Bypass Security Checking with Frida

•Download as PPTX, PDF•

0 likes•518 views

Small discussion on Echo's Hack In The Zoo (HITZ) 2017 Ragunan Zoo Jakarta Jakarta, 2017-09-09 Frida? It's a Dynamic Binary Instrumentation. DBI. Let's see what frida can do for us, reverse engineer.

Technology

Hi!
I am Satria Ady Pradana
Cyber Security
Consultant
@
Mitra Integrasi
Informatika
xathrya.sabertooth
@xathrya
Reversing.ID
Revealing the Truth through Breaking Things

My problem as Reverser (And Pentester)
 I want to analyze some binary, application, or whatever
 How it works?
 What’s this functions for?
 Why they use this solution?
 Sometimes I want to know specific part of function.
 And sometimes the binary is protected with certain kinds of “magic”
 Bypass it? Of course
 Btw, I am lazy…

Solution (of OldSchool Technique)
 Code Injection to alter the behavior
 DLL Injection, modify IAT, hook function, etc …
Problem:
 Too much works!
 Need to recreate the DLL for each iteration.

What is Frida?
 Dynamic instrumentation toolkit
 Inspect and instrument live process
 Execute instrumentation scripts inside other processes
 Multiplatform
 Windows, Linux, Mac, iOS, Android, QNX
 Open source

DBI?
 Dynamic Binary Instrumentation
 Method of analyzing the behavior of a binary application at runtime through
the injection of instrumentation code.
 gain insight into the state of an application at various points in execution.
 Instrumentation code executes as part of the normal instruction stream after
being injected.

What can be done in DBI?
 Access process memory
 Overwrite functions while the application is running
 Call functions from imported classes
 Find object instance on the heap and use them
 Hook, trace, and intercept function.

Frida’s Dynamic Nature
 JavaScript API for instrumentation script (debugging logic)
 With various bindings:
 Python
 .NET
 JavaScript (Node.js)
 Qt/Qml
 etc

Install Frida
(Python)
 # python –m pip install Frida
 Or
 # pip install frida

Basics
 Attach to process (locally, remotely)
 Enumerate modules and threads
 Check function call’s arguments
 Modify arguments
 Modify function

Bypassing Security Check
In Our Example:
 Get Plaintext on Encryption Process
 Brute Force PIN
 Root Checking
 SSL Pinning

Get Plaintext on Encryption Process
 Concept: To produce a Ciphertext, an encryption process need a plaintext,
key, and some other parameters such as Initialization vector.
 Bypass: Hook the encryption function and log the plaintext data.

Brute Force PIN
 Concept: A PIN or password protected binary need a function to compare
user-input PIN with the correct one.
 Bypass: Hook the checking and force it to return true.

Root Checking
(Android, iOS)
 Concept: Check the presence of several items as result or end of rooting
process
 Does binary SU exist?
 Does apk Superuser exist?
 Bypass: Hook the checking and force it to return true.

SSL Pinning
 Concept: Use a local copy of x509 digital certificate to verify digital
certificate provided by server.
 Bypass: Hook the checking and force it to return true, regardless the value of
provided certificate.

Alternative?
 PIN:
 https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-
tool
 DynamoRIO:
 http://www.dynamorio.org/
In both cases, you write a code on top of those framework, compile them, and
inject the library into the target.

What's hot

Continuous Deployment: The Dirty Details

Mike Brittain

Session 8 - Creating Data Processing Services | Train the Trainers Program

FIWARE

REST API Design & Development

Ashok Pundit

Rest API Testing

upadhyay_25

How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...

Torsten Lodderstedt

IBM: Hey FIDO, Meet Passkey!.pptx

FIDO Alliance

API for Beginners

Gustavo De Vita

In this session I will present best practices of how open source tools (used in the DevOps and security communities) can be properly chained together to form a framework that can - as part of an agile software development CI chain - perform automated checking of certain security aspects. This does not remove the requirement for manual pentests, but tries to automate early security feedback to developers. Based on my experience of applying SecDevOps techniques to projects, I will present the glue steps required on every commit and at nightly builds to achieve different levels of depth in automated security testing during the CI workflow. I will conclude with a "SecDevOps Maturity Model" of different stages of automated security testing and present concrete examples of how to achieve each stage with open source security tools.

Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...

Christian Schneider

The presentation was held in the Ada devroom at the FOSDEM 2018. The OpenAPI specification is an emerging specification to describe RESTful web services. The Swagger suite is a collection of tools to write such API descriptions and have the code generated in more than 29 languages, including Ada. The presentation will describe how to write a REST operation with OpenAPI, generate the Ada client with Swagger Codegen and use the generated code to interact with the server. We will also describe the generated Ada server code and how to implement the server side and run a complete REST server.

Writing REST APIs with OpenAPI and Swagger Ada

Stephane Carrez

REST API and CRUD

Prem Sanil

Cryptography for Java Developers Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA About the Speaker What is Cryptography? Cryptography in Java – APIs and Libraries Hashes, MAC Codes and Key Derivation (KDF) Encrypting Passwords: from Plaintext to Argon2 Symmetric Encryption: AES (KDF + Block Modes + IV + MAC) Digital Signatures, Elliptic Curves, ECDSA, EdDSA Live demos and code examples: https://github.com/nakov/Java-Cryptography-Examples Video (in Bulgarian language): https://youtu.be/ZG3BLXWVwJM Blog: https://nakov.com/blog/2019/01/26/cryptography-for-java-developers-nakov-at-jprofessionals-jan-2019/

Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)

Svetlin Nakov

Version control system

Aryman Gautam

Secure Coding - Web Application Security Vulnerabilities and Best Practices

Websecurify

Salesforce DevOps using GitHub Action

Sakthivel Madesh

Uma introdução a diversas ferramentas e serviços que podem ser utilizados no Google Cloud para a construção de aplicações envolvendo Internet das Coisas. Vamos ver um overview de como construir várias soluções completas de IoT, desde a coleta de dados dos dispositivos de forma segura, armazenamento massivo de informação e como fazer analise e visualização dos dados. Tudo isso em sua grande maioria usando serviços gerenciados, sem ter que se queimar configurando servidores.

Arquitetura de Internet das Coisas usando Google Cloud

Alvaro Viebrantz

Tema 4. Qué se entiende por cultura de masas.

DiegoArias138

Crowd sourcing social media

phaniraj kandakatla

Rest API

Rohana K Amarakoon

iOS Application Security

Egor Tolstoy

IdM and AC

Fernando Lopez Aguilar

What's hot (20)

Continuous Deployment: The Dirty Details

Session 8 - Creating Data Processing Services | Train the Trainers Program

REST API Design & Development

Rest API Testing

How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...

IBM: Hey FIDO, Meet Passkey!.pptx

API for Beginners

Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...

Writing REST APIs with OpenAPI and Swagger Ada

REST API and CRUD

Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)

Version control system

Secure Coding - Web Application Security Vulnerabilities and Best Practices

Salesforce DevOps using GitHub Action

Arquitetura de Internet das Coisas usando Google Cloud

Tema 4. Qué se entiende por cultura de masas.

Crowd sourcing social media

Rest API

iOS Application Security

IdM and AC

Similar to Bypass Security Checking with Frida

Bypass Security Checking with Frida

Satria Ady Pradana

Presented at GlueCon 2015. This presentation discusses SignalFx CTO and co-founder Phillip Liu's experience operating infrastructure and apps at massive scale and what drove the realization that monitoring is fundamentally an analytics problem now. Following on the heels of Adrian Cockroft's keynote that morning, Monitoring Microservices and Containers, this presentation went over real world examples of how modern monitoring for microservices wroks.

