![!?
[App Server ]
2010. 7. 17
( )](https://image.slidesharecdn.com/appservercomm-100720101408-phpapp01/85/App-Server-1-320.jpg)
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Ähnlich wie App과 Server의 은밀한 대화
Ähnlich wie App과 Server의 은밀한 대화 (20)
App과 Server의 은밀한 대화
- 1. !? [App Server ] 2010. 7. 17 ( )
- 2. ! • /( ) CTO • 2005~2010 : SK - / - ( , , , ) • contact : @cserock | http://rockk.egloos.com blueonion • : • 2010. 4 • 24 ( :3 ) • http://blueonionsoft.com blueonion
- 3. http://www.test.com/getUserInfo.php?id=234 XML or JSON blueonion
- 4. ! • http://test.com/savePoint.php?id=2&point=450 • http://test.com/updateUserInfo.php?id=2&password=teertfdsa • http://test.com/getUserInfo.php?id=2 blueonion
- 5. ; • endpoint : savePoint.php, updateUserInfo.php ! • data : id, point, password ! • Abusing ! savePoint.php id=3&point=500000 ? blueonion
- 6. ,‘ ’ . • - App “ ” • . • - • - . blueonion
- 7. http://www.test.com?st=xndje3e2j3%dws3olnf XML or JSON blueonion
- 8. • AES-128 • CryptoHelper ( ) • CommonCrypto / Security framework • st(security token) • libmcrypt • php mcrypt function • st blueonion
- 9. : // make parameter NSString *param = [[NSString stringWithFormat:@"id=2&point=450&nonce=%d", rand()] stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]; // make st (key is ‘123456789abcdef’) NSString *st = [[CryptoHelper sharedInstance] encryptString:param]; // now lets create the body of the post NSMutableData *body = [NSMutableData data]; [body appendData:[[NSString stringWithFormat:@"rn--%@rn",boundary] dataUsingEncoding:NSUTF8StringEncoding]]; [body appendData:[[NSString stringWithFormat:@"Content-Disposition: form-data; name="st"rnrn%@", st] dataUsingEncoding:NSUTF8StringEncoding]]; [body appendData:[[NSString stringWithFormat:@"rn--%@--rn",boundary] dataUsingEncoding:NSUTF8StringEncoding]]; [request setHTTPBody:body]; blueonion
- 10. : <?php // base64 decode st $tmp_st = base64_decode($_POST[‘st’]); // decrypt st (key is ‘123456789abcdef’) $st = urldecode(trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, ‘123456789abcdef’, $tmp_st, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB), MCRYPT_RAND)))); // st is ‘id=2&point=450&nonce=12342234’ ?> blueonion
- 11. • HTTP_USER_AGENT => App • framework => => endpoint • st(security token) timestamp • blueonion