A Hacker's Perspective

Kamran Bilgrami / Angelo Chan

Silverlight Security

Agenda

• Silverlight overview• Scope• Key concepts• Demos• Recommendations• Q&A

    

Silverlight Overview

User• Cross-browser, cross-platform• Media-rich (audio/video)• Run in-browser, out-of-browser• .xap - archive of assemblies,

manifest Programmer• .NET programming model• Networking and LINQ support

Silverlight architecture

• Presentation (e.g. Media)• CoreCLR (optimized)

Silverlight overview - security

• Run-time security modes o In browser, out of browser

• Sandboxo User initiated, same origin

policy

   

Scope

• In scopeo Vulnerabilities against Silverlight

related components • Out of scope

o Classical attacks (SQL Injection, XSS etc)

  • Due to XAP/CoreCLR, hackers can now

apply .NET assembly hacking techniques to your web application

Useful concepts

• XAP• CoreCLR• Intermediate Language (IL)

  • Widely Available Tools

o ILASM/ILDASMo Reflectoro ReflexIL

 • Signing/Tamper detection• Obfuscation (Protect IP)

Demos

Demo 1 Summary

Problems• Code not obfuscated• Tamper-able Assembly • Client side Business logic

Solutions• Use code obfuscation• Assembly Signing• Server Side Business

Demo 2 Summary

Starting conditions• Code was obfuscated• Tamper resistant• IP / Business logic on

server side 

Run-time hacking• Bypass tamper detection• Bypass server business

logic

Recommendations

• Web security - XSS, data encryption

• CLR - Obfuscation, signing• Domain-specific - e.g. banking

application• Legal

Q&A

  

References• Silverlight Security Overview - MSDN• Silverlight Architecture - MSDN• SOS command reference - MSDN• CLR Inside Out - MSDN• http://www.windowsdebugging.com

kamran@windowsdebugging.comangelo@windowsdebugging.com