 59
Intercepting Traffic PROXYING THE IOS SIMULATOR MIS Training Institute Session 1 - Slide 60
Proxy ios simulator 1) Configure your proxy app on OSX MIS Training Institute Session 1 - Slide 61 Img: http://developer.apple.com/technologies/tools/
Proxy ios simulator 2) Change OSX network to use proxy MIS Training Institute Session 1 - Slide 62 Img: http://developer.apple.com/technologies/tools/
Proxy ios simulator 2) If you need SSL, trust SSL cer4ficate in OSX keychain MIS Training Institute Session 1 - Slide 63
Proxy ios simulator 3) Simulator traffic should be captured MIS Training Institute Session 1 - Slide 64
Intercepting Traffic PROXYING AN IPHONE MIS Training Institute Session 1 - Slide 65
Set up for device proxy Router Internet Host with proxy MIS Training Institute Session 1 - Slide 66
Proxy iphone device The process of proxying the iphone is simple by comparison to Android can all be done on the device! Whew! MIS Training Institute Session 1 - Slide 67
Accepting a custom SSL certificate 1) Browse to your custom SSL cert with Safari 2) Accept custom SSL Cer@ficate MIS Training Institute Session 1 - Slide 68
Accepting a custom SSL certificate 3) Install trusted SSL Cer4ficate MIS Training Institute Session 1 - Slide 69
Configure proxy from iphone 4) Set up connec4on to proxy on iphone device MIS Training Institute Session 1 - Slide 70
Proxy iphone 5) Proxy iphone SSL Traffic MIS Training Institute Session 1 - Slide 71
Summary Both devices and emulators support SSL proxying with some work Setting up a proxy for Android is much more difficult than iphone Android needs to modify keystores on emulator / device for SSL Android apps to modify iptables Proxy on Android emulator is unreliable iphone has built in GUI making it simple MIS Training Institute Session 1 - Slide 72
Summary As a mobile app assessor, setting up a proxy to inspect application traffic is required You will encounter SSL traffic! Know how to trust certificates Proxying helps trap and intercept requests, invaluable tool Many devices changes have to be made, don t use your primary device as a testing tool MIS Training Institute Session 1 - Slide 73
Demo PARAMETER MANIPULATION MIS Training Institute Session 1 - Slide 74
FILESYSTEM ACCESS MIS Training Institute Session 1 - Slide 75
Filesystem Access ANDROID MIS Training Institute Session 1 - Slide 76
Android Filesystem Access We want to analyze files within the device, so how do we do this? ADB (windows, linux, mac) MIS Training Institute Session 1 - Slide 77
Android Filesystem Access Android Debug Bridge (adb) command Access a shell Pull/push files Many more MIS Training Institute Session 1 - Slide 78
ADB MIS Training Institute Session 1 - Slide 79
Example of ADB MIS Training Institute Session 1 - Slide 80
Quick look at some apps We re going to use Android s default mail client (Note this is for a rooted device) Navigate to the shared_prefs directory of the applica4on MIS Training Institute Session 1 - Slide 81
Quick look at some apps cat (read) the file MIS Training Institute Session 1 - Slide 82
Quick look at some apps aw1hcctzc2wroi8vc2ntb2jpbgvhchb0zxn0jtqwz21hawwuy29tomf iy0rfrjeym0bpbwfwlmdtywlslmnvbto5otm= Base 64 decode imap+ssl+://scmobileapptest %40gmail.com:abcDEF123@imap.gmail.com:993 SCMOBILETESTAPP:abcDEF123 MIS Training Institute Session 1 - Slide 83
Pull: Push: MIS Training Institute Session 1 - Slide 84
Advanced Shell (BusyBox) Alterna4ve shells exist such as Busybox. These include features not in ADB Grep, find, vi, etc. MIS Training Institute Session 1 - Slide 85
Filesystem Access IPHONE MIS Training Institute Session 1 - Slide 86
iphone Filesystem Access No file system access by default iphone is more locked down out of the box To test apps, either use the iphone simulator or Jailbreak (SSH access) MIS Training Institute Session 1 - Slide 87
iphone Filesystem Access MIS Training Institute Session 1 - Slide 88
Example: Accessing Mail in FS 1) First, set up the iphone Mail client 2) SSH to access file system The default password is alpine MIS Training Institute Session 1 - Slide 89
Example: Accessing Mail in FS SCP files on/off the device SQLite database MIS Training Institute Session 1 - Slide 90
What if the phone isn t rooted? Android ADB is limited to a few directories iphone can only grab photos/music via itunes MIS Training Institute Session 1 - Slide 91
Filesystem Access DATA STORAGE MIS Training Institute Session 1 - Slide 92
SQLite Single file rela4onal database Supported by Android & iphone APIs to store applica4on sekngs/data iphone keychains and cer4ficate chains are stored in sqlite databases MIS Training Institute Session 1 - Slide 93