Microservices and Devs in Charge: Why Monitoring is an Analytics Problem

SignalFx

Why monitoring is an analytics problem

Phillip Liu

From Reversing to Exploitation

Satria Ady Pradana

This session will cover: Functional and architectural basics of Cisco Platform Exchange Grid (pxGrid), the new publish/subscribe/query contextual information exchange framework for creating integration between DevNet partner platforms and Cisco security products; Integration use-cases such as utilizing pxGrid for executing threat response actions on the network and using identity, endpoint device and user access privilege context to enhance our DevNet partners analytics, forensics and reporting; First-hand developer perspective from DevNet partner ID/IP who used pxGrid to integrate Ping Identity and Cisco Identity Services Engine.

DEVNET-1010 Using Cisco pxGrid for Security Platform Integration

Cisco DevNet

From Reversing to Exploitation: Android Application Security in Essence

Satria Ady Pradana

Building Interpretable & Secure AI Systems using PyTorch

geetachauhan

MobSecCon 2015 - Dynamic Analysis of Android Apps

Ron Munitz

Puppet is Talking Tech, and we’re inviting you to join us! In our new webinar series, we’ll host discussions about exciting technology solutions that are driving the industry forward. Our technology experts will dive deep into topics that matter and will bring customers, partners and other leaders to the table to give you answers to your technology questions. Today - we pres Delivering Infrastructure and Security Policy as Code with Puppet and CyberArk Conjur Date: Wednesday, 8 November 2017 Time: 8:00 - 9:00 a.m. PT Safeguard secrets and deliver applications faster Puppet empowers organizations to rapidly deliver value by enabling infrastructure-as-code. Learn how CyberArk Conjur delivers security-policy-as-code, enables your organization to provide better security, and increases developer and operations autonomy. Join us and learn how to automatically apply secrets-management best practices to the DevOps toolchain using Puppet Enterprise and CyberArk Conjur.

Delivering Infrastructure and Security Policy as Code with Puppet and CyberAr...

Claire Priester Papas

Testing Java client applications is not always straightforward as testing web applications. Even under experienced hands, there might be obstacles coming your way; what if you cannot use a proxy? How do you MitM? What if you just can't? How do you modify the app to your benefit? Fortunately, Java is still Java. This lecture is based on a true story, and will follow an interesting case of pen-testing a known product; what tools and techniques can be used in order to jump over hurdles, all the way to the finish line. The lecture aims to enrich the pentester's toolbox as well as mind, when facing Java client applications; MitM-ing, run-time manipulations and patching the code are only some of the discussed cases. In addition, a newly developed proxy for intercepting and tampering with TCP communication over TLS/SSL and bypassing certificate-pinning protections, will be introduced during the lecture.

Java Hurdling: Obstacles and Techniques in Java Client Penetration-Testing

Tal Melamed

Pentesting iOS Apps

Herman Duarte

Allegory of the cave(1)

setuid0

Stuxnet redux. malware attribution & lessons learned

Yury Chemerkin

How to make the agile team work with security requirements? To get secure coding practices into agile development is often hard work. A security functional requirement might be included in the sprint, but to get secure testing, secure architecture and feedback of security incidents working is not an easy talk for many agile teams. In my role as Scrum Master and security consultant I have developed a recipe of 7 steps that I will present to you. Where we will talk about agile secure development, agile threat modelling, agile security testing and agile workflows with security. Many of the steps can be made without costly tools, and I will present open source alternatives for all steps. This to make a test easier and to get a lower startup of your teams security process.

Agile Secure Development

Bosnia Agile

議程會從 DevSecOps 開始，介紹如何將靜態安全測試（SAST）左移，導入開發流程中。開場簡介 DevSecOps，介紹如何在敏捷開發中導入資安。並且介紹在 CI/CD pipeline 中可以導入的資安項目。接著會以 SAST 為例來探討。分享整合開源工具的方法，以及實踐自動化和調整工具的經驗，來達到持續性、並且自動化的資安測試。 * DevSecOps Overview * Security in CI/CD pipeline * Open source SAST tools integration * Continuous Integration: SAST improvement and vulnerabilities triage

HITCON Defense Summit 2019 －從 SAST 談持續式資安測試

Secview

Security process should be integrated with SDLC well to be successful. While many companies have already moved from Waterfall to Agile methodologies security remains behind more often than not. We have demonstrated in our presentation how security can move to agile by utilizing open source tools, customizing them to meet our needs and to implement a continuos security testing using dynamic scanners as well as manual testing. It’s very important also to assure that false positives are not fed to the developers bug tracking systems and to assign a severity for each finding correctly. To make it happen we import all our findings to a security dashboard and review them before exporting to a bug tracking system.

