Exploiting and analyzing Microsoft Surface Applications

BSIDES DFW 2014

Into the Mobile DeepExploiting and Analyzing Microsoft SurfaceApplications

Who am I?

Wardell Motley

Currently: Penetration Tester Veracode

Previously

Sr. Penetration Tester (Undisclosed)

Systems Administrator: Walls Industries

Network Administrator: CSI

Other Security Related Stuff:

Contributor: The Ethical Hacker.Net

Contributor:Hakin9 Magazine

…….Others

• Why Bother?

• Introduction to Microsoft Surface

• App Supply Chain

• Package Breakdown

• Extraction and Analysis

• Web Analysis

• Seems to be very little discussion surrounding

Surface Platform Applications

• Most People seem to be Fixated on IOS and

Android Applications

• More and More Surface devices appearing in the

Enterprise environment due to BYOD

• I’m tired of hearing about things everyone else

already knows!!

Why Bother?

Surface Platform

(More than just the tablets)

Surface Platform

Architecture

OS Kernel CPU

Surface ARMv7 WinRT 8.0 Nvida Tegra

Surface 2 ARMv7 WinRT 8.1 Nvida Tegra

Surface Pro x86/x64 WinRT 8.0 Intel Ivy Bridge

Surface Pro 2 x86/x64 WinRT 8.0 Intel Haswell

Surface Pro 3 x86/x64 WinRT 8.1 Intel Haswell

Surface App Supply Chain

DevelopmentWin32 and C++

C# and XAML

DirectX

HTML/JavaScript

PublishWindows Store

ConsumptionSurface

Surface 2

Surface Pro 2

Windows Runtime app packages

App Manifest App Block Map App Signature

App Payload

Windows Runtime app packages

App Payload

App Code files and assets

Payload files are the code files and assets that you create when you actually create the App

App Manifest

The manifest declares the identity of the application. Basically what does this application do?

App Block Map

The block map files lists all of the applications files along with associated cryptographic hashes

App Signature

The app signature ensures that the contents of the Appx hasn’t been modified and they get

signed

Surface Apps: Distribution & Location

Apps are distributed as .zip archives from the Microsoft Store

3rd party apps are stored inside C:\Program Files\WindowsApps

Directory Structure

Surface Apps: Distribution & Location

Surface Apps: Extraction & Analysis

Unzip It!

App packer (MakeAppx.exe)

App Packer creates the app package from files on disk or extracts the files from

the app package to disk

- Requires Installation of Windows SDK 8.1

Extract It!

MakeAppx unpack /l /v /p application.appx /d “D:\My Files

Extract It!

Unzip It!

Goodies to be Found!

Hard Coded Usernames and Passwords

Database Files with Unmasked User data

Active Test Licensing Keys

Many others……

Surface Apps: Web Analysis

Proxying Surface Application traffic through Burp Suite

Traditional Web Application Testing

You are already a Pro at this!

Setup Secondary Interface Under Burp Suite Options Tab

Install Burp Suite SSL Certificate in Trusted Store on Microsoft Store

If you are not the web app guy you thought you were see references!

Setup Secondary Interface Under Burp Suite Options Tab

Install Burp Suite SSL Certificate in Trusted Store on Microsoft Store

Goodies to be Found!

OWASP Top 10 Yada Yada

Other Unencrypted Goodness

Questions?

Contact Information

LinkedIn: Wardell Motley

Twitter:Infowarrior0

Email:infowarrior0@gmail.com

Please Put “Bsides DFW 2014 in the Subject Line”

App Packager Managerhttp://msdn.microsoft.com/en-us/library/windows/desktop/hh446767(v=vs.85).aspx

Windows SDK for Windows 8.1

http://dev.windows.com/en-us/develop/downloads

XAML Decompiler (Convert XBF to XAML)

http://xamldecompiler.codeplex.com/

Burp Suite Pro

http://portswigger.net/burp/

Installing Burp Suite Pro SSL Certificates

http://portswigger.net/burp/help/proxy_options_installingCAcert.html

References:

