SlideShare a Scribd company logo

Windows Phone Application Penetration Testing

Download as PPTX, PDF
Jewel Joy
Jewel Joy

Penetration Testing Windows Phone Applications Jewel Joy Contents : Windows Phone Overview Approach Application File Structure Tools for Penetration Testing Security Features

MobileTechnology
1 of 15
Jewel Joy
 Windows Phone Overview  Approach  Application File Structure  Tools for Penetration Testing  Security Features PenetrationTesting of Windows Phone Applications
 Microsoft’s Own OS  Based onWindows 8 Core – ARM Architecture  History  The successor to theWindows Mobile OS  - 15 Mar 2010 –Windows Phone 7 series announced  - 21 Oct 2010 –Windows Phone 7 released  - 29 Oct 2012 –Windows Phone 8 released With the GDR 2 (Amber) & GDR 3 (Black) Updates PenetrationTesting of Windows Phone Applications
 NTFS file system support  BitLocker device encryption  Sandboxed applications: Applications run in their own sandboxed virtual environment  UEFI Secure boot: Unified Extensible Firmware Interface (UEFI) is the successor to the legacy BIOS firmware interface. UEFI relies on theTrusted Platform Module (TPM) 2.0 standard requiring unique keys to be burned into the chip during production to restrict software without correct digital signature to execute.  AllWindows Phone 8 binaries must have digital signatures signed by Microsoft to run PenetrationTesting of Windows Phone Applications
 Chamber Concept (WP7)  Trusted Computing Base (TCB) ▪ Kernel, kernel-mode drivers  - Elevated Rights Chamber (ERC) ▪ Services, user-mode drivers  - Standard Rights Chamber (SRC) ▪ Pre-installed applications  - Least PrivilegedChamber (LPC) ▪ Applications from WP store PenetrationTesting of Windows Phone Applications
 Chamber Concept (WP8)  Trusted Computing Base (TCB) ▪ Kernel, kernel-mode drivers  - Least Privileged Chamber (LPC)  All other software: services,  pre-installed apps, application fromWP store PenetrationTesting of Windows Phone Applications
PenetrationTesting of Windows Phone Applications
PenetrationTesting of Windows Phone Applications
 Emulator /Windows Phone SDK  Unlocked Device  Side Loading  Developer Unlock – Free Unlock with 2 Apps Limit  Student Unlock – Up to 3 Apps  Limitations  Apps from the store cannot be extracted  Apps from the store will not work on emulators PenetrationTesting of Windows Phone Applications
 Burp Suite  WP Power tools  .NET Reflector PenetrationTesting of Windows Phone Applications
PenetrationTesting of Windows Phone Applications ► AppManifest.xaml ► WMAppManifest.xml
► WMAppManifest.xml
PenetrationTesting of Windows Phone Applications
PenetrationTesting of Windows Phone Applications
PenetrationTesting of Windows Phone Applications

Recommended

Windows Phone 8 application security
Windows Phone 8 application securityWindows Phone 8 application security
Windows Phone 8 application securityAndrey Chasovskikh
 
Windows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsWindows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsJorge Orchilles
 
Windows Phone 8 Security Deep Dive
Windows Phone 8 Security Deep DiveWindows Phone 8 Security Deep Dive
Windows Phone 8 Security Deep DiveMicrosoft Developer Network (MSDN) - Belgium and Luxembourg
 
Inspection of Windows Phone applications
Inspection of Windows Phone applicationsInspection of Windows Phone applications
Inspection of Windows Phone applicationsAndrey Chasovskikh
 
Reverse engineering and modifying windows 8 apps
Reverse engineering and modifying windows 8 appsReverse engineering and modifying windows 8 apps
Reverse engineering and modifying windows 8 appsAmaan Khan
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Stephan Chenette
 
Bypassing the Android Permission Model
Bypassing the Android Permission ModelBypassing the Android Permission Model
Bypassing the Android Permission ModelGeorgia Weidman
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depthSander Alberink
 

Recommended

Windows Phone 8 application security
Windows Phone 8 application securityWindows Phone 8 application security
Windows Phone 8 application securityAndrey Chasovskikh
 
Windows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsWindows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsJorge Orchilles
 
Windows Phone 8 Security Deep Dive
Windows Phone 8 Security Deep DiveWindows Phone 8 Security Deep Dive
Windows Phone 8 Security Deep DiveMicrosoft Developer Network (MSDN) - Belgium and Luxembourg
 
