Jump to content
Nytro

Hacking Soft Tokens

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Hacking Soft Tokens

Advanced Reverse Engineering on Android

Bernhard Mueller © 2016

Vantage Point Security Pte. Ltd.

  

Table of Contents
Introduction............................................................................................................................................................... 5
Mobile One-Time Password Token Overview.................................................................................................... 6
OATH TOTP..................................................................................................................................................................................6
Proprietary Algorithms...................................................................................................................................................................7
Provisioning......................................................................................................................................................................................7
Attacks...............................................................................................................................................................................................8
Retrieval from Memory..............................................................................................................................................................9
Code Lifting and Instrumentation ...........................................................................................................................................9
The Android Reverser’s Toolbox......................................................................................................................... 10
De-Compilers, Disassemblers and Debuggers.....................................................................................................................10
Tracing Java Code.....................................................................................................................................................................11
Tracing Native Code ................................................................................................................................................................15
Tracing System Calls.................................................................................................................................................................17
Classic Linux Rootkit Style......................................................................................................................................................19
Dynamic Analysis Frameworks..............................................................................................................................................19
Drawbacks Emulation-based Analysis ..................................................................................................................................21
Hacking Soft Tokens - Bernhard Mueller © 2016 Vantage Point Security Pte. 4 of 68
Runtime Instrumentation with Frida .....................................................................................................................................22
Building A Sandbox................................................................................................................................................ 23
Sandbox Overview....................................................................................................................................................................24
Customizing the Kernel...........................................................................................................................................................25
Customizing the RAMDisk.....................................................................................................................................................26
Booting the Environment .......................................................................................................................................................28
Customizing ART.....................................................................................................................................................................29
Hooking System Calls ..............................................................................................................................................................31
Automating System Call Hooking with Zork.......................................................................................................................35
Case Studies ............................................................................................................................................................. 36
RSA SecurID: ProGuard and a Proprietary Algorithm...........................................................................................................37
Analyzing ProGuard-processed Bytecode ............................................................................................................................37
Data Storage and Runtime Encryption .................................................................................................................................39
Tool Time: RSACloneId..........................................................................................................................................................41
Vendor Response......................................................................................................................................................................44
Summary.....................................................................................................................................................................................45
Vasco DIGIPASS: Advanced Anti-Tampering........................................................................................................................47
Initial Analysis ...........................................................................................................................................................................47
Root Detection and Integrity Checks....................................................................................................................................51
Native Debugging Defenses ...................................................................................................................................................54
JDWP Debugging Defenses....................................................................................................................................................56
Static-dynamic Analysis............................................................................................................................................................58
Attack Outline ...........................................................................................................................................................................59
Tool Time: VasClone....................................................................................................................................................................60
Vendor Comments........................................................................................................................................................................64
Summary.....................................................................................................................................................................................65
TL; DR...................................................................................................................................................................... 66
Attack Mitigation...........................................................................................................................................................................66
Software Protection Effectiveness..............................................................................................................................................66
REFERENCES....................................................................................................................................................... 67

Download: http://gsec.hitb.org/materials/sg2016/whitepapers/Hacking Soft Tokens - Bernhard Mueller.pdf

  • Like 1
  • Upvote 2

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...