Proxying Traffic through Microsoft Surface http://www.7tutorials.com/how-set-proxy-server-windows-81-tablet-or-hybrid-device

Burp Suite SSL Options

http://portswigger.net/burp/help/options_ssl.html

Windows Runtime Apps

http://msdn.microsoft.com/en-us/library/windows/desktop/hh464929.aspx

References:

http://www.7tutorials.com/how-set-proxy-server-windows-81-tablet-or-hybrid-devicehttp://www.7tutorials.com/how-set-proxy-server-windows-81-tablet-or-hybrid-device

Exploiting and analyzing Microsoft Surface Applications

Engineering

Transcript of Exploiting and analyzing Microsoft Surface Applications

BurnFit: Analyzing and Exploiting Wearable Devices

Analyzing and Optimizing Denitrification in Agricultural Surface … · 2017. 4. 13. · Analyzing and Optimizing Denitrification in Agricultural Surface Waters: Spatial and Temporal

An Application of Photo Realistic Water Surface ... · realistic rendering, and a 6DOF manipulator exploiting Aug-mented Reality. In our system, a user can touch a virtual water surface

Research Article Exploiting Visibility Information in Surface Reconstruction …downloads.hindawi.com/journals/isrn/2014/798595.pdf · 2017. 12. 4. · Exploiting Visibility Information

Analyzing collaborative learning processes automatically ...cprose/pubweb/iJCSCL-Proof.pdf · Analyzing collaborative learning processes automatically: Exploiting the advances of

Digging Beneath the Surface: Analyzing the Complexity of … · Digging Beneath the Surface . Digging Beneath the Surface: Analyzing the Complexity of Instructors' Participation in

Analyzing Glacier Surface Motion Using LiDAR Data€¦ · Analyzing Glacier Surface Motion Using LiDAR Data Jennifer W. Telling 1,*, Craig Glennie 1, Andrew G. Fountain 2 and David

Pressure sources vs. surface loads: Analyzing deformation ...Pressure sources vs. surface loads: Analyzing deformation signal composition at volcanoes – a case study at Hekla volcano,

Quantitative evaluation of die casting surface defect ... · Quantitative evaluation of die casting surface . defect severity by analyzing surface height *Yan Xu. Male, Ph.D. candidate

Exploiting thetrianglerelationship

Exploiting Unbroken Surface Congruity for the Acceleration of … · 2017. 9. 27. · M. Savelonas et al. / Exploiting Unbroken Surface Congruity for the Acceleration of Fragment

Investigation of Tool Wear and Surface Finish by Analyzing ...

Analyzing Surface Wind - AMSAnalyzing Surface Wind Fields Near Lower Cook Inlet And Kodiak Waters Using SAR Eddie Zingone Weather Forecast Office, National Weather Service, Anchorage

Analyzing collaborative learning processes automatically ...cprose/pubweb/Proof2.pdf · Analyzing collaborative learning processes automatically: Exploiting the advances of computational

Ji Present and future of surface plasmon resonance … · Abstract Surface plasmon resonance (SPR) biosensors are optical sensors exploiting special electromagnetic waves ... cusses

Liquid Extraction Surface Analysis (LESA) Analyzing whole ...

Low-Profile Circularly Polarized Antenna Exploiting Fabry ... · High gain antenna, Fabry-Perot resonator, terahertz source, partially reflective surface, mushroom-like electromagnetic

Analyzing Controllability and Observability by Exploiting ...mopnet.cf.ac.uk/kagstrom.pdfThe Matrix Reloaded The Matrix Revolutions The Matrix Stratiﬁcations Coming soon to a PC

Analyzing Attack Surface Code Coverage

Analyzing and Exploiting Network Behaviors of Malware Jose Andre Morales Areej Al-Bataineh Shouhuai XuRavi Sandhu SecureComm Singapore, 2010 ©2010 Institute.