Making Security Agile

Oleg Gryb

The Hookshot: Runtime Exploitation

Prathan Phongthiproek

SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia Insurance

Splunk

Secure visual algorithm simulator

Prachi Singhal

We stress our developers to write tests while they write the code. We set quality gates to avoid releasing code that didn’t pass tests, or doesn’t have enough coverage. But then, when it’s about IaaC, we do exactly the opposite. The time has come for us to discuss the challenges of testing IaaC code, from the necessity of using different languages, to the problems of deploying expensive resources in real world – analyzing the current possibilities and common best practices and looking ahead at the most promising technologies and projects, to boldly go, where no man has gone before: TDD Infra as Code.

Test driven development for infrastructure as-a-code, the future trend_Gianfr...

Katherine Golovinova

Similar to Bypass Security Checking with Frida (20)

Bypass Security Checking with Frida

Microservices and Devs in Charge: Why Monitoring is an Analytics Problem

Why monitoring is an analytics problem

From Reversing to Exploitation

DEVNET-1010 Using Cisco pxGrid for Security Platform Integration

From Reversing to Exploitation: Android Application Security in Essence

Building Interpretable & Secure AI Systems using PyTorch

MobSecCon 2015 - Dynamic Analysis of Android Apps

Delivering Infrastructure and Security Policy as Code with Puppet and CyberAr...

Java Hurdling: Obstacles and Techniques in Java Client Penetration-Testing

Pentesting iOS Apps

Allegory of the cave(1)

Stuxnet redux. malware attribution & lessons learned

Agile Secure Development

HITCON Defense Summit 2019 －從 SAST 談持續式資安測試

Making Security Agile

The Hookshot: Runtime Exploitation

SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia Insurance

Secure visual algorithm simulator

Test driven development for infrastructure as-a-code, the future trend_Gianfr...

Recently uploaded

Screen flow is a powerful automation tool that is commonly designed for internal and external users. However, what about the guest users? We will dive into various methods of launching screen flows and understand how to make them publicly accessible, extending their usability to a broader audience. The presentation will also cover the implementation of security layers and highlight best practices for a smooth and protected user experience. Discover the potential of screen flows beyond conventional use and learn how to leverage them effectively.

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

CzechDreamin

How to differentiate Sales Cloud and CPQ on first glance might be tricky if you do not know where to look and what to look at. You will know :-) Managing the sales process within Salesforce is a common use case that can be managed with standart Sales Cloud. If you want to do entire quoting process you will find out Salesforce CPQ solution exists. What is then the difference if both can handle selling products? You will see comparison of 10 different features, which Sales Cloud and Salesforce CPQ handle differently. Simple question you will always remember if you should consider using Salesforce CPQ will be a cherry on top.

10 Differences between Sales Cloud and CPQ, Blanka Doktorová

CzechDreamin

Generative AI architecture, at its core, revolves around the concept of machines being able to generate content autonomously, mimicking human-like creativity and decision-making processes. Unlike traditional AI systems that rely on predefined rules and data inputs, generative AI leverages deep learning techniques to produce new, original outputs based on patterns and examples it has learned from vast datasets. This capability opens up a multitude of possibilities across various domains within an enterprise.

