SlideShare a Scribd company logo

Pwning Windows Mobile applications by Ankit Giri

Download as PPTX, PDF
OWASP Delhi
OWASP Delhi

Mobile Platform Operating Systems Windows Phone Overview What we can test? Challenges Approach & Prerequisites Methodology Application File Structure Tools for Penetration Testing Security Features

Internet
1 of 22
Pwning Windows Mobile Applications By Ankit Giri
Agenda Mobile Platform Operating Systems Windows Phone Overview What we can test? Challenges Approach & Prerequisites Methodology Application File Structure Tools for Penetration Testing
Microsoft Phone! Windows Phone 8 (WP8) – used to be called Windows Mobile until 7.x ARM Hardware Architecture (like iOS, Android, and Blackberry) Windows Phone Runtime Application Architecture Developer apps work on both Windows 8 and WP8 Windows NT kernel Windows 10 Mobile: The release was officially dubbed "Version 1511" or "November Update" (owing to the fact that in all other editions of Windows 10, this version was an update). Windows 10 Mobile launched with the Microsoft Lumia 550, 950 and 950 XL. The rollout for Windows Phone 8.1 devices started March 17, 2016
Understanding the platform WM10 uses NT Kernel 128-bit BitLocker for device encryption NTFS file system Sandboxed apps SafeBoot: Secure UEFI Boot ➔ Can’t boot software without correct digital signature to be loaded on the phone ➔ TPM 2.0 – requires unique keys to be burned into chip during production Windows Mobile binaries must have Microsoft signed digital signatures
Application Sandboxing Each app has a local isolated storage Limited app-to-app communication App A cannot see App B storage App folder has: ❖ Settings ❖ Files ❖ Directories ❖ Database
Jailbreakable or not! WM10 is a closed OS, just like most things Microsoft stuff No jailbreak yet – some activities you would like to do for mobile device testing will not be possible ❖ Access to memory ❖ Local file system and storage ❖ Transfer files to and from device
Static Analysis View Manifest information View the application tree including assemblies, types and methods Methods which use APIs
XAP files
Purpose of Source code review “UNDERSTAND THE WORKING OF THE APPLICATION AND TO FIGURE OUT THE LOOPHOLES!” To find Treasure Key Words like: password , keys , sql, algo, AES, DES, Base64, etc Detect the data storage definitions Detect backdoors or suspicious code Detect injection flaws Figure out weak algorithm usage and hardcoded keys E.g. Password in Banking ApplicaZon (SensiZve InformaZon) E.g. Angry Birds Malware (Stealing Data) E.g. Zitmo Malware (Sending SMS)
Reverse engineering a windows mobile application Tools used : ● De-compresser (Winrar / Winzip / 7zip) ● .Net Decompiler (ILSpy) ● Visual Studio / Notepad Steps : ● xap -> .dll ● dll -> .csproject / .vbproject
Mitigation 1. Free Obfuscator: http://confuser.codeplex.com/ 2. Dotfuscator: https://www.preemptive.com/products/dotfuscator/overview
Other tools used WP Power tools .NET Reflector
Testing Approach ◼ Emulator / Windows Phone SDK ◼ Unlocked Device ◼ Side Loading ◼ Developer Unlock – Free Unlock with 2 Apps Limit ◼ Student Unlock – Up to 3 Apps ◼ Limitations ◼ Apps from the store cannot be extracted ◼ Apps from the store will not work on emulators
Sideloading apps ◼ It is a process of installing apps on a device without using app store ◼ Windows phone Power tools is used to deploy apps ◼ Plug in your device, unlock your device & run Windows phone Power tools ◼ Only apps signed with certificates will run on unlocked phones
Application File Structure ► AppManifest.xaml ► WMAppManifest.xml
WMAppManifest.xml
XAP - Headers
File Analysis
Dynamic analysis ◼ Log method names ◼ Log parameters values ◼ Log return values ◼ Add custom code to method ◼ Replace method ◼ Add custom code to the end of method ◼ Change parameter values with custom code
Isolated Storage explorer
Questions?

