Skip to content

Commit

Permalink
add binary and output with simpler function
Browse files Browse the repository at this point in the history
  • Loading branch information
@cpholguera
cpholguera committed Aug 31, 2024
1 parent 510b012 commit 3fcbba8
Show file tree
Hide file tree
Showing 5 changed files with 228 additions and 28 deletions.
Binary file added demos/ios/MASVS-CRYPTO/MASTG-DEMO-0014/MASTestApp
View file
Binary file not shown.
30 changes: 4 additions & 26 deletions demos/ios/MASVS-CRYPTO/MASTG-DEMO-0014/MastgTest.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@ struct MastgTest {

// Step 1: Use a hardcoded ECDSA P-256 private key (32 bytes for P-256) in bytes
let privateKeyBytes: [UInt8] = [
0x7c, 0x02, 0x2a, 0x7e, 0x53, 0x7e, 0x1a, 0x2d,
0x44, 0x77, 0xd4, 0xf6, 0x20, 0x8b, 0x14, 0xdb,
0x4e, 0x8d, 0x84, 0x19, 0xd6, 0x23, 0x5f, 0xf2,
0x7c, 0x02, 0x2a, 0x7e, 0x53, 0x7e, 0x1a, 0x2d,
0x44, 0x77, 0xd4, 0xf6, 0x20, 0x8b, 0x14, 0xdb,
0x4e, 0x8d, 0x84, 0x19, 0xd6, 0x23, 0x5f, 0xf2,
0x4e, 0x4b, 0x8d, 0x18, 0xf4, 0x2c, 0x76, 0xe2
]
let privateKeyData = Data(privateKeyBytes)
Expand All @@ -18,30 +18,8 @@ struct MastgTest {
return
}

let publicKey = privateKey.publicKey

// Data to sign
let dataToSign = "This is a sample text".data(using: .utf8)!

// Step 2: Sign the data with the hardcoded private key
let signature = try! privateKey.signature(for: dataToSign)

// Convert signature to hex string for display
let signatureHex = signature.rawRepresentation.map { String(format: "%02hhx", $0) }.joined()

// Step 3: Verify the signature with the public key
let verificationStatus = publicKey.isValidSignature(signature, for: dataToSign)

let verificationResult = verificationStatus ? "Signature is valid." : "Signature is invalid."

let value = """
Original: \(String(data: dataToSign, encoding: .utf8)!)
Public Key (Hex): \(publicKey.rawRepresentation.map { String(format: "%02hhx", $0) }.joined())
Signature (Hex): \(signatureHex)
Verification: \(verificationResult)
Private Key (Hex): \(privateKeyData.map { String(format: "%02hhx", $0) }.joined())
"""

completion(value)
Expand Down
222 changes: 222 additions & 0 deletions demos/ios/MASVS-CRYPTO/MASTG-DEMO-0014/output.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,222 @@
[0x10000aae0]> afl~P256.Signing.PrivateKey
0x10000aeac 1 12 sym.imp.CryptoKit.P256.Signing.PrivateKey.rawRepresentation.Foundation.ContiguousBytes...lufC
0x10000aeb8 1 12 sym.imp.CryptoKit.P256.Signing.PrivateKey...VMa

[0x10000aae0]> axt @ 0x10000aeac
sym.func.1000086dc 0x1000087f8 [CALL:--x] bl sym.imp.CryptoKit.P256.Signing.PrivateKey.rawRepresentation.Foundation.ContiguousBytes...lufC