The architecture of Generative AI for enterprises.pdf

alexjohnson7307

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

Knowledge engineering: from people to machines and back

Elena Simperl

Discover the essentials of performance testing in the IT sector with our concise guide. Learn about various testing types such as load, stress, endurance, spike, scalability, and volume testing. Understand key performance metrics like response time, throughput, CPU and memory utilization, and error rate. Explore top tools like Apache JMeter, LoadRunner, Gatling, Neoload, and BlazeMeter. Gain insights into best practices for defining objectives, creating realistic scenarios, automating tests, and optimizing performance to ensure user satisfaction, reliability, scalability, and cost efficiency. Ideal for developers, QA engineers, and IT professionals. Visit Expeed Software for more information. https://expeed.com/

In-Depth Performance Testing Guide for IT Professionals

Expeed Software

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

ScyllaDB has the potential to deliver impressive performance and scalability. The better you understand how it works, the more you can squeeze out of it. But before you squeeze, make sure you know what to monitor! Watch our experienced Postgres developer work through monitoring and performance strategies that help him understand what mistakes he’s made moving to NoSQL. And learn with him as our database performance expert offers friendly guidance on how to use monitoring and performance tuning to get his sample Rust application on the right track. This webinar focuses on using monitoring and performance tuning to discover and correct mistakes that commonly occur when developers move from SQL to NoSQL. For example: - Common issues getting up and running with the monitoring stack - Using the CQL optimizations dashboard - Common issues causing high latency in a node - Common issues causing replica imbalance - What a healthy system looks like in terms of memory - Key metrics to keep an eye on This isn’t “Death-by-Powerpoint.” We’ll walk through problems encountered while migrating a real application from Postgres to ScyllaDB – and try to fix them live as well.

Optimizing NoSQL Performance Through Observability

ScyllaDB

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

Ever caught yourself nodding along when someone mentions "delivering value" in Agile, but secretly wondering what the heck they actually mean? You're not alone! Join us for an eye-opening session where we'll strip away the buzzwords and dive into the heart of Agile—value delivery. But what is "value"? Is it a mythical unicorn in the world of software development, or is there more to this overused term? This isn't going to be a sit-and-get lecture. We're talking about a face-to-face, interactive meetup where YOU play a crucial role. Come along to: Define It: What does "value" really mean? We’ll build a definition that’s not just words, but a compass for your Agile journey. Contextualise It: Discover what value means specifically to you, your team, your company, and your industry. Because one size does not fit all. Deliver It: Share strategies and gather new ones for uncovering and delivering true value—no more shooting in the dark!

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx

David Michel

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

JMeter webinar - integration with InfluxDB and Grafana

RTTS

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

Jennifer Lim

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

Abida Shariff

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

IESVE for Early Stage Design and Planning

IES VE

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

Intrigued by why some of the world's largest companies (Netflix, Google, Cisco, Twitter, Uber etc) are using gRPC? In this demo based talk we delve into the world of gRPC in .Net, what it does and why we should use it. We compare the interface with both Rest and graphQL. We will show you how to implement grpc server-side in .net and in the web. Finally, I will show you how the tooling helps you deliver powerful interfaces and interact with them quickly and simply.

Demystifying gRPC in .Net by John Staveley

John Staveley

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

I'm excited to share my latest predictions on how AI, robotics, and other technological advancements will reshape industries in the coming years. The slides explore the exponential growth of computational power, the future of AI and robotics, and their profound impact on various sectors. Why this matters: The success of new products and investments hinges on precise timing and foresight into emerging categories. This deck equips founders, VCs, and industry leaders with insights to align future products with upcoming tech developments. These insights enhance the ability to forecast industry trends, improve market timing, and predict competitor actions. Highlights: ▪ Exponential Growth in Compute: How $1000 will soon buy the computational power of a human brain ▪ Scaling of AI Models: The journey towards beyond human-scale models and intelligent edge computing ▪ Transformative Technologies: From advanced robotics and brain interfaces to automated healthcare and beyond ▪ Future of Work: How automation will redefine jobs and economic structures by 2040 With so many predictions presented here, some will inevitably be wrong or mistimed, especially with potential external disruptions. For instance, a conflict in Taiwan could severely impact global semiconductor production, affecting compute costs and related advancements. Nonetheless, these slides are intended to guide intuition on future technological trends.