Recommended

Windows Phone Application Penetration Testing
Windows Phone Application Penetration Testing Windows Phone Application Penetration Testing
Windows Phone Application Penetration Testing
Jewel Joy
 
Windows Phone 8 application security
Windows Phone 8 application securityWindows Phone 8 application security
Windows Phone 8 application security
Andrey Chasovskikh
 
Windows Phone 8 Security Deep Dive
Windows Phone 8 Security Deep DiveWindows Phone 8 Security Deep Dive
Windows Phone 8 Security Deep Dive
Microsoft Developer Network (MSDN) - Belgium and Luxembourg
 
Stealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker wayStealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker way
n|u - The Open Security Community
 
Windows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsWindows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 Apps
Jorge Orchilles
 
Reversing Mobile - Swiss Cyber Storm 2011, Switzerland
Reversing Mobile - Swiss Cyber Storm 2011, SwitzerlandReversing Mobile - Swiss Cyber Storm 2011, Switzerland
Reversing Mobile - Swiss Cyber Storm 2011, Switzerland
SignalSEC Ltd.
 
Program Threats
Program ThreatsProgram Threats
Program Threats
guestab0ee0
 
WhatsApp Forensic
WhatsApp ForensicWhatsApp Forensic
WhatsApp Forensic
Animesh Shaw
 

Recommended

Windows Phone Application Penetration Testing
Windows Phone Application Penetration Testing Windows Phone Application Penetration Testing
Windows Phone Application Penetration Testing
Jewel Joy
 
Windows Phone 8 application security
Windows Phone 8 application securityWindows Phone 8 application security
Windows Phone 8 application security
Andrey Chasovskikh
 
Windows Phone 8 Security Deep Dive
Windows Phone 8 Security Deep DiveWindows Phone 8 Security Deep Dive
Windows Phone 8 Security Deep Dive
Microsoft Developer Network (MSDN) - Belgium and Luxembourg
 
Stealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker wayStealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker way
n|u - The Open Security Community
 
Windows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsWindows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 Apps
Jorge Orchilles
 
Reversing Mobile - Swiss Cyber Storm 2011, Switzerland
Reversing Mobile - Swiss Cyber Storm 2011, SwitzerlandReversing Mobile - Swiss Cyber Storm 2011, Switzerland
Reversing Mobile - Swiss Cyber Storm 2011, Switzerland
SignalSEC Ltd.
 
Program Threats
Program ThreatsProgram Threats
Program Threats
guestab0ee0
 
WhatsApp Forensic
WhatsApp ForensicWhatsApp Forensic
WhatsApp Forensic
Animesh Shaw
 
Android forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageAndroid forensics an Custom Recovery Image
Android forensics an Custom Recovery Image
Mohamed Khaled
 
Mobile application security
Mobile application securityMobile application security
Mobile application security
EY Belgium
 
Android vs iOS encryption systems
Android vs iOS encryption systemsAndroid vs iOS encryption systems
Android vs iOS encryption systems
Birju Tank
 
Android Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android ApplicationsAndroid Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android Applications
h4oxer
 
Hacking your Android (slides)
Hacking your Android (slides)Hacking your Android (slides)
Hacking your Android (slides)
Justin Hoang
 
Firefox Mobile Talk @ CeBIT 2011
Firefox Mobile Talk @ CeBIT 2011Firefox Mobile Talk @ CeBIT 2011
Firefox Mobile Talk @ CeBIT 2011
Carsten Book
 
Windows Hello e Intel(r) RealSense(tm): attenti a questi due!!
Windows Hello e Intel(r) RealSense(tm): attenti a questi due!!Windows Hello e Intel(r) RealSense(tm): attenti a questi due!!
Windows Hello e Intel(r) RealSense(tm): attenti a questi due!!
Massimo Bonanni
 
