[MASTG-TEST-0210, MASTG-TEST-0211, MASTG-DEMO-0014, MASTG-DEMO-0015, …

…MASTG-DEMO-0016] New Tests and Demos (#2879)

* create demo

* add 2 new tests for weak encrpytion and hashing algs

* minor update demo 14

* add 2 new demos for insecure hashing with cryptokit and commoncrypto

* rm binary

* move binaries

* update .gitignore to exclude Payload/

* add demo 14 binary

* update path to bin in run.sh

.gitignore

@@ -27,4 +27,5 @@ docs/MASTG
 docs/MASWE
 docs/assets/Images
 OWASP_MASVS.yaml
-cross_references.yaml
+cross_references.yaml
+Payload/

demos/ios/MASVS-CRYPTO/MASTG-DEMO-0014/MASTG-DEMO-0014.md

@@ -0,0 +1,89 @@
+---
+platform: ios
+title: Uses of Insecure Encryption Algorithms in CommonCrypto with r2
+code: [swift]
+id: MASTG-DEMO-0014
+test: MASTG-TEST-0210
+---
+
+### Sample
+
+{{ MastgTest.swift }}
+
+### Steps
+
+1. Unzip the app package and locate the main binary file (@MASTG-TECH-0058), which in this case is `./Payload/MASTestApp.app/MASTestApp`.
+2. Open the app binary with @MASTG-TOOL-0073 with the `-i` option to run this script.
+
+{{ cccrypt.r2 }}
+
+{{ run.sh }}
+
+### Observation
+
+The output contains the disassembled code of the function using `CCCrypt`.
+
+{{ output.txt }}
+
+### Evaluation
+
+Inspect the disassembled code to identify the use of insecure algorithms.
+
+In [CommonCryptor.h](https://opensource.apple.com/source/CommonCrypto/CommonCrypto-36064/CommonCrypto/CommonCryptor.h ) you can find the definition of the `CCCrypt` function:
+
+```c
+CCCryptorStatus CCCrypt(
+    CCOperation op,         /* kCCEncrypt, etc. */
+    CCAlgorithm alg,        /* kCCAlgorithmAES128, etc. */
+    CCOptions options,      /* kCCOptionPKCS7Padding, etc. */
+    const void *key,
+    size_t keyLength,
+    const void *iv,         /* optional initialization vector */
+    const void *dataIn,     /* optional per op and alg */
+    size_t dataInLength,
+    void *dataOut,          /* data RETURNED here */
+    size_t dataOutAvailable,
+    size_t *dataOutMoved);
+```
+
+There you will also find the `alg` and the `op`:
+
+```c
+/*!
+    @enum        CCAlgorithm
+    @abstract    Encryption algorithms implemented by this module.
+    
+    @constant    kCCAlgorithmAES128    Advanced Encryption Standard, 128-bit block
+    @constant    kCCAlgorithmDES        Data Encryption Standard
+    @constant    kCCAlgorithm3DES    Triple-DES, three key, EDE configuration
+    @constant    kCCAlgorithmCAST    CAST
+    @constant    kCCAlgorithmRC4        RC4 stream cipher
+*/
+enum {
+    kCCAlgorithmAES128 = 0,
+    kCCAlgorithmDES,        
+    kCCAlgorithm3DES,        
+    kCCAlgorithmCAST,        
+    kCCAlgorithmRC4,
+    kCCAlgorithmRC2        
+};
+typedef uint32_t CCAlgorithm;
+
+/*!
+    @enum        CCOperation
+    @abstract    Operations that an CCCryptor can perform.
+    
+    @constant    kCCEncrypt    Symmetric encryption.
+    @constant    kCCDecrypt    Symmetric decryption.
+*/
+enum {
+    kCCEncrypt = 0,    
+    kCCDecrypt,        
+};
+```
+
+With this information we can now inspect the disassembled code and we'll see that the 3DES algorithm (`kCCAlgorithm3DES`) can be found by its numeric value `2` in the second argument of the `CCCrypt` function (`w1`). The `CCCrypt` function is called with a padding option of PKCS7, no initialization vector, and a key of 24 bytes:
+
+{{ evaluation.txt }}
+
+The test fails because the 3DES encryption algorithm was found in the code.

