ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo

Exploiting and analyzing Microsoft Surface Applications

?
?
W
Wardell Motley, NSA IAM\IEM

Exploiting and analyzing Microsoft Surface Applications Reverse Engineering Microsoft Surface Applications

1 of 28
Download to read offline
BSIDES DFW 2014 Into the Mobile DeepExploiting and Analyzing Microsoft SurfaceApplications
2 Who am I? Wardell Motley Currently: Penetration Tester Veracode Previously Sr. Penetration Tester (Undisclosed) Systems Administrator: Walls Industries Network Administrator: CSI Other Security Related Stuff: Contributor: The Ethical Hacker.Net Contributor:Hakin9 Magazine ¡­¡­.Others
3 ?Why Bother? ?Introduction to Microsoft Surface ?App Supply Chain ?Package Breakdown ?Extraction and Analysis ?Web Analysis Goals
4 ?Seems to be very little discussion surrounding Surface Platform Applications ?Most People seem to be Fixated on IOS and Android Applications ?More and More Surface devices appearing in the Enterprise environment due to BYOD ?I¡¯m tired of hearing about things everyone else already knows!! Why Bother?
5 Surface Platform (More than just the tablets)
6 Surface Platform Architecture OSKernel CPU Surface ARMv7 WinRT 8.0 NvidaTegra Surface2 ARMv7 WinRT8.1 NvidaTegra SurfacePro x86/x64 WinRT8.0 IntelIvy Bridge SurfacePro 2 x86/x64 WinRT 8.0 IntelHaswell SurfacePro 3 x86/x64 WinRT 8.1 IntelHaswell
7 Surface App Supply Chain Development Win32 and C++ .NET C# and XAML DirectX HTML/JavaScript Publish Windows Store Consumption Surface Surface 2 Surface Pro 2
8 Windows Runtime app packages .Appx AppX App Manifest App Block Map App Signature App Payload
9 Windows Runtime app packages .Appx ?App Payload App Code files and assets Payload files are the code files and assets that you create when you actually create the App ?App Manifest The manifest declares the identity of the application. Basically what does this application do? ?App Block Map The block map files lists all of the applications files along with associated cryptographic hashes ?App Signature The app signature ensures that the contents of the Appx hasn¡¯t been modified and they get signed
10 Surface Apps: Distribution & Location ?Apps are distributed as .zip archives from the Microsoft Store ?3rdparty apps are stored inside C:Program FilesWindowsApps
11 Directory Structure
12 Surface Apps: Distribution & Location
13 Surface Apps: Distribution & Location
14 Surface Apps: Extraction & Analysis Unzip It!
15 Surface Apps: Extraction & Analysis App packer (MakeAppx.exe) App Packer creates the app package from files on disk or extracts the files from the app package to disk -Requires Installation of Windows SDK 8.1
16 Surface Apps: Extraction & Analysis Extract It! MakeAppx unpack /l /v /p application.appx/d ¡°D:My Files
17 Surface Apps: Extraction & Analysis Extract It!
18 Surface Apps: Extraction & Analysis Unzip It!
19 Surface Apps: Extraction & Analysis Goodies to be Found! ?Hard Coded Usernames and Passwords ?Database Files with Unmasked User data ?Active Test Licensing Keys ?Many others¡­¡­
20 Surface Apps: Web Analysis ?Proxying Surface Application traffic through Burp Suite ?Traditional Web Application Testing
21 Surface Apps: Web Analysis You are already a Pro at this! ?Setup Secondary Interface Under Burp Suite Options Tab ?Install Burp Suite SSL Certificate in Trusted Store on Microsoft Store
22 If you are not the web app guy you thought you were see references!
23 If you are not the web app guy you thought you were see references! ?Setup Secondary Interface Under Burp Suite Options Tab ?Install Burp Suite SSL Certificate in Trusted Store on Microsoft Store
24 Surface Apps: Web Analysis Goodies to be Found! ?OWASP Top 10 YadaYada ?Other Unencrypted Goodness
25 Questions?
26 Contact Information LinkedIn: Wardell Motley Twitter:Infowarrior0 Email:infowarrior0@gmail.com Please Put ¡°BsidesDFW 2014 in the Subject Line¡±
27 App Packager Manager http://msdn.microsoft.com/en-us/library/windows/desktop/hh446767(v=vs.85).aspx Windows SDK for Windows 8.1 http://dev.windows.com/en-us/develop/downloads XAML Decompiler (Convert XBF to XAML) http://xamldecompiler.codeplex.com/ Burp Suite Pro http://portswigger.net/burp/ Installing Burp Suite Pro SSL Certificates http://portswigger.net/burp/help/proxy_options_installingCAcert.html References:
28 Proxying Traffic through Microsoft Surface http://www.7tutorials.com/how-set-proxy-server-windows-81-tablet-or-hybrid-device Burp Suite SSL Options http://portswigger.net/burp/help/options_ssl.html Windows Runtime Apps http://msdn.microsoft.com/en-us/library/windows/desktop/hh464929.aspx References: http://www.7tutorials.com/how-set-proxy-server-windows-81-tablet-or-hybrid-devicehttp://www.7tutorials.com/how-set-proxy-server-windows-81-tablet-or-hybrid-device