Security threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsSecurity threats in Android OS + App Permissions
Security threats in Android OS + App Permissions
Hariharan Ganesan
 
Les 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobilesLes 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobiles
Bee_Ware
 
Windows 10: Security Focus (part II)
Windows 10: Security Focus (part II)Windows 10: Security Focus (part II)
Windows 10: Security Focus (part II)
Juan Ignacio Oller Aznar
 
Mobile security
Mobile securityMobile security
Mobile security
Stefaan
 
Firefox security (prasanna)
Firefox security (prasanna) Firefox security (prasanna)
Firefox security (prasanna)
ClubHack
 
Windows Phone PPT
Windows Phone PPTWindows Phone PPT
Windows Phone PPT
deepak171991
 
Window Phone
Window PhoneWindow Phone
Window Phone
EdutechLearners
 
Hacking android apps by srini0x00
Hacking android apps by srini0x00Hacking android apps by srini0x00
Hacking android apps by srini0x00
srini0x00
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
ClubHack
 
Mobile Device Encryption Systems
Mobile Device Encryption SystemsMobile Device Encryption Systems
Mobile Device Encryption Systems
Peter Teufl
 
Virus
Virus Virus
Virus
Partha Bhunia
 
iOS Security and Encryption
iOS Security and EncryptioniOS Security and Encryption
iOS Security and Encryption
Urvashi Kataria
 
Android Security - Common Security Pitfalls in Android Applications
Android Security - Common Security Pitfalls in Android ApplicationsAndroid Security - Common Security Pitfalls in Android Applications
Android Security - Common Security Pitfalls in Android Applications
BlrDroid
 
Cloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriCloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit Giri
OWASP Delhi
 
Pwning Windows Mobile Applications by Ankit Giri
Pwning Windows Mobile Applications by Ankit GiriPwning Windows Mobile Applications by Ankit Giri
Pwning Windows Mobile Applications by Ankit Giri
OWASP Delhi
 

More Related Content

What's hot

Firefox security (prasanna)
Firefox security (prasanna) Firefox security (prasanna)
Firefox security (prasanna)
ClubHack
 

What's hot (20)

Android forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageAndroid forensics an Custom Recovery Image
Android forensics an Custom Recovery Image
 
Mobile application security
Mobile application securityMobile application security
Mobile application security
 
Android vs iOS encryption systems
Android vs iOS encryption systemsAndroid vs iOS encryption systems
Android vs iOS encryption systems
 
Android Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android ApplicationsAndroid Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android Applications
 
Hacking your Android (slides)
Hacking your Android (slides)Hacking your Android (slides)
Hacking your Android (slides)
 
Firefox Mobile Talk @ CeBIT 2011
Firefox Mobile Talk @ CeBIT 2011Firefox Mobile Talk @ CeBIT 2011
Firefox Mobile Talk @ CeBIT 2011
 
Windows Hello e Intel(r) RealSense(tm): attenti a questi due!!
Windows Hello e Intel(r) RealSense(tm): attenti a questi due!!Windows Hello e Intel(r) RealSense(tm): attenti a questi due!!
Windows Hello e Intel(r) RealSense(tm): attenti a questi due!!
 
Security threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsSecurity threats in Android OS + App Permissions
Security threats in Android OS + App Permissions
 
Les 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobilesLes 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobiles
 
Windows 10: Security Focus (part II)
Windows 10: Security Focus (part II)Windows 10: Security Focus (part II)
Windows 10: Security Focus (part II)
 
Mobile security
Mobile securityMobile security
Mobile security
 
Firefox security (prasanna)
Firefox security (prasanna) Firefox security (prasanna)
Firefox security (prasanna)
 
Windows Phone PPT
Windows Phone PPTWindows Phone PPT
Windows Phone PPT
 
Window Phone
Window PhoneWindow Phone
Window Phone
 
Hacking android apps by srini0x00
Hacking android apps by srini0x00Hacking android apps by srini0x00
Hacking android apps by srini0x00
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
 