SQLite Lis4ng tables:.tables Select statements for queries, SQL syntax MIS Training Institute Session 1 - Slide 94
XML Used by Android to store many things (shared prefs, manifest, etc.) Oren contains data stored by apps such as usernames or passwords MIS Training Institute Session 1 - Slide 95
Plist Used by iphone to store saved proper4es A.plist is: XML Binary (compressed XML) For binary files you can use: Property List Editor (in XCode) plu4l to convert to XML MIS Training Institute Session 1 - Slide 96
Plist Changing plists Some4mes can access hidden sekngs Example: ipod touch plist hacks to enable func4onality on less capable devices Oren useful to check preferences stored for the app Is valida4on performed? MIS Training Institute Session 1 - Slide 97
Property List Editor MIS Training Institute Session 1 - Slide 98
plutil MIS Training Institute Session 1 - Slide 99
Demo EXTRACTING CREDENTIALS MIS Training Institute Session 1 - Slide 100
LOGGING MIS Training Institute Session 1 - Slide 101
Logging Applica4ons may leak data through gratuitous logging In older versions of Android, the browser would log URLs visited This also logged session IDs for websites that put it in the GET request MIS Training Institute Session 1 - Slide 102
Viewing Android Logs Use adb logcat MIS Training Institute Session 1 - Slide 103
Viewing iphone Logs Use the Organizer window in xcode MIS Training Institute Session 1 - Slide 104
Demo INSECURE LOGGING MIS Training Institute Session 1 - Slide 105
Summary As amacker, file systems: Provide valuable insight into inner applica4on workings May be able to hack preferences or change app func4onality Are used by developers to store files for various reasons (offline access, autologin, etc.) Worth looking into the file system of the app Needs root access / jailbreak access MIS Training Institute Session 1 - Slide 106
Summary File system access: Android use ADB to access device file system (if rooted) iphone use SSH on a Jailbroken device MIS Training Institute Session 1 - Slide 107
Summary Important Android files XML files such as Shared preferences file Android manifest file Other XML storage SQLite Used for database storage as a lightweight database in a self contained file. Oren is a gold mine of informa4on Use standard SQL commands MIS Training Institute Session 1 - Slide 108
Summary Important iphone files plist files iphones version of stored configura4on, XML or compressed binary Contain configura4on that may be altered to change app behavior May contain sensi4ve informa4on depending on developer SQLite Same as for android MIS Training Institute Session 1 - Slide 109
CLIENT ANALYSIS MIS Training Institute Session 1 - Slide 110
Client Analysis ANDROID MIS Training Institute Session 1 - Slide 111
Android Application Layout Apps are packaged in an APK file (zip archive) What s in it? Dalvik class files (dex) Assets and Resources AndroidManifest.xml (packed in a binary format) APKs stored at /data/app on a device Can extract this MIS Training Institute Session 1 - Slide 112
Android Application Layout Android JAVA Original.java.java Compiled.dex.class Optimized.odex n/a Packaging.apk.jar Modification Apktool, baksmali Jad, java decompiler MIS Training Institute Session 1 - Slide 113
Android Application Layout MIS Training Institute Session 1 - Slide 114 Image : http://forum.sdx-developers.com/index.php?topic=3472.0
AndroidManifest.xml Enumerates permissions We are most interested in permissions and metadata MIS Training Institute Session 1 - Slide 115
Analyzing an APK The files inside an APK aren t directly useful Need to unpack the XML, disassemble the dex class files Apktool does this!! hmp://code.google.com/p/android- apktool/ MIS Training Institute Session 1 - Slide 116
Apktool Uses APK APK (reengineered) MIS Training Institute Session 1 - Slide 117
Disassembly to Smali Smali is the Dalvik assembly Unlike JVM, register based Fairly readable.class public LHelloWorld;.super Ljava/lang/Object;.method public sta4c main([ljava/lang/string;)v.registers 2 sget- object v0, Ljava/lang/System;- >out:ljava/io/printstream; const- string v1, "Hello World! invoke- virtual {v0, v1}, Ljava/io/PrintStream;- >println(ljava/lang/string;)v return- void.end method MIS Training Institute Session 1 - Slide 118
Decompilation Looking at decompiled java is easier than reading Smali You may be familiar with jad or jdgui Use dex2jar to get a (JVM) jar from an apk Perform source review on decompiled app Doesnt work for all apks MIS Training Institute Session 1 - Slide 119