More Related Content

Exploiting and analyzing Microsoft Surface Applications

  • 1. BSIDES DFW 2014 Into the Mobile DeepExploiting and Analyzing Microsoft SurfaceApplications
  • 2. 2 Who am I? Wardell Motley Currently: Penetration Tester Veracode Previously Sr. Penetration Tester (Undisclosed) Systems Administrator: Walls Industries Network Administrator: CSI Other Security Related Stuff: Contributor: The Ethical Hacker.Net Contributor:Hakin9 Magazine ¡­¡­.Others
  • 3. 3 ?Why Bother? ?Introduction to Microsoft Surface ?App Supply Chain ?Package Breakdown ?Extraction and Analysis ?Web Analysis Goals
  • 4. 4 ?Seems to be very little discussion surrounding Surface Platform Applications ?Most People seem to be Fixated on IOS and Android Applications ?More and More Surface devices appearing in the Enterprise environment due to BYOD ?I¡¯m tired of hearing about things everyone else already knows!! Why Bother?
  • 5. 5 Surface Platform (More than just the tablets)
  • 6. 6 Surface Platform Architecture OSKernel CPU Surface ARMv7 WinRT 8.0 NvidaTegra Surface2 ARMv7 WinRT8.1 NvidaTegra SurfacePro x86/x64 WinRT8.0 IntelIvy Bridge SurfacePro 2 x86/x64 WinRT 8.0 IntelHaswell SurfacePro 3 x86/x64 WinRT 8.1 IntelHaswell
  • 7. 7 Surface App Supply Chain Development Win32 and C++ .NET C# and XAML DirectX HTML/JavaScript Publish Windows Store Consumption Surface Surface 2 Surface Pro 2
  • 8. 8 Windows Runtime app packages .Appx AppX App Manifest App Block Map App Signature App Payload
  • 9. 9 Windows Runtime app packages .Appx ?App Payload App Code files and assets Payload files are the code files and assets that you create when you actually create the App ?App Manifest The manifest declares the identity of the application. Basically what does this application do? ?App Block Map The block map files lists all of the applications files along with associated cryptographic hashes ?App Signature The app signature ensures that the contents of the Appx hasn¡¯t been modified and they get signed
  • 10. 10 Surface Apps: Distribution & Location ?Apps are distributed as .zip archives from the Microsoft Store ?3rdparty apps are stored inside C:Program FilesWindowsApps
  • 12. 12 Surface Apps: Distribution & Location
  • 13. 13 Surface Apps: Distribution & Location
  • 14. 14 Surface Apps: Extraction & Analysis Unzip It!
  • 15. 15 Surface Apps: Extraction & Analysis App packer (MakeAppx.exe) App Packer creates the app package from files on disk or extracts the files from the app package to disk -Requires Installation of Windows SDK 8.1
  • 16. 16 Surface Apps: Extraction & Analysis Extract It! MakeAppx unpack /l /v /p application.appx/d ¡°D:My Files
  • 17. 17 Surface Apps: Extraction & Analysis Extract It!
  • 18. 18 Surface Apps: Extraction & Analysis Unzip It!
  • 19. 19 Surface Apps: Extraction & Analysis Goodies to be Found! ?Hard Coded Usernames and Passwords ?Database Files with Unmasked User data ?Active Test Licensing Keys ?Many others¡­¡­
  • 20. 20 Surface Apps: Web Analysis ?Proxying Surface Application traffic through Burp Suite ?Traditional Web Application Testing
  • 21. 21 Surface Apps: Web Analysis You are already a Pro at this! ?Setup Secondary Interface Under Burp Suite Options Tab ?Install Burp Suite SSL Certificate in Trusted Store on Microsoft Store
  • 22. 22 If you are not the web app guy you thought you were see references!
  • 23. 23 If you are not the web app guy you thought you were see references! ?Setup Secondary Interface Under Burp Suite Options Tab ?Install Burp Suite SSL Certificate in Trusted Store on Microsoft Store
  • 24. 24 Surface Apps: Web Analysis Goodies to be Found! ?OWASP Top 10 YadaYada ?Other Unencrypted Goodness
  • 26. 26 Contact Information LinkedIn: Wardell Motley Twitter:Infowarrior0 Email:infowarrior0@gmail.com Please Put ¡°BsidesDFW 2014 in the Subject Line¡±
  • 27. 27 App Packager Manager http://msdn.microsoft.com/en-us/library/windows/desktop/hh446767(v=vs.85).aspx Windows SDK for Windows 8.1 http://dev.windows.com/en-us/develop/downloads XAML Decompiler (Convert XBF to XAML) http://xamldecompiler.codeplex.com/ Burp Suite Pro http://portswigger.net/burp/ Installing Burp Suite Pro SSL Certificates http://portswigger.net/burp/help/proxy_options_installingCAcert.html References:
  • 28. 28 Proxying Traffic through Microsoft Surface http://www.7tutorials.com/how-set-proxy-server-windows-81-tablet-or-hybrid-device Burp Suite SSL Options http://portswigger.net/burp/help/options_ssl.html Windows Runtime Apps http://msdn.microsoft.com/en-us/library/windows/desktop/hh464929.aspx References: http://www.7tutorials.com/how-set-proxy-server-windows-81-tablet-or-hybrid-devicehttp://www.7tutorials.com/how-set-proxy-server-windows-81-tablet-or-hybrid-device