Mobile Device Encryption Systems
Mobile Device Encryption SystemsMobile Device Encryption Systems
Mobile Device Encryption Systems
 
Virus
Virus Virus
Virus
 
iOS Security and Encryption
iOS Security and EncryptioniOS Security and Encryption
iOS Security and Encryption
 
Android Security - Common Security Pitfalls in Android Applications
Android Security - Common Security Pitfalls in Android ApplicationsAndroid Security - Common Security Pitfalls in Android Applications
Android Security - Common Security Pitfalls in Android Applications
 

Viewers also liked

IzzudDin
IzzudDinIzzudDin
IzzudDin
DinGea
 
P h technical handbook
P h technical handbookP h technical handbook
P h technical handbook
Abegail Ayaso
 
Eyeonhome
EyeonhomeEyeonhome
Eyeonhome
Jack740
 
Home smart home
Home smart homeHome smart home
Home smart home
Jack740
 
νεο λυκειο
νεο λυκειονεο λυκειο
νεο λυκειο
elpitheo
 

Viewers also liked (18)

Cloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriCloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit Giri
 
Pwning Windows Mobile Applications by Ankit Giri
Pwning Windows Mobile Applications by Ankit GiriPwning Windows Mobile Applications by Ankit Giri
Pwning Windows Mobile Applications by Ankit Giri
 
Social gaming: is it gambling?
Social gaming: is it gambling? Social gaming: is it gambling?
Social gaming: is it gambling?
 
Peerlyst Delhi NCR Chapter Meet
Peerlyst Delhi NCR Chapter MeetPeerlyst Delhi NCR Chapter Meet
Peerlyst Delhi NCR Chapter Meet
 
Software Security: In the World of Cloud & CI-CD
Software Security: In the World of Cloud & CI-CDSoftware Security: In the World of Cloud & CI-CD
Software Security: In the World of Cloud & CI-CD
 
The change.asia - results not reports
The change.asia - results not reportsThe change.asia - results not reports
The change.asia - results not reports
 
Healthync hospitals
Healthync hospitalsHealthync hospitals
Healthync hospitals
 
IzzudDin
IzzudDinIzzudDin
IzzudDin
 
P h technical handbook
P h technical handbookP h technical handbook
P h technical handbook
 
More about health
More about healthMore about health
More about health
 
GoldAdMatriX - Presentazione
GoldAdMatriX - PresentazioneGoldAdMatriX - Presentazione
GoldAdMatriX - Presentazione
 
Thetexaslawyer
ThetexaslawyerThetexaslawyer
Thetexaslawyer
 
Change in the cloud
Change in the cloudChange in the cloud
Change in the cloud
 
Eyeonhome
EyeonhomeEyeonhome
Eyeonhome
 
Lifestyle holidays vacation club
Lifestyle holidays vacation clubLifestyle holidays vacation club
Lifestyle holidays vacation club
 
Home smart home
Home smart homeHome smart home
Home smart home
 
νεο λυκειο
νεο λυκειονεο λυκειο
νεο λυκειο
 
Clean Energy Ministerial - Digital Media Year+ in Review
Clean Energy Ministerial - Digital Media Year+ in ReviewClean Energy Ministerial - Digital Media Year+ in Review
Clean Energy Ministerial - Digital Media Year+ in Review
 

Similar to Pwning Windows Mobile applications by Ankit Giri

Mobile application security
Mobile application securityMobile application security
Mobile application security
Shubhneet Goel
 
Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...
Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...
Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...
Jason Conger
 
Adc2012 windows phone 8
Adc2012 windows phone 8Adc2012 windows phone 8
Adc2012 windows phone 8
AlexanderGoetz
 
Manish Chasta - Securing Android Applications
Manish Chasta - Securing Android ApplicationsManish Chasta - Securing Android Applications
Manish Chasta - Securing Android Applications
Positive Hack Days
 
Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testing
Santhosh Kumar
 

Similar to Pwning Windows Mobile applications by Ankit Giri (20)

Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applications
 
Mobile application security
Mobile application securityMobile application security
Mobile application security
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
iOS (Vulner)ability
iOS (Vulner)abilityiOS (Vulner)ability
iOS (Vulner)ability
 
Outsmarting smartphones
Outsmarting smartphonesOutsmarting smartphones
Outsmarting smartphones
 
600.250 UI Cross Platform Development and the Android Security Model
600.250 UI Cross Platform Development and the Android Security Model600.250 UI Cross Platform Development and the Android Security Model
600.250 UI Cross Platform Development and the Android Security Model
 
Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring Budget
 
1 introduction of android
1 introduction of android1 introduction of android
1 introduction of android
 
Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...
Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...
Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...
 
Windows Phone 8 Advanced Developers Conference
Windows Phone 8 Advanced Developers ConferenceWindows Phone 8 Advanced Developers Conference
Windows Phone 8 Advanced Developers Conference
 
Adc2012 windows phone 8
Adc2012 windows phone 8Adc2012 windows phone 8
Adc2012 windows phone 8
 
ANDROID MOBILE OPERATING SYSTEM
ANDROID MOBILE OPERATING SYSTEMANDROID MOBILE OPERATING SYSTEM
ANDROID MOBILE OPERATING SYSTEM
 
Android (Types, Feature,Application etc..)
Android (Types, Feature,Application etc..)Android (Types, Feature,Application etc..)
Android (Types, Feature,Application etc..)
 
Windows Phone and Windows 8 application development
Windows Phone and Windows 8 application developmentWindows Phone and Windows 8 application development
Windows Phone and Windows 8 application development
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
 
Manish Chasta - Securing Android Applications
Manish Chasta - Securing Android ApplicationsManish Chasta - Securing Android Applications
Manish Chasta - Securing Android Applications
 
Android and ios cracking, hackintosh included !
Android and ios cracking, hackintosh included !Android and ios cracking, hackintosh included !
Android and ios cracking, hackintosh included !
 
Runtime 8 and Windows Phone 8
Runtime 8 and Windows Phone 8Runtime 8 and Windows Phone 8
Runtime 8 and Windows Phone 8
 
PPT on Android
PPT on AndroidPPT on Android
PPT on Android
 
Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testing
 

More from OWASP Delhi

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
OWASP Delhi
 
Automating WAF using Terraform
Automating WAF using TerraformAutomating WAF using Terraform
Automating WAF using Terraform
OWASP Delhi
 

More from OWASP Delhi (20)

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
 
Securing dns records from subdomain takeover
Securing dns records from subdomain takeoverSecuring dns records from subdomain takeover
Securing dns records from subdomain takeover
 
Effective Cyber Security Report Writing
Effective Cyber Security Report WritingEffective Cyber Security Report Writing
Effective Cyber Security Report Writing
 
Data sniffing over Air Gap
Data sniffing over Air GapData sniffing over Air Gap
Data sniffing over Air Gap
 
UDP Hunter
UDP HunterUDP Hunter
UDP Hunter
 
Demystifying Container Escapes
Demystifying Container EscapesDemystifying Container Escapes
Demystifying Container Escapes
 
Automating WAF using Terraform
Automating WAF using TerraformAutomating WAF using Terraform
Automating WAF using Terraform
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit Giri
 
DMARC Overview
DMARC OverviewDMARC Overview
DMARC Overview
 
Cloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelCloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash Goel
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit Ranjan
 
IETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit BatraIETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit Batra
 
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraMalicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
 

Recently uploaded

一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
aagad
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptx
abhinandnam9997
 

Recently uploaded (12)

The AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfThe AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdf
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?
 