demos/ios/MASVS-CRYPTO/MASTG-DEMO-0014/MastgTest.swift

@@ -0,0 +1,37 @@
+import SwiftUI
+import CommonCrypto
+
+struct MastgTest {
+    static func mastgTest(completion: @escaping (String) -> Void) {
+        let key = "0123456789abcdef01234567" // 24-byte key for 3DES
+        let data = "This is a sample text".data(using: .utf8)!
+
+        // Create a buffer for encrypted data
+        var encryptedBytes = [UInt8](repeating: 0, count: data.count + kCCBlockSize3DES)
+        var numBytesEncrypted: size_t = 0
+
+        let cryptStatus = data.withUnsafeBytes { dataBytes in
+            key.withCString { keyBytes in
+                CCCrypt(
+                    CCOperation(kCCEncrypt),              // Encrypt
+                    CCAlgorithm(kCCAlgorithm3DES),        // 3DES Algorithm
+                    CCOptions(kCCOptionPKCS7Padding),     // PKCS7 Padding
+                    keyBytes, kCCKeySize3DES,             // Key and key length
+                    nil,                                  // Initialization Vector (optional)
+                    dataBytes.baseAddress, data.count,    // Input data
+                    &encryptedBytes, encryptedBytes.count, // Output data
+                    &numBytesEncrypted                    // Number of bytes encrypted
+                )
+            }
+        }
+
+        if cryptStatus == kCCSuccess {
+            let encryptedData = Data(bytes: encryptedBytes, count: numBytesEncrypted)
+            let encryptedHex = encryptedData.map { String(format: "%02hhx", $0) }.joined()
+            let value = "Original:\n\n \(String(data: data, encoding: .utf8)!)\n\nEncrypted (Hex):\n \(encryptedHex)"
+            completion(value)
+        } else {
+            completion("Encryption failed with status: \(cryptStatus)")
+        }
+    }
+}

demos/ios/MASVS-CRYPTO/MASTG-DEMO-0014/cccrypt.r2

@@ -0,0 +1,11 @@
+# Find the address of the CCCrypt function
+afl~CCCrypt
+
+# Find all xrefs to CCCrypt (Replace the address with the one you find in the output)
+axt @ 0x1000076c4
+
+# Seek to the function where CCCrypt is called (Replace with the address found from axt output)
+s fcn.1000040b8
+
+# Print the disassembly of the function
+pdf

demos/ios/MASVS-CRYPTO/MASTG-DEMO-0014/evaluation.txt

@@ -0,0 +1,9 @@
+│           0x1000040c0      00008052       mov w0, 0           -> kCCEncrypt (0 for encryption)
+│           0x1000040c4      41008052       mov w1, 2           -> kCCAlgorithm3DES (2 for 3DES)
+│           0x1000040c8      22008052       mov w2, 1           -> kCCOptionPKCS7Padding (1 for PKCS7 padding)
+│           0x1000040cc      e30317aa       mov x3, x23         -> key (pointer to the encryption key)
+│           0x1000040d0      04038052       mov w4, 0x18        -> keyLength (0x18 or 24 bytes for 3DES)
+│           0x1000040d4      050080d2       mov x5, 0           -> iv (0 or NULL, implying no initialization vector)
+│           0x1000040d8      e60316aa       mov x6, x22         -> dataIn (pointer to the input data to be encrypted)
+│           0x1000040dc      e70319aa       mov x7, x25         -> dataOut (pointer to the output buffer where encrypted data will be stored)
+│           0x1000040e0      790d0094       bl sym.imp.CCCrypt  -> Call to CCCrypt function

demos/ios/MASVS-CRYPTO/MASTG-DEMO-0014/output.txt

@@ -0,0 +1,31 @@
+0x1000076c4    1     12 sym.imp.CCCrypt
+fcn.1000040b8 0x1000040e0 [CALL:--x] bl sym.imp.CCCrypt
+┌ 84: fcn.1000040b8 (int64_t arg_20h, int64_t arg_30h, int64_t arg_40h, int64_t arg_50h, int64_t arg_60h, int64_t arg_70h, int64_t arg_80h);
+│           ; arg int64_t arg_20h @ sp+0x20
+│           ; arg int64_t arg_30h @ sp+0x30
+│           ; arg int64_t arg_40h @ sp+0x40
+│           ; arg int64_t arg_50h @ sp+0x50
+│           ; arg int64_t arg_60h @ sp+0x60
+│           ; arg int64_t arg_70h @ sp+0x70
+│           ; arg int64_t arg_80h @ sp+0x100
+│           0x1000040b8      fbe300a9       stp x27, x24, [sp, 8]
+│           0x1000040bc      e80300f9       str x8, [sp]
+│           0x1000040c0      00008052       mov w0, 0
+│           0x1000040c4      41008052       mov w1, 2
+│           0x1000040c8      22008052       mov w2, 1
+│           0x1000040cc      e30317aa       mov x3, x23
+│           0x1000040d0      04038052       mov w4, 0x18
+│           0x1000040d4      050080d2       mov x5, 0
+│           0x1000040d8      e60316aa       mov x6, x22
+│           0x1000040dc      e70319aa       mov x7, x25
+│           0x1000040e0      790d0094       bl sym.imp.CCCrypt
+│           0x1000040e4      800200b9       str w0, [x20]
+│           0x1000040e8      f50313aa       mov x21, x19
+│           0x1000040ec      fd7b47a9       ldp x29, x30, [sp, 0x70]
+│           0x1000040f0      f44f46a9       ldp x20, x19, [sp, 0x60]
+│           0x1000040f4      f75b45a9       ldp x23, x22, [sp, 0x50]
+│           0x1000040f8      f96344a9       ldp x25, x24, [sp, 0x40]
+│           0x1000040fc      fb6b43a9       ldp x27, x26, [sp, 0x30]
+│           0x100004100      fc1340f9       ldr x28, [sp, 0x20]
+│           0x100004104      ff030291       add sp, sp, 0x80
+└           0x100004108      c0035fd6       ret