Inspection of Windows Phone applications
Inspection of Windows Phone applicationsInspection of Windows Phone applications
Inspection of Windows Phone applicationsAndrey Chasovskikh
 
Reverse engineering and modifying windows 8 apps
Reverse engineering and modifying windows 8 appsReverse engineering and modifying windows 8 apps
Reverse engineering and modifying windows 8 appsAmaan Khan
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Stephan Chenette
 
Bypassing the Android Permission Model
Bypassing the Android Permission ModelBypassing the Android Permission Model
Bypassing the Android Permission ModelGeorgia Weidman
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depthSander Alberink
 
Brief Tour about Android Security
Brief Tour about Android SecurityBrief Tour about Android Security
Brief Tour about Android SecurityNational Cheng Kung University
 
Pwning Windows Mobile applications by Ankit Giri
Pwning Windows Mobile applications by Ankit GiriPwning Windows Mobile applications by Ankit Giri
Pwning Windows Mobile applications by Ankit GiriOWASP Delhi
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 
Android Security
Android SecurityAndroid Security
Android SecuritySuminda Gunawardhana
 
Android security
Android securityAndroid security
Android securityMidhun P Gopi
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on androidRavishankar Kumar
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android SecurityMarakana Inc.
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and SecurityKelwin Yang
 
Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
In tune inaction
In tune inactionIn tune inaction
In tune inactionOlav Tvedt
 
RSA SF Conference talk-2009-ht2-401 sallam
RSA SF Conference talk-2009-ht2-401 sallamRSA SF Conference talk-2009-ht2-401 sallam
RSA SF Conference talk-2009-ht2-401 sallamAhmed Sallam
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android SecurityAsanka Dilruk
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft
 
Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAvinash Birnale
 
Ahmed sallam technical_journey_1992_1999
Ahmed sallam technical_journey_1992_1999Ahmed sallam technical_journey_1992_1999
Ahmed sallam technical_journey_1992_1999Ahmed Sallam
 
Android
AndroidAndroid
AndroidTapan Khilar
 
Android security - an enterprise perspective
Android security - an enterprise perspectiveAndroid security - an enterprise perspective
Android security - an enterprise perspectivePietro F. Maggi
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityDirk Nicol
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Developmenthackstuff
 
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...christopherfairbairn
 
Runtime 8 and Windows Phone 8
Runtime 8 and Windows Phone 8Runtime 8 and Windows Phone 8
Runtime 8 and Windows Phone 8Damir Dobric
 
Adc2012 windows phone 8
Adc2012 windows phone 8Adc2012 windows phone 8
Adc2012 windows phone 8AlexanderGoetz
 

More Related Content

What's hot

Pwning Windows Mobile applications by Ankit Giri
Pwning Windows Mobile applications by Ankit GiriPwning Windows Mobile applications by Ankit Giri
Pwning Windows Mobile applications by Ankit GiriOWASP Delhi
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on androidRavishankar Kumar
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android SecurityMarakana Inc.
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and SecurityKelwin Yang
 
Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
In tune inaction
In tune inactionIn tune inaction
In tune inactionOlav Tvedt
 
RSA SF Conference talk-2009-ht2-401 sallam
RSA SF Conference talk-2009-ht2-401 sallamRSA SF Conference talk-2009-ht2-401 sallam
RSA SF Conference talk-2009-ht2-401 sallamAhmed Sallam
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android SecurityAsanka Dilruk
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft
 
Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAvinash Birnale
 
Ahmed sallam technical_journey_1992_1999
Ahmed sallam technical_journey_1992_1999Ahmed sallam technical_journey_1992_1999
Ahmed sallam technical_journey_1992_1999Ahmed Sallam
 
Android security - an enterprise perspective
Android security - an enterprise perspectiveAndroid security - an enterprise perspective
Android security - an enterprise perspectivePietro F. Maggi
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityDirk Nicol
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Developmenthackstuff
 
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...christopherfairbairn
 

What's hot (20)

Brief Tour about Android Security
Brief Tour about Android SecurityBrief Tour about Android Security
Brief Tour about Android Security
 
Pwning Windows Mobile applications by Ankit Giri
Pwning Windows Mobile applications by Ankit GiriPwning Windows Mobile applications by Ankit Giri
Pwning Windows Mobile applications by Ankit Giri
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
 
