Exploiting and analyzing Microsoft Surface Applications
-
Upload
wardell-motley-nsa-iamiem -
Category
Engineering
-
view
348 -
download
6
Transcript of Exploiting and analyzing Microsoft Surface Applications
![Page 1: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/1.jpg)
BSIDES DFW 2014
Into the Mobile DeepExploiting and Analyzing Microsoft SurfaceApplications
![Page 2: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/2.jpg)
2
Who am I?
Wardell Motley
Currently: Penetration Tester Veracode
Previously
Sr. Penetration Tester (Undisclosed)
Systems Administrator: Walls Industries
Network Administrator: CSI
Other Security Related Stuff:
Contributor: The Ethical Hacker.Net
Contributor:Hakin9 Magazine
…….Others
![Page 3: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/3.jpg)
3
• Why Bother?
• Introduction to Microsoft Surface
• App Supply Chain
• Package Breakdown
• Extraction and Analysis
• Web Analysis
Goals
![Page 4: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/4.jpg)
4
• Seems to be very little discussion surrounding
Surface Platform Applications
• Most People seem to be Fixated on IOS and
Android Applications
• More and More Surface devices appearing in the
Enterprise environment due to BYOD
• I’m tired of hearing about things everyone else
already knows!!
Why Bother?
![Page 5: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/5.jpg)
5
Surface Platform
(More than just the tablets)
![Page 6: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/6.jpg)
6
Surface Platform
Architecture
OS Kernel CPU
Surface ARMv7 WinRT 8.0 Nvida Tegra
Surface 2 ARMv7 WinRT 8.1 Nvida Tegra
Surface Pro x86/x64 WinRT 8.0 Intel Ivy Bridge
Surface Pro 2 x86/x64 WinRT 8.0 Intel Haswell
Surface Pro 3 x86/x64 WinRT 8.1 Intel Haswell
![Page 7: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/7.jpg)
7
Surface App Supply Chain
DevelopmentWin32 and C++
.NET
C# and XAML
DirectX
HTML/JavaScript
PublishWindows Store
ConsumptionSurface
Surface 2
Surface Pro 2
![Page 8: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/8.jpg)
8
Windows Runtime app packages
.Appx
AppX
App Manifest App Block Map App Signature
App Payload
![Page 9: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/9.jpg)
9
Windows Runtime app packages
.Appx
App Payload
App Code files and assets
Payload files are the code files and assets that you create when you actually create the App
App Manifest
The manifest declares the identity of the application. Basically what does this application do?
App Block Map
The block map files lists all of the applications files along with associated cryptographic hashes
App Signature
The app signature ensures that the contents of the Appx hasn’t been modified and they get
signed
![Page 10: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/10.jpg)
10
Surface Apps: Distribution & Location
Apps are distributed as .zip archives from the Microsoft Store
3rd party apps are stored inside C:\Program Files\WindowsApps
![Page 11: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/11.jpg)
11
Directory Structure
![Page 12: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/12.jpg)
12
Surface Apps: Distribution & Location
![Page 13: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/13.jpg)
13
Surface Apps: Distribution & Location
![Page 14: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/14.jpg)
14
Surface Apps: Extraction & Analysis
Unzip It!
![Page 15: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/15.jpg)
15
Surface Apps: Extraction & Analysis
App packer (MakeAppx.exe)
App Packer creates the app package from files on disk or extracts the files from
the app package to disk
- Requires Installation of Windows SDK 8.1
![Page 16: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/16.jpg)
16
Surface Apps: Extraction & Analysis
Extract It!
MakeAppx unpack /l /v /p application.appx /d “D:\My Files
![Page 17: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/17.jpg)
17
Surface Apps: Extraction & Analysis
Extract It!
![Page 18: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/18.jpg)
18
Surface Apps: Extraction & Analysis
Unzip It!
![Page 19: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/19.jpg)
19
Surface Apps: Extraction & Analysis
Goodies to be Found!
Hard Coded Usernames and Passwords
Database Files with Unmasked User data
Active Test Licensing Keys
Many others……
![Page 20: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/20.jpg)
20
Surface Apps: Web Analysis
Proxying Surface Application traffic through Burp Suite
Traditional Web Application Testing
![Page 21: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/21.jpg)
21
Surface Apps: Web Analysis
You are already a Pro at this!
Setup Secondary Interface Under Burp Suite Options Tab
Install Burp Suite SSL Certificate in Trusted Store on Microsoft Store
![Page 22: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/22.jpg)
22
Surface Apps: Web Analysis
If you are not the web app guy you thought you were see references!
![Page 23: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/23.jpg)
23
Surface Apps: Web Analysis
If you are not the web app guy you thought you were see references!
Setup Secondary Interface Under Burp Suite Options Tab
Install Burp Suite SSL Certificate in Trusted Store on Microsoft Store
![Page 24: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/24.jpg)
24
Surface Apps: Web Analysis
Goodies to be Found!
OWASP Top 10 Yada Yada
Other Unencrypted Goodness
![Page 25: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/25.jpg)
25
Questions?
![Page 26: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/26.jpg)
26
Contact Information
LinkedIn: Wardell Motley
Twitter:Infowarrior0
Email:[email protected]
Please Put “Bsides DFW 2014 in the Subject Line”
![Page 27: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/27.jpg)
27
App Packager Managerhttp://msdn.microsoft.com/en-us/library/windows/desktop/hh446767(v=vs.85).aspx
Windows SDK for Windows 8.1
http://dev.windows.com/en-us/develop/downloads
XAML Decompiler (Convert XBF to XAML)
http://xamldecompiler.codeplex.com/
Burp Suite Pro
http://portswigger.net/burp/
Installing Burp Suite Pro SSL Certificates
http://portswigger.net/burp/help/proxy_options_installingCAcert.html
References:
![Page 28: Exploiting and analyzing Microsoft Surface Applications](https://reader034.fdocuments.in/reader034/viewer/2022052602/55a8d9fe1a28abae3e8b46da/html5/thumbnails/28.jpg)
28
Proxying Traffic through Microsoft Surface http://www.7tutorials.com/how-set-proxy-server-windows-81-tablet-or-hybrid-device
Burp Suite SSL Options
http://portswigger.net/burp/help/options_ssl.html
Windows Runtime Apps
http://msdn.microsoft.com/en-us/library/windows/desktop/hh464929.aspx
References:
http://www.7tutorials.com/how-set-proxy-server-windows-81-tablet-or-hybrid-devicehttp://www.7tutorials.com/how-set-proxy-server-windows-81-tablet-or-hybrid-device