Decompilation MIS Training Institute Session 1 - Slide 120
Client Analysis IPHONE MIS Training Institute Session 1 - Slide 121
iphone Application Layout An iphone applica4on is packaged in.ipa file Stored in.app directory Executable code Assets and Resources Info.plist and other preset property lists /private/var/mobile/applica4ons/ MIS Training Institute Session 1 - Slide 122
Info.plist Stores applica4on metadata Package name File type associa4ons Applica4on- wide se4ngs Example: DetectJailbreaking flag in Info.plist set whether app will run on a jailbroken phone We can change this on a jailbroken phone at run4me MIS Training Institute Session 1 - Slide 123
Enabling hidden functionality Facebook ipad GUI hidden in iphone Not a hack, but demonstrates possibility Weaknesses in hiding func4onality in config files MIS Training Institute Session 1 - Slide 124
Analyzing the Binary Analyzing the binary is much more difficult than Android Use a disassembler like IDA Pro App Store binaries are DRM encrypted Use gdb to decrypt and dump code MIS Training Institute Session 1 - Slide 125
IDA for iphone Not a joke! But not that useful either MIS Training Institute Session 1 - Slide 126
Demo CLIENT ANALYSIS MIS Training Institute Session 1 - Slide 127
Summary Android Apps are compiled into dex format. Use APKtool to extract APKs and disassemble into smali format to read Can also be decompiled (less reliable) APKtool can also reengineer APKs MIS Training Institute Session 1 - Slide 128
Summary iphone Native code, so binary analysis of iphone apps are more low level, can use IDAPro AppStore files are DRM encrypted, use gdb to decrypt MIS Training Institute Session 1 - Slide 129
Summary Approach like traditional application reverse engineering Be aware of attack vectors buffer overflow type bugs not always fruitful Lot s of apps have poor key management Try to turn off jailbreaking detection either through patching or application settings MIS Training Institute Session 1 - Slide 130
RUNTIME ANALYSIS MIS Training Institute Session 1 - Slide 131
Why Do Runtime Analysis Companion to sta4c analysis Explore execu4on through a debugger Access stack values Extract code from encrypted binary (ios only) Possible amack vector Use a debugger to jump through a security check MIS Training Institute Session 1 - Slide 132
Why Do Runtime Analysis Many things that happen in an app lifecycle memory branch MIS Training Institute Session 1 - Slide 133
Debugging as an Attack Vector Jump over client- side business logic checks ipad app client- enforced restric4ons Jump over the branch to access other areas of code MIS Training Institute Session 1 - Slide 134
Debugging as an Attack Vector Using a debugger to get confidential data in memory (lost or stolen phone) MIS Training Institute Session 1 - Slide 135
Debugging as an Attack Vector Locked banking app manually call Intents? Certain 4mes can bypass screens by directly launching ac4vi4es MIS Training Institute Session 1 - Slide 136
Side topic: How easy to root? how easy is it to root a found device? If lockscreen isn t enabled we can enable USB debugging to provide ADB access (yes big if) ADB server is created on a uid=shell user which is not a privileged user in the android world. MIS Training Institute Session 1 - Slide 137
Side topic: How easy to root? Quick example Rage against the cage (Android local root exploit) MIS Training Institute Session 1 - Slide 138
Side topic: How easy to root? Arer restar4ng adb, you ll be connected as root Exploited shell to perform root ac4ons on device Install shell, busybox, pull data, apks MIS Training Institute Session 1 - Slide 139
Runtime Analysis ANDROID DEBUGGING MIS Training Institute Session 1 - Slide 140
Android Debugging We use ddms (Dalvik Debug Monitor Server) available in the SDK Dump the applica4on's heap AMach a remote debugger MIS Training Institute Session 1 - Slide 141
Attach to process MIS Training Institute Session 1 - Slide 142
Dump the heap (hprof) MIS Training Institute Session 1 - Slide 143
A Note on HPROF HPROF is java s heap and cpu profiling file format This is used by developers to profile cpu and memory usage We use it to browse heap values at the 4me of the heap dump MIS Training Institute Session 1 - Slide 144
Convert HPROF file We need to convert the file from the Dalvik HPROF format to the format used by Java We can then use Java tools to analyze it hprof- conv com.android.email.hprof com.android.email.fixed.hprof MIS Training Institute Session 1 - Slide 145
Analyze Heap MIS Training Institute Session 1 - Slide 146
Memory Analyzer Dominator tree Group by List objects MIS Training Institute Session 1 - Slide 147
