App과 Server의 은밀한 대화

1,364 views

Published on

7/17 세션발표 자료

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,364
On SlideShare
0
From Embeds
0
Number of Embeds
41
Actions
Shares
0
Downloads
6
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide












  • App과 Server의 은밀한 대화

    1. 1. !? [App Server ] 2010. 7. 17 ( )
    2. 2. ! • /( ) CTO • 2005~2010 : SK - / - ( , , , ) • contact : @cserock | http://rockk.egloos.com blueonion • : • 2010. 4 • 24 ( :3 ) • http://blueonionsoft.com blueonion
    3. 3. http://www.test.com/getUserInfo.php?id=234 XML or JSON blueonion
    4. 4. ! • http://test.com/savePoint.php?id=2&point=450 • http://test.com/updateUserInfo.php?id=2&password=teertfdsa • http://test.com/getUserInfo.php?id=2 blueonion
    5. 5. ; • endpoint : savePoint.php, updateUserInfo.php ! • data : id, point, password ! • Abusing ! savePoint.php id=3&point=500000 ? blueonion
    6. 6. ,‘ ’ . • - App “ ” • . • - • - . blueonion
    7. 7. http://www.test.com?st=xndje3e2j3%dws3olnf XML or JSON blueonion
    8. 8. • AES-128 • CryptoHelper ( ) • CommonCrypto / Security framework • st(security token) • libmcrypt • php mcrypt function • st blueonion
    9. 9. : // make parameter NSString *param = [[NSString stringWithFormat:@"id=2&point=450&nonce=%d", rand()] stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]; // make st (key is ‘123456789abcdef’) NSString *st = [[CryptoHelper sharedInstance] encryptString:param]; // now lets create the body of the post NSMutableData *body = [NSMutableData data]; [body appendData:[[NSString stringWithFormat:@"rn--%@rn",boundary] dataUsingEncoding:NSUTF8StringEncoding]]; [body appendData:[[NSString stringWithFormat:@"Content-Disposition: form-data; name="st"rnrn%@", st] dataUsingEncoding:NSUTF8StringEncoding]]; [body appendData:[[NSString stringWithFormat:@"rn--%@--rn",boundary] dataUsingEncoding:NSUTF8StringEncoding]]; [request setHTTPBody:body]; blueonion
    10. 10. : <?php // base64 decode st $tmp_st = base64_decode($_POST[‘st’]); // decrypt st (key is ‘123456789abcdef’) $st = urldecode(trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, ‘123456789abcdef’, $tmp_st, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB), MCRYPT_RAND)))); // st is ‘id=2&point=450&nonce=12342234’ ?> blueonion
    11. 11. • HTTP_USER_AGENT => App • framework => => endpoint • st(security token) timestamp • blueonion
    12. 12. Thanks for attention

    ×