[0x10000aae0]> pdf @ sym.func.1000086dc
; CALL XREF from sym.func.100009a34 @ 0x100009a6c(x)
┌ 720: sym.func.1000086dc (int64_t arg1, int64_t arg2, int64_t arg3, int64_t arg_10h, int64_t arg_20h, int64_t arg_30h, int64_t arg_40h, int64_t arg_50h);
│ 0x1000086dc stp x28, x27, [sp, -0x60]!
│ 0x1000086e0 stp x26, x25, [var_0hx10]
│ 0x1000086e4 stp x24, x23, [var_0hx20]
│ 0x1000086e8 stp x22, x21, [var_0hx30]
│ 0x1000086ec stp x20, x19, [var_60h]
│ 0x1000086f0 stp x29, x30, [arg_50h]
│ 0x1000086f4 add x29, sp, 0x50
│ 0x1000086f8 sub sp, sp, 0x40
│ 0x1000086fc mov x19, x2 ; arg3
│ 0x100008700 mov x22, x1 ; arg2
│ 0x100008704 mov x23, x0 ; arg1
│ 0x100008708 mov x27, 0x13
│ 0x10000870c movk x27, 0xd000, lsl 48
│ 0x100008710 adrp x0, segment.__DATA ; 0x100010000
│ 0x100008714 add x0, x0, 0xe8 ; int64_t arg1
│ 0x100008718 bl sym.func.1000089ac
│ 0x10000871c ldur x8, [x0, -8]
│ 0x100008720 ldr x8, [x8, 0x40]
│ 0x100008724 mov x9, x8
│ 0x100008728 adrp x16, reloc.Foundation.__DataStorage.bytes.allocator...itcfc ; 0x10000c000
│ 0x10000872c ldr x16, reloc.__chkstk_darwin ; 0x10000c358
│ 0x100008730 blr x16
│ 0x100008734 mov x9, sp
│ 0x100008738 add x8, x8, 0xf
│ 0x10000873c and x8, x8, 0xfffffffffffffff0
│ 0x100008740 sub x20, x9, x8
│ 0x100008744 mov sp, x20
│ 0x100008748 adrp x0, segment.__DATA ; 0x100010000
│ 0x10000874c add x0, x0, 0xf0 ; int64_t arg1
│ 0x100008750 bl sym.func.1000089ac
│ 0x100008754 adrp x1, segment.__DATA ; 0x100010000
│ 0x100008758 add x1, x1, 0xa8
│ 0x10000875c bl sym.imp.swift_initStaticObject
│ 0x100008760 mov x21, x0
│ 0x100008764 adrp x24, segment.__DATA ; 0x100010000
│ 0x100008768 add x24, x24, 0xf8
│ 0x10000876c mov x0, x24 ; int64_t arg1
│ 0x100008770 bl sym.func.1000089ac
│ 0x100008774 mov x25, x0
│ 0x100008778 stur x0, [x29, -0x60]
│ 0x10000877c adrp x0, segment.__DATA ; 0x100010000
│ 0x100008780 add x0, x0, 0x100 ; int64_t arg1
│ 0x100008784 adrp x2, reloc.Foundation.__DataStorage.bytes.allocator...itcfc ; 0x10000c000
│ 0x100008788 ldr x2, reloc.Foundation.ContiguousBytes.UInt8...szlMc ; 0x10000c310 ; int64_t arg3
│ 0x10000878c mov x1, x24 ; int64_t arg2
│ 0x100008790 bl sym.func.100008b3c
│ 0x100008794 stur x0, [x29, -0x58]
│ 0x100008798 stur x21, [x29, -0x78]
│ 0x10000879c sub x0, x29, 0x78 ; int64_t arg1
│ 0x1000087a0 mov x1, x25 ; int64_t arg2
│ 0x1000087a4 bl sym.func.100008a30
│ 0x1000087a8 ldr x8, [x0]
│ 0x1000087ac add x0, x8, 0x20 ; int64_t arg1
│ 0x1000087b0 ldr x8, [x8, 0x10]
│ 0x1000087b4 add x1, x0, x8 ; int64_t arg2
│ 0x1000087b8 bl sym.func.100008674
│ 0x1000087bc mov x25, x0
│ 0x1000087c0 mov x24, x1
│ 0x1000087c4 sub x0, x29, 0x78 ; int64_t arg1
│ 0x1000087c8 bl sym.func.100008a54
│ 0x1000087cc stp x25, x24, [x29, -0x78]
│ 0x1000087d0 mov x0, x25 ; int64_t arg2