Android Security
Android SecurityAndroid Security
Android Security
 
Android security
Android securityAndroid security
Android security
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on android
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and Security
 
Android Security
Android SecurityAndroid Security
Android Security
 
In tune inaction
In tune inactionIn tune inaction
In tune inaction
 
RSA SF Conference talk-2009-ht2-401 sallam
RSA SF Conference talk-2009-ht2-401 sallamRSA SF Conference talk-2009-ht2-401 sallam
RSA SF Conference talk-2009-ht2-401 sallam
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android Security
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security Threats
 
Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon India
 
Ahmed sallam technical_journey_1992_1999
Ahmed sallam technical_journey_1992_1999Ahmed sallam technical_journey_1992_1999
Ahmed sallam technical_journey_1992_1999
 
Android
AndroidAndroid
Android
 
Android security - an enterprise perspective
Android security - an enterprise perspectiveAndroid security - an enterprise perspective
Android security - an enterprise perspective
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Development
 
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
 

Similar to Windows Phone Application Penetration Testing

Runtime 8 and Windows Phone 8
Runtime 8 and Windows Phone 8Runtime 8 and Windows Phone 8
Runtime 8 and Windows Phone 8Damir Dobric
 
Adc2012 windows phone 8
Adc2012 windows phone 8Adc2012 windows phone 8
Adc2012 windows phone 8AlexanderGoetz
 
Windows Phone 8 Advanced Developers Conference
Windows Phone 8 Advanced Developers ConferenceWindows Phone 8 Advanced Developers Conference
Windows Phone 8 Advanced Developers ConferenceDamir Dobric
 
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)Security of Windows 10 IoT Core(FFRI Monthly Research 201506)
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)FFRI, Inc.
 
EclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems Toolbox
EclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems ToolboxEclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems Toolbox
EclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems ToolboxBrett Hackleman
 
13.30 hr Hebinck
13.30 hr Hebinck13.30 hr Hebinck
13.30 hr HebinckThemadagen
 
Pwning Windows Mobile Applications by Ankit Giri
Pwning Windows Mobile Applications by Ankit GiriPwning Windows Mobile Applications by Ankit Giri
Pwning Windows Mobile Applications by Ankit GiriOWASP Delhi
 
Windows Embedded in the Real World
Windows Embedded in the Real WorldWindows Embedded in the Real World
Windows Embedded in the Real Worldukdpe
 
Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtSecurity Bootcamp
 
UEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealityUEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealitySally Feller
 
OSGi: Best Tool In Your Embedded Systems Toolbox
OSGi: Best Tool In Your Embedded Systems ToolboxOSGi: Best Tool In Your Embedded Systems Toolbox
OSGi: Best Tool In Your Embedded Systems ToolboxBrett Hackleman
 
Manish Chasta - Securing Android Applications
Manish Chasta - Securing Android ApplicationsManish Chasta - Securing Android Applications
Manish Chasta - Securing Android ApplicationsPositive Hack Days
 
Software update for IoT: the current state of play
Software update for IoT: the current state of playSoftware update for IoT: the current state of play
Software update for IoT: the current state of playChris Simmonds
 
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...Katrien De Graeve
 
Attacking Proprietary Android Vendor Customizations
Attacking Proprietary Android Vendor CustomizationsAttacking Proprietary Android Vendor Customizations
Attacking Proprietary Android Vendor CustomizationsRoberto Natella
 
Albin profile
Albin profileAlbin profile
Albin profileAlbin B
 
Reducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsReducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsJan Seidl
 

Similar to Windows Phone Application Penetration Testing (20)

Runtime 8 and Windows Phone 8
Runtime 8 and Windows Phone 8Runtime 8 and Windows Phone 8
Runtime 8 and Windows Phone 8
 
Adc2012 windows phone 8
Adc2012 windows phone 8Adc2012 windows phone 8
Adc2012 windows phone 8
 
Windows Phone 8 Advanced Developers Conference
Windows Phone 8 Advanced Developers ConferenceWindows Phone 8 Advanced Developers Conference
Windows Phone 8 Advanced Developers Conference
 
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)Security of Windows 10 IoT Core(FFRI Monthly Research 201506)
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)
 
EclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems Toolbox
EclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems ToolboxEclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems Toolbox
EclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems Toolbox
 
