Exploiting and analyzing Microsoft Surface Applications
-
Upload
wardell-motley-nsa-iamiem -
Category
Engineering
-
view
350 -
download
6
Transcript of Exploiting and analyzing Microsoft Surface Applications
BSIDES DFW 2014
Into the Mobile DeepExploiting and Analyzing Microsoft SurfaceApplications
2
Who am I?
Wardell Motley
Currently: Penetration Tester Veracode
Previously
Sr. Penetration Tester (Undisclosed)
Systems Administrator: Walls Industries
Network Administrator: CSI
Other Security Related Stuff:
Contributor: The Ethical Hacker.Net
Contributor:Hakin9 Magazine
…….Others
3
• Why Bother?
• Introduction to Microsoft Surface
• App Supply Chain
• Package Breakdown
• Extraction and Analysis
• Web Analysis
Goals
4
• Seems to be very little discussion surrounding
Surface Platform Applications
• Most People seem to be Fixated on IOS and
Android Applications
• More and More Surface devices appearing in the
Enterprise environment due to BYOD
• I’m tired of hearing about things everyone else
already knows!!
Why Bother?
5
Surface Platform
(More than just the tablets)
6
Surface Platform
Architecture
OS Kernel CPU
Surface ARMv7 WinRT 8.0 Nvida Tegra
Surface 2 ARMv7 WinRT 8.1 Nvida Tegra
Surface Pro x86/x64 WinRT 8.0 Intel Ivy Bridge
Surface Pro 2 x86/x64 WinRT 8.0 Intel Haswell
Surface Pro 3 x86/x64 WinRT 8.1 Intel Haswell
7
Surface App Supply Chain
DevelopmentWin32 and C++
.NET
C# and XAML
DirectX
HTML/JavaScript
PublishWindows Store
ConsumptionSurface
Surface 2
Surface Pro 2
8
Windows Runtime app packages
.Appx
AppX
App Manifest App Block Map App Signature
App Payload
9
Windows Runtime app packages
.Appx
App Payload
App Code files and assets
Payload files are the code files and assets that you create when you actually create the App
App Manifest
The manifest declares the identity of the application. Basically what does this application do?
App Block Map
The block map files lists all of the applications files along with associated cryptographic hashes
App Signature
The app signature ensures that the contents of the Appx hasn’t been modified and they get
signed
10
Surface Apps: Distribution & Location
Apps are distributed as .zip archives from the Microsoft Store
3rd party apps are stored inside C:\Program Files\WindowsApps
11
Directory Structure
12
Surface Apps: Distribution & Location
13
Surface Apps: Distribution & Location
14
Surface Apps: Extraction & Analysis
Unzip It!
15
Surface Apps: Extraction & Analysis
App packer (MakeAppx.exe)
App Packer creates the app package from files on disk or extracts the files from
the app package to disk
- Requires Installation of Windows SDK 8.1
16
Surface Apps: Extraction & Analysis
Extract It!
MakeAppx unpack /l /v /p application.appx /d “D:\My Files
17
Surface Apps: Extraction & Analysis
Extract It!
18
Surface Apps: Extraction & Analysis
Unzip It!
19
Surface Apps: Extraction & Analysis
Goodies to be Found!
Hard Coded Usernames and Passwords
Database Files with Unmasked User data
Active Test Licensing Keys
Many others……
20
Surface Apps: Web Analysis
Proxying Surface Application traffic through Burp Suite
Traditional Web Application Testing
21
Surface Apps: Web Analysis
You are already a Pro at this!
Setup Secondary Interface Under Burp Suite Options Tab
Install Burp Suite SSL Certificate in Trusted Store on Microsoft Store
22
Surface Apps: Web Analysis
If you are not the web app guy you thought you were see references!
23
Surface Apps: Web Analysis
If you are not the web app guy you thought you were see references!
Setup Secondary Interface Under Burp Suite Options Tab
Install Burp Suite SSL Certificate in Trusted Store on Microsoft Store
24
Surface Apps: Web Analysis
Goodies to be Found!
OWASP Top 10 Yada Yada
Other Unencrypted Goodness
25
Questions?
26
Contact Information
LinkedIn: Wardell Motley
Twitter:Infowarrior0
Email:[email protected]
Please Put “Bsides DFW 2014 in the Subject Line”
27
App Packager Managerhttp://msdn.microsoft.com/en-us/library/windows/desktop/hh446767(v=vs.85).aspx
Windows SDK for Windows 8.1
http://dev.windows.com/en-us/develop/downloads
XAML Decompiler (Convert XBF to XAML)
http://xamldecompiler.codeplex.com/
Burp Suite Pro
http://portswigger.net/burp/
Installing Burp Suite Pro SSL Certificates
http://portswigger.net/burp/help/proxy_options_installingCAcert.html
References:
28
Proxying Traffic through Microsoft Surface http://www.7tutorials.com/how-set-proxy-server-windows-81-tablet-or-hybrid-device
Burp Suite SSL Options
http://portswigger.net/burp/help/options_ssl.html
Windows Runtime Apps
http://msdn.microsoft.com/en-us/library/windows/desktop/hh464929.aspx
References:
http://www.7tutorials.com/how-set-proxy-server-windows-81-tablet-or-hybrid-devicehttp://www.7tutorials.com/how-set-proxy-server-windows-81-tablet-or-hybrid-device