│ 0x1000087d4 mov x1, x24
│ 0x1000087d8 bl sym.func.100008a74
│ 0x1000087dc adrp x1, reloc.Foundation.__DataStorage.bytes.allocator...itcfc ; 0x10000c000
│ 0x1000087e0 ldr x1, [x1, 0x30] ; 0x10000c030
│ ; reloc.Foundation.Data...VN
│ 0x1000087e4 adrp x2, reloc.Foundation.__DataStorage.bytes.allocator...itcfc ; 0x10000c000
│ 0x1000087e8 ldr x2, [x2, 0x28] ; 0x10000c028
│ ; reloc.Foundation.Data...VAA15ContiguousBytesAAWP.ContiguousBytes...WP
│ 0x1000087ec sub x0, x29, 0x78
│ 0x1000087f0 mov x8, x20
│ 0x1000087f4 mov x21, 0
│ 0x1000087f8 bl sym CryptoKit.P256.Signing.PrivateKey.rawRepresentation.Foundation.ContiguousBytes...lufC ; sym.imp.CryptoKit.P256.Signing.PrivateKey.rawRepresentation.Foundation.ContiguousBytes...lufC
│ ┌─< 0x1000087fc cbz x21, 0x100008830
│ │ 0x100008800 mov x0, x21
│ │ 0x100008804 bl sym.imp.swift_errorRelease
│ │ 0x100008808 mov x0, 0
│ │ 0x10000880c bl sym CryptoKit.P256.Signing.PrivateKey...VMa ; sym.imp.CryptoKit.P256.Signing.PrivateKey...VMa
│ │ 0x100008810 mov x3, x0
│ │ 0x100008814 ldur x8, [x0, -8]
│ │ 0x100008818 ldr x8, [x8, 0x38]
│ │ 0x10000881c mov x0, x20
│ │ 0x100008820 mov w1, 1
│ │ 0x100008824 mov w2, 1
│ │ 0x100008828 blr x8
│ ┌──< 0x10000882c b 0x100008874
│ ││ ; CODE XREF from sym.func.1000086dc @ 0x1000087fc(x)
│ │└─> 0x100008830 mov x0, 0
│ │ 0x100008834 bl sym CryptoKit.P256.Signing.PrivateKey...VMa ; sym.imp.CryptoKit.P256.Signing.PrivateKey...VMa
│ │ 0x100008838 mov x26, x0
│ │ 0x10000883c ldur x28, [x0, -8]
│ │ 0x100008840 ldr x8, [x28, 0x38]
│ │ 0x100008844 mov x0, x20
│ │ 0x100008848 mov w1, 0
│ │ 0x10000884c mov w2, 1
│ │ 0x100008850 mov x3, x26
│ │ 0x100008854 blr x8
│ │ 0x100008858 ldr x8, [x28, 0x30]
│ │ 0x10000885c mov x0, x20
│ │ 0x100008860 mov w1, 1
│ │ 0x100008864 mov x2, x26
│ │ 0x100008868 blr x8
│ │ 0x10000886c cmp w0, 1
│ │┌─< 0x100008870 b.ne 0x10000889c
│ ││ ; CODE XREF from sym.func.1000086dc @ 0x10000882c(x)
│ └──> 0x100008874 mov x0, x20 ; int64_t arg1
│ │ 0x100008878 bl sym.func.100008ab8
│ │ 0x10000887c stp x23, x22, [x29, -0x78]
│ │ 0x100008880 stur x19, [x29, -0x68]
│ │ 0x100008884 add x8, x27, 0xa
│ │ 0x100008888 adrp x9, 0x10000b000
│ │ 0x10000888c add x9, x9, 0x9b0 ; 0x10000b9b0 ; "Failed to create private key."
│ │ 0x100008890 sub x9, x9, 0x20
│ │ 0x100008894 orr x9, x9, 0x8000000000000000
│ ┌──< 0x100008898 b 0x100008960
│ ││ ; CODE XREF from sym.func.1000086dc @ 0x100008870(x)
│ │└─> 0x10000889c mov x0, x20 ; int64_t arg1
│ │ 0x1000088a0 bl sym.func.100008ab8
│ │ 0x1000088a4 mov x8, -0x2000000000000000
│ │ 0x1000088a8 stp xzr, x8, [x29, -0x78]
│ │ 0x1000088ac sub x20, x29, 0x78
│ │ 0x1000088b0 mov w0, 0x15
│ │ 0x1000088b4 bl sym _StringGuts.grow...SiF ; sym.imp._StringGuts.grow...SiF
│ │ 0x1000088b8 ldur x0, [x29, -0x70] ; void *arg0