Eclipse RT Day
Eclipse RT DayEclipse RT Day
Eclipse RT Day
 
13.30 hr Hebinck
13.30 hr Hebinck13.30 hr Hebinck
13.30 hr Hebinck
 
Pwning Windows Mobile Applications by Ankit Giri
Pwning Windows Mobile Applications by Ankit GiriPwning Windows Mobile Applications by Ankit Giri
Pwning Windows Mobile Applications by Ankit Giri
 
Windows Embedded in the Real World
Windows Embedded in the Real WorldWindows Embedded in the Real World
Windows Embedded in the Real World
 
Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn Việt
 
Windows Mobile
Windows MobileWindows Mobile
Windows Mobile
 
UEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealityUEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and Reality
 
OSGi: Best Tool In Your Embedded Systems Toolbox
OSGi: Best Tool In Your Embedded Systems ToolboxOSGi: Best Tool In Your Embedded Systems Toolbox
OSGi: Best Tool In Your Embedded Systems Toolbox
 
Window IoT Mod 1.pdf
Window IoT Mod 1.pdfWindow IoT Mod 1.pdf
Window IoT Mod 1.pdf
 
Manish Chasta - Securing Android Applications
Manish Chasta - Securing Android ApplicationsManish Chasta - Securing Android Applications
Manish Chasta - Securing Android Applications
 
Software update for IoT: the current state of play
Software update for IoT: the current state of playSoftware update for IoT: the current state of play
Software update for IoT: the current state of play
 
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
 
Attacking Proprietary Android Vendor Customizations
Attacking Proprietary Android Vendor CustomizationsAttacking Proprietary Android Vendor Customizations
Attacking Proprietary Android Vendor Customizations
 
Albin profile
Albin profileAlbin profile
Albin profile
 
Reducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsReducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutions
 

Windows Phone Application Penetration Testing

  • 2.  Windows Phone Overview  Approach  Application File Structure  Tools for Penetration Testing  Security Features PenetrationTesting of Windows Phone Applications
  • 3.  Microsoft’s Own OS  Based onWindows 8 Core – ARM Architecture  History  The successor to theWindows Mobile OS  - 15 Mar 2010 –Windows Phone 7 series announced  - 21 Oct 2010 –Windows Phone 7 released  - 29 Oct 2012 –Windows Phone 8 released With the GDR 2 (Amber) & GDR 3 (Black) Updates PenetrationTesting of Windows Phone Applications
  • 4.  NTFS file system support  BitLocker device encryption  Sandboxed applications: Applications run in their own sandboxed virtual environment  UEFI Secure boot: Unified Extensible Firmware Interface (UEFI) is the successor to the legacy BIOS firmware interface. UEFI relies on theTrusted Platform Module (TPM) 2.0 standard requiring unique keys to be burned into the chip during production to restrict software without correct digital signature to execute.  AllWindows Phone 8 binaries must have digital signatures signed by Microsoft to run PenetrationTesting of Windows Phone Applications
  • 5.  Chamber Concept (WP7)  Trusted Computing Base (TCB) ▪ Kernel, kernel-mode drivers  - Elevated Rights Chamber (ERC) ▪ Services, user-mode drivers  - Standard Rights Chamber (SRC) ▪ Pre-installed applications  - Least PrivilegedChamber (LPC) ▪ Applications from WP store PenetrationTesting of Windows Phone Applications
  • 6.  Chamber Concept (WP8)  Trusted Computing Base (TCB) ▪ Kernel, kernel-mode drivers  - Least Privileged Chamber (LPC)  All other software: services,  pre-installed apps, application fromWP store PenetrationTesting of Windows Phone Applications
  • 7. PenetrationTesting of Windows Phone Applications
  • 8. PenetrationTesting of Windows Phone Applications
  • 9.  Emulator /Windows Phone SDK  Unlocked Device  Side Loading  Developer Unlock – Free Unlock with 2 Apps Limit  Student Unlock – Up to 3 Apps  Limitations  Apps from the store cannot be extracted  Apps from the store will not work on emulators PenetrationTesting of Windows Phone Applications
  • 10.  Burp Suite  WP Power tools  .NET Reflector PenetrationTesting of Windows Phone Applications
  • 11. PenetrationTesting of Windows Phone Applications ► AppManifest.xaml ► WMAppManifest.xml
  • 13. PenetrationTesting of Windows Phone Applications
  • 14. PenetrationTesting of Windows Phone Applications
  • 15. PenetrationTesting of Windows Phone Applications