Mobile Platform Operating Systems
Windows Phone Overview
What we can test?
Challenges
Approach & Prerequisites
Methodology
Application File Structure
Tools for Penetration Testing
Security Features
2. Agenda
Mobile Platform Operating Systems
Windows Phone Overview
What we can test?
Challenges
Approach & Prerequisites
Methodology
Application File Structure
Tools for Penetration Testing
3. Microsoft Phone!
Windows Phone 8 (WP8) – used to be called Windows Mobile until 7.x
ARM Hardware Architecture (like iOS, Android, and Blackberry)
Windows Phone Runtime Application Architecture
Developer apps work on both Windows 8 and WP8
Windows NT kernel
Windows 10 Mobile: The release was officially dubbed "Version 1511" or "November Update" (owing
to the fact that in all other editions of Windows 10, this version was an update).
Windows 10 Mobile launched with the Microsoft Lumia 550, 950 and 950 XL. The rollout for Windows
Phone 8.1 devices started March 17, 2016
4. Understanding the platform
WM10 uses NT Kernel
128-bit BitLocker for device encryption
NTFS file system
Sandboxed apps
SafeBoot: Secure UEFI Boot
➔ Can’t boot software without correct digital signature to be loaded on the phone
➔ TPM 2.0 – requires unique keys to be burned into chip during production
Windows Mobile binaries must have Microsoft signed digital signatures
5. Application Sandboxing
Each app has a local isolated storage
Limited app-to-app communication
App A cannot see App B storage
App folder has:
❖ Settings
❖ Files
❖ Directories
❖ Database
6. Jailbreakable or not!
WM10 is a closed OS, just like most things Microsoft stuff
No jailbreak yet – some activities you would like to do for mobile device testing will not be possible
❖ Access to memory
❖ Local file system and storage
❖ Transfer files to and from device
7. Static Analysis
View Manifest information
View the application tree including assemblies, types and methods
Methods which use APIs
9. Purpose of Source code review
“UNDERSTAND THE WORKING OF THE APPLICATION AND TO FIGURE OUT THE LOOPHOLES!”
To find Treasure Key Words like: password , keys , sql, algo, AES, DES, Base64, etc
Detect the data storage definitions
Detect backdoors or suspicious code
Detect injection flaws
Figure out weak algorithm usage and hardcoded keys
E.g. Password in Banking ApplicaZon (SensiZve InformaZon)
E.g. Angry Birds Malware (Stealing Data)
E.g. Zitmo Malware (Sending SMS)
10. Reverse engineering a windows mobile application
Tools used :
● De-compresser (Winrar / Winzip / 7zip)
● .Net Decompiler (ILSpy)
● Visual Studio / Notepad
Steps :
● xap -> .dll
● dll -> .csproject / .vbproject
13. Testing Approach
◼ Emulator / Windows Phone SDK
◼ Unlocked Device
◼ Side Loading
◼ Developer Unlock – Free Unlock with 2 Apps Limit
◼ Student Unlock – Up to 3 Apps
◼ Limitations
◼ Apps from the store cannot be extracted
◼ Apps from the store will not work on emulators
14. Sideloading apps
◼ It is a process of installing apps on a device without using app store
◼ Windows phone Power tools is used to deploy apps
◼ Plug in your device, unlock your device & run Windows phone Power tools
◼ Only apps signed with certificates will run on unlocked phones