│ │ 0x1000088bc bl sym.imp.swift_bridgeObjectRelease ; void swift_bridgeObjectRelease(void *arg0)
│ │ 0x1000088c0 adrp x8, 0x10000b000
│ │ 0x1000088c4 add x8, x8, 0x9d0 ; 0x10000b9d0 ; "Private Key (Hex): "
│ │ 0x1000088c8 sub x8, x8, 0x20
│ │ 0x1000088cc orr x8, x8, 0x8000000000000000
│ │ 0x1000088d0 stp x27, x8, [x29, -0x78]
│ │ 0x1000088d4 mov x0, x25 ; int64_t arg1
│ │ 0x1000088d8 mov x1, x24 ; int64_t arg2
│ │ 0x1000088dc bl sym.func.100008000
│ │ 0x1000088e0 mov x21, x0
│ │ 0x1000088e4 stur x0, [x29, -0x90]
│ │ 0x1000088e8 adrp x20, segment.__DATA ; 0x100010000
│ │ 0x1000088ec add x20, x20, 0x110
│ │ 0x1000088f0 mov x0, x20 ; int64_t arg1
│ │ 0x1000088f4 bl sym.func.1000089ac
│ │ 0x1000088f8 mov x26, x0
│ │ 0x1000088fc adrp x0, segment.__DATA ; 0x100010000
│ │ 0x100008900 add x0, x0, 0x118 ; int64_t arg1
│ │ 0x100008904 adrp x2, reloc.Foundation.__DataStorage.bytes.allocator...itcfc ; 0x10000c000
│ │ 0x100008908 ldr x2, reloc....SayxGSKsMc ; 0x10000c318 ; int64_t arg3
│ │ 0x10000890c mov x1, x20 ; int64_t arg2
│ │ 0x100008910 bl sym.func.100008b3c
│ │ 0x100008914 mov x3, x0
│ │ 0x100008918 sub x20, x29, 0x90
│ │ 0x10000891c mov x0, 0
│ │ 0x100008920 mov x1, -0x2000000000000000
│ │ 0x100008924 mov x2, x26
│ │ 0x100008928 bl sym Element...F ; sym.imp.Element...F
│ │ 0x10000892c mov x26, x0
│ │ 0x100008930 mov x27, x1
│ │ 0x100008934 mov x0, x21 ; void *arg0
│ │ 0x100008938 bl sym.imp.swift_bridgeObjectRelease ; void swift_bridgeObjectRelease(void *arg0)
│ │ 0x10000893c sub x20, x29, 0x78
│ │ 0x100008940 mov x0, x26
│ │ 0x100008944 mov x1, x27
│ │ 0x100008948 bl sym append...ySSF ; sym.imp.append...ySSF
│ │ 0x10000894c mov x0, x27 ; void *arg0
│ │ 0x100008950 bl sym.imp.swift_bridgeObjectRelease ; void swift_bridgeObjectRelease(void *arg0)
│ │ 0x100008954 ldp x8, x9, [x29, -0x78]
│ │ 0x100008958 stp x23, x22, [x29, -0x78]
│ │ 0x10000895c stur x19, [x29, -0x68]
│ │ ; CODE XREF from sym.func.1000086dc @ 0x100008898(x)
│ └──> 0x100008960 stp x8, x9, [x29, -0x90]
│ 0x100008964 adrp x0, segment.__DATA ; 0x100010000
│ 0x100008968 add x0, x0, 0x108 ; int64_t arg1
│ 0x10000896c bl sym.func.1000089ac
│ 0x100008970 mov x1, x0
│ 0x100008974 sub x0, x29, 0x90
│ 0x100008978 sub x20, x29, 0x78
│ 0x10000897c bl sym SwiftUI.State.wrappedValue...s ; sym.imp.SwiftUI.State.wrappedValue...s
│ 0x100008980 mov x0, x25 ; void *arg0
│ 0x100008984 mov x1, x24 ; int64_t arg2
│ 0x100008988 bl sym.func.100008af8
│ 0x10000898c sub sp, x29, 0x50
│ 0x100008990 ldp x29, x30, [arg_50h]
│ 0x100008994 ldp x20, x19, [var_60h]
│ 0x100008998 ldp x22, x21, [var_0hx30]
│ 0x10000899c ldp x24, x23, [var_0hx20]
│ 0x1000089a0 ldp x26, x25, [var_0hx10]
│ 0x1000089a4 ldp x28, x27, [sp], 0x60
└ 0x1000089a8 ret