Finding Heap Values MIS Training Institute Session 1 - Slide 148
Finding Heap Values MIS Training Institute Session 1 - Slide 149
Demo (Android) DUMPING MEMORY MIS Training Institute Session 1 - Slide 150
iphone Debugging iphone apps don t retain symbols Debugging is more blind than in Android Xcode won t help us debug without sources We install gdb on a jailbroken phone and use that MIS Training Institute Session 1 - Slide 151
Summary Run4me analysis is complimentary Can use debugging tools to jump rou4nes and access hidden areas of applica4ons Analyze memory to see how informa4on may be stored within a snapshot of 4me As a developer Ensure you clear variables and use garbage collec4on if sensi4ve data no longer required MIS Training Institute Session 1 - Slide 152
MOBILE CRYPTOGRAPHY MIS Training Institute Session 1 - Slide 153
Mobile Cryptography We must treat the mobile device as hos4le Don t store sensi4ve data unencrypted! (Basic Encryp4on lab) Doing encryp4on well is HARD (Advanced Encryp4on lab) Best prac4ce: don t store any sensi4ve data on device MIS Training Institute Session 1 - Slide 154
If You Must Encrypt Issues of cryptography are issues of implementa4on This is oren taken to mean Don t write your own AES library, but no. We mean key management We mean how the cipher is used MIS Training Institute Session 1 - Slide 155
Data in transit SSL/TLS is the golden standard here Easy to plug into mobile app, use HTTPS We find some mobile apps add a second layer of encryp4on over SSL/TLS Make it harder to analyze app s traffic Extra security MIS Training Institute Session 1 - Slide 156
Data at rest Easier to get right than data in transit S4ll hard to do right Your main concern is key management If the client can decrypt data on its own, an amacker can too (reverse engineering) We need to have a secret not stored on the client MIS Training Institute Session 1 - Slide 157
External Secret The user can type in the encryp4on key Difficult to remember/type The backend can give the client the encryp4on key arer user authen4cates Need secure authen4ca4on framework OR we can have the user remember a password, and somehow derive a key from it MIS Training Institute Session 1 - Slide 158
Password Based Key Derivation In ExploitMe Mobile we had the user authen4cate with local password This was ini4ally used as a UI lock, in case the phone was lost/stolen We will use this password to generate a key The standard we use is PBKDF2 MIS Training Institute Session 1 - Slide 159
Password Based Key Derivation public SecretKey genkeypwkdf2(string password, byte[] salt, int iterations) throws { SecretKeyFactory f =SecretKeyFactory.getInstance ("PBKDF2WithHmacSHA1"); PBEKeySpec keyspec = new PBEKeySpec( password.tochararray(), salt, iterations, KEY_BITS); SecretKey generatedkey = f.generatesecret(keyspec); return generatedkey; } MIS Training Institute Session 1 - Slide 160
How Do We Use This? public int unlockapplication(string password) throws exceptions { if (checkpassword(password)) { mcryptokey=mcipher.genkeypwkdf2(password, getpbksalt(), CryptoTool.NUM_ITERATIONS).getEncoded(); cleartextserveruser = mcipher.decryptb64string( getrestusername(), mcryptokey, getrestusernameiv()); cleartextserverpass = mcipher.decryptb64string( getrestpassword(), mcryptokey, getrestpasswordiv()); int statuscode = performlogin( cleartextserveruser, cleartextserverpass); if (statuscode == RestClient.NULL_ERROR) { locked = false; return statuscode; } } return RestClient.NO_OP; } MIS Training Institute Session 1 - Slide 161
Checking the Password Note if (checkpassword(password)) We perform a password check against a hash If we stored hashed passwords on the device, an amacker could crack it We can also use PBKD as an authen4ca4on mechanism MIS Training Institute Session 1 - Slide 162
Using PBE for authentication As before, use the password entered by the user to generate the key Now encrypt a known value with that key When the user enters a password, try to decrypt the known value with the derived key If it is successful, the user has the correct password, otherwise the user doesn t MIS Training Institute Session 1 - Slide 163
Other Considerations An amacker can build up a rainbow table, especially if they know an encrypted value we store Or they can pre- compute keys derived from common passwords Salt the password used for PBKDF Enforce strong local passwords MIS Training Institute Session 1 - Slide 164
Questions? Max Veytsman max@securitycompass.com Subu Ramanathan subu@securitycompass.com MIS Training Institute Session 1 - Slide 165