windows phone application penetration testing

Penetration TestingWindows Phone Applications

Jewel Joy

Contents Windows Phone

Overview Approach Application File

Structure Tools for

Penetration Testing

Security Features

Penetration Testing of Windows Phone Applications

Windows Phone Overview

Microsoft’s Own OS Based on Windows 8 Core – ARM Architecture History

The successor to the Windows Mobile OS - 15 Mar 2010 – Windows Phone 7 series announced - 21 Oct 2010 – Windows Phone 7 released - 29 Oct 2012 – Windows Phone 8 released With the

GDR 2 (Amber) & GDR 3 (Black) Updates

Penetration Testing of Windows Phone Applications

Penetration Testing of Windows Phone Applications

OS Features

NTFS file system support BitLocker device encryption Sandboxed applications: Applications run in their own sandboxed

virtual environment UEFI Secure boot: Unified Extensible Firmware Interface (UEFI) is

the successor to the legacy BIOS firmware interface. UEFI relies on the Trusted Platform Module (TPM) 2.0 standard requiring unique keys to be burned into the chip during production to restrict software without correct digital signature to execute.

All Windows Phone 8 binaries must have digital signatures signed by Microsoft to run

Penetration Testing of Windows Phone Applications

Security features Chamber Concept (WP7)

Trusted Computing Base (TCB)▪ Kernel, kernel-mode drivers

- Elevated Rights Chamber (ERC)▪ Services, user-mode drivers

- Standard Rights Chamber (SRC)▪ Pre-installed applications

- Least Privileged Chamber (LPC)▪ Applications from WP store

Penetration Testing of Windows Phone Applications

Chamber Concept (WP8) Trusted Computing Base

(TCB)▪ Kernel, kernel-mode drivers

- Least Privileged Chamber (LPC)

All other software: services, pre-installed apps,

application from WP store

Penetration Testing of Windows Phone Applications

Capabilities

Penetration Testing of Windows Phone Applications

Sandboxing

Testing Approach

Emulator / Windows Phone SDK Unlocked Device

Side Loading Developer Unlock – Free Unlock with 2 Apps Limit Student Unlock – Up to 3 Apps

Limitations Apps from the store cannot be extracted Apps from the store will not work on emulators

Penetration Testing of Windows Phone Applications

Penetration Testing of Windows Phone Applications

Tools Burp Suite WP Power tools .NET Reflector

Penetration Testing of Windows Phone Applications

Application File Structure

► AppManifest.xaml► WMAppManifest.xml

► WMAppManifest.xml

Penetration Testing of Windows Phone Applications

XAP - Headers

Penetration Testing of Windows Phone Applications

File Analysis

Penetration Testing of Windows Phone Applications

Thank You