[0x10000aae0]> px 256 @ 0x100010000
- offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
0x100010000 8100 0000 2800 0000 2800 0000 0000 0000 ....(...(.......
0x100010010 0000 0000 0000 0000 20ba 0000 0000 9000 ........ .......
0x100010020 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x100010030 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x100010040 0000 0000 0000 0000 8000 0000 1000 0000 ................
0x100010050 1000 0000 0000 0000 0000 0000 0000 0000 ................
0x100010060 20ba 0000 0000 6000 0000 0000 0000 0000 .....`.........
0x100010070 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x100010080 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x100010090 c8bb 0000 0000 1000 9400 0000 0000 a083 ................
0x1000100a0 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x1000100b0 0000 0000 0000 0000 2000 0000 0000 0000 ........ .......
0x1000100c0 4000 0000 0000 0000 7c02 2a7e 537e 1a2d @.......|.*~S~.-
0x1000100d0 4477 d4f6 208b 14db 4e8d 8419 d623 5ff2 Dw.. ...N....#_.
0x1000100e0 4e4b 8d18 f42c 76e2 7cb0 ffff f9ff ffff NK...,v.|.......
0x1000100f0 7cb0 ffff f4ff ffff 82b0 ffff f7ff ffff |...............


[0x10000aae0]> px 32 @ 0x1000100c8
- offset - C8C9 CACB CCCD CECF D0D1 D2D3 D4D5 D6D7 89ABCDEF01234567
0x1000100c8 7c02 2a7e 537e 1a2d 4477 d4f6 208b 14db |.*~S~.-Dw.. ...
0x1000100d8 4e8d 8419 d623 5ff2 4e4b 8d18 f42c 76e2 N....#_.NK...,v.
2 changes: 1 addition & 1 deletion tests-beta/ios/MASVS-CRYPTO/MASTG-TEST-0216.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
title: Use of Hardcoded Cryptographic Keys in APIs
title: Use of Hardcoded Cryptographic Keys in Code
platform: ios
id: MASTG-TEST-0216
type: [static]
Expand Down
2 changes: 1 addition & 1 deletion tests-beta/ios/MASVS-CRYPTO/MASTG-TEST-0217.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ Cryptographic keys may be embedded files such as configuration files or key file
- **Identified by PEM Markers**: Strings such as `-----BEGIN PRIVATE KEY-----`, `-----BEGIN CERTIFICATE-----`, or the byte sequence `0x2d 0x2d 0x2d 0x2d 0x2d` (representing `-----` in ASCII) within files indicate the presence of PEM-encoded keys or certificates.
- **Identified by Common Byte Patterns**: Binary files containing specific byte sequences that match known DER or PKCS#12 formats, such as `0x30 0x82` (indicating the start of a DER-encoded structure), can indicate the presence of cryptographic material.
- **Embedded in Property Lists or JSON Files**: Keys might be stored within `.plist` or `.json` configuration files, often encoded as Base64 strings.
- **Identified by Specific Strings**: Keywords such as `privateKey`, `apiKey`, `secret`, or `token` within files or variable names can indicate embedded keys or sensitive data.
- **Identified by Specific Strings**: Keywords such as `privateKey`, `key`, or `secret` within files or variable names can indicate embedded keys or sensitive data.

## Steps

Expand Down

0 comments on commit 3fcbba8

Please sign in to comment.