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
The Best AI Powered Software - Intellivid AI Studio
The Best AI Powered Software - Intellivid AI StudioThe Best AI Powered Software - Intellivid AI Studio
The Best AI Powered Software - Intellivid AI Studio
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case Study
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptx
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdf
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 

Pwning Windows Mobile applications by Ankit Giri

  • 2. Agenda Mobile Platform Operating Systems Windows Phone Overview What we can test? Challenges Approach & Prerequisites Methodology Application File Structure Tools for Penetration Testing
  • 3. Microsoft Phone! Windows Phone 8 (WP8) – used to be called Windows Mobile until 7.x ARM Hardware Architecture (like iOS, Android, and Blackberry) Windows Phone Runtime Application Architecture Developer apps work on both Windows 8 and WP8 Windows NT kernel Windows 10 Mobile: The release was officially dubbed "Version 1511" or "November Update" (owing to the fact that in all other editions of Windows 10, this version was an update). Windows 10 Mobile launched with the Microsoft Lumia 550, 950 and 950 XL. The rollout for Windows Phone 8.1 devices started March 17, 2016
  • 4. Understanding the platform WM10 uses NT Kernel 128-bit BitLocker for device encryption NTFS file system Sandboxed apps SafeBoot: Secure UEFI Boot ➔ Can’t boot software without correct digital signature to be loaded on the phone ➔ TPM 2.0 – requires unique keys to be burned into chip during production Windows Mobile binaries must have Microsoft signed digital signatures
  • 5. Application Sandboxing Each app has a local isolated storage Limited app-to-app communication App A cannot see App B storage App folder has: ❖ Settings ❖ Files ❖ Directories ❖ Database
  • 6. Jailbreakable or not! WM10 is a closed OS, just like most things Microsoft stuff No jailbreak yet – some activities you would like to do for mobile device testing will not be possible ❖ Access to memory ❖ Local file system and storage ❖ Transfer files to and from device
  • 7. Static Analysis View Manifest information View the application tree including assemblies, types and methods Methods which use APIs
  • 9. Purpose of Source code review “UNDERSTAND THE WORKING OF THE APPLICATION AND TO FIGURE OUT THE LOOPHOLES!” To find Treasure Key Words like: password , keys , sql, algo, AES, DES, Base64, etc Detect the data storage definitions Detect backdoors or suspicious code Detect injection flaws Figure out weak algorithm usage and hardcoded keys E.g. Password in Banking ApplicaZon (SensiZve InformaZon) E.g. Angry Birds Malware (Stealing Data) E.g. Zitmo Malware (Sending SMS)
  • 10. Reverse engineering a windows mobile application Tools used : ● De-compresser (Winrar / Winzip / 7zip) ● .Net Decompiler (ILSpy) ● Visual Studio / Notepad Steps : ● xap -> .dll ● dll -> .csproject / .vbproject
  • 11. Mitigation 1. Free Obfuscator: http://confuser.codeplex.com/ 2. Dotfuscator: https://www.preemptive.com/products/dotfuscator/overview
  • 12. Other tools used WP Power tools .NET Reflector
  • 13. Testing Approach ◼ Emulator / Windows Phone SDK ◼ Unlocked Device ◼ Side Loading ◼ Developer Unlock – Free Unlock with 2 Apps Limit ◼ Student Unlock – Up to 3 Apps ◼ Limitations ◼ Apps from the store cannot be extracted ◼ Apps from the store will not work on emulators
  • 14. Sideloading apps ◼ It is a process of installing apps on a device without using app store ◼ Windows phone Power tools is used to deploy apps ◼ Plug in your device, unlock your device & run Windows phone Power tools ◼ Only apps signed with certificates will run on unlocked phones
  • 15. Application File Structure ► AppManifest.xaml ► WMAppManifest.xml
  • 19.
  • 20. Dynamic analysis ◼ Log method names ◼ Log parameters values ◼ Log return values ◼ Add custom code to method ◼ Replace method ◼ Add custom code to the end of method ◼ Change parameter values with custom code