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Peter Udo Diehl

The standard Salesforce Approval process can be limiting in many ways, especially in complex scenarios. What if there was a way to implement very flexible approvals where one can use Apex code to make data updates in unrelated records, dynamically generate next steps details, and compute assignees on the fly? And still use UI-based configurations to implement concrete approval processes. In this session, we will share ideas behind such a solution and show a few lines of code to get you started.

Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder

CzechDreamin

Recently uploaded (20)

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

10 Differences between Sales Cloud and CPQ, Blanka Doktorová

The architecture of Generative AI for enterprises.pdf

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Knowledge engineering: from people to machines and back

In-Depth Performance Testing Guide for IT Professionals

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Optimizing NoSQL Performance Through Observability

Key Trends Shaping the Future of Infrastructure.pdf

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx

JMeter webinar - integration with InfluxDB and Grafana

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

IESVE for Early Stage Design and Planning

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Demystifying gRPC in .Net by John Staveley

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder

Bypass Security Checking with Frida

1. Bypass Security Checking With Frida

2. Hi! I am Satria Ady Pradana Cyber Security Consultant @ Mitra Integrasi Informatika xathrya.sabertooth @xathrya Reversing.ID Revealing the Truth through Breaking Things

3. My problem as Reverser (And Pentester)  I want to analyze some binary, application, or whatever  How it works?  What’s this functions for?  Why they use this solution?  Sometimes I want to know specific part of function.  And sometimes the binary is protected with certain kinds of “magic”  Bypass it? Of course  Btw, I am lazy…

4. Solution (of OldSchool Technique)  Code Injection to alter the behavior  DLL Injection, modify IAT, hook function, etc … Problem:  Too much works!  Need to recreate the DLL for each iteration.

5. Enter Frida!

6. What is Frida?  Dynamic instrumentation toolkit  Inspect and instrument live process  Execute instrumentation scripts inside other processes  Multiplatform  Windows, Linux, Mac, iOS, Android, QNX  Open source

7. DBI?  Dynamic Binary Instrumentation  Method of analyzing the behavior of a binary application at runtime through the injection of instrumentation code.  gain insight into the state of an application at various points in execution.  Instrumentation code executes as part of the normal instruction stream after being injected.

8. What can be done in DBI?  Access process memory  Overwrite functions while the application is running  Call functions from imported classes  Find object instance on the heap and use them  Hook, trace, and intercept function.

9. Frida’s Dynamic Nature  JavaScript API for instrumentation script (debugging logic)  With various bindings:  Python  .NET  JavaScript (Node.js)  Qt/Qml  etc

10.

11.

12.

13.

14.

15. Install Frida (Python)  # python –m pip install Frida  Or  # pip install frida

16. Basics  Attach to process (locally, remotely)  Enumerate modules and threads  Check function call’s arguments  Modify arguments  Modify function

17. Bypassing Security Check In Our Example:  Get Plaintext on Encryption Process  Brute Force PIN  Root Checking  SSL Pinning

18. Get Plaintext on Encryption Process  Concept: To produce a Ciphertext, an encryption process need a plaintext, key, and some other parameters such as Initialization vector.  Bypass: Hook the encryption function and log the plaintext data.

19. Brute Force PIN  Concept: A PIN or password protected binary need a function to compare user-input PIN with the correct one.  Bypass: Hook the checking and force it to return true.

20. Root Checking (Android, iOS)  Concept: Check the presence of several items as result or end of rooting process  Does binary SU exist?  Does apk Superuser exist?  Bypass: Hook the checking and force it to return true.

21. SSL Pinning  Concept: Use a local copy of x509 digital certificate to verify digital certificate provided by server.  Bypass: Hook the checking and force it to return true, regardless the value of provided certificate.

22. Alternative?  PIN:  https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation- tool  DynamoRIO:  http://www.dynamorio.org/ In both cases, you write a code on top of those framework, compile them, and inject the library into the target.

Bypass Security Checking with Frida

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Bypass Security Checking with Frida

Similar to Bypass Security Checking with Frida (20)

More from Satria Ady Pradana

More from Satria Ady Pradana (20)

Recently uploaded

Recently uploaded (20)

Bypass Security Checking with Frida