demos/ios/MASVS-CRYPTO/MASTG-DEMO-0014/run.sh

@@ -0,0 +1 @@
+r2 -q -i cccrypt.r2 -A MASTestApp

demos/ios/MASVS-CRYPTO/MASTG-DEMO-0015/MASTG-DEMO-0015.md

@@ -0,0 +1,32 @@
+---
+platform: ios
+title: Uses of Insecure Hashing Algorithms in CommonCrypto with r2
+code: [swift]
+id: MASTG-DEMO-0015
+test: MASTG-TEST-0211
+---
+
+### Sample
+
+{{ MastgTest.swift }}
+
+### Steps
+
+1. Unzip the app package and locate the main binary file (@MASTG-TECH-0058), which in this case is `./Payload/MASTestApp.app/MASTestApp`.
+2. Open the app binary with @MASTG-TOOL-0073 with the `-i` option to run this script.
+
+{{ cchash.r2 }}
+
+{{ run.sh }}
+
+### Observation
+
+The output contains all uses of CommonCrypto hash functions in the binary, the xrefs for `CC_MD5` and `CC_SHA1` and the disassembled code of the region where each of these functions is called.
+
+{{ output.txt }}
+
+### Evaluation
+
+The test fails because the MD5 and SHA1 algorithms were found in the code.
+
+Remember that the context is important when evaluating the use of these algorithms. In some cases, the use of MD5 or SHA1 may be acceptable, for example, when the algorithm is used for checksums or non-cryptographic purposes. In order to determine that you should further analyze the reverse-engineered code and try to learn more about the context in which these algorithms are used.

demos/ios/MASVS-CRYPTO/MASTG-DEMO-0015/MastgTest.swift

@@ -0,0 +1,40 @@
+import Foundation
+import CommonCrypto
+
+struct MastgTest {
+    // Function to generate a SHA-1 hash
+    static func generateSHA1Hash(data: Data) -> String {
+        var hash = [UInt8](repeating: 0, count: Int(CC_SHA1_DIGEST_LENGTH))
+        data.withUnsafeBytes {
+            _ = CC_SHA1($0.baseAddress, CC_LONG(data.count), &hash)
+        }
+        return hash.map { String(format: "%02hhx", $0) }.joined()
+    }
+
+    // Function to generate an MD5 hash
+    static func generateMD5Hash(data: Data) -> String {
+        var hash = [UInt8](repeating: 0, count: Int(CC_MD5_DIGEST_LENGTH))
+        data.withUnsafeBytes {
+            _ = CC_MD5($0.baseAddress, CC_LONG(data.count), &hash)
+        }
+        return hash.map { String(format: "%02hhx", $0) }.joined()
+    }
+
+    static func mastgTest(completion: @escaping (String) -> Void) {
+        let input = "This is a sample text".data(using: .utf8)!
+
+        // Generate SHA-1 hash
+        let sha1Hash = generateSHA1Hash(data: input)
+
+        // Generate MD5 hash
+        let md5Hash = generateMD5Hash(data: input)
+
+        let value = """
+        Original: \(String(data: input, encoding: .utf8)!)
+        SHA-1 Hash: \(sha1Hash)
+        MD5 Hash: \(md5Hash)
+        """
+
+        completion(value)
+    }
+}

demos/ios/MASVS-CRYPTO/MASTG-DEMO-0015/cchash.r2

@@ -0,0 +1,22 @@
+!printf "\n\n"
+
+!printf "Uses of CommonCrypto hash function:\n"
+afl~CC_
+
+!printf "\n"
+
+!printf "xrefs to CC_MD5:\n"
+axt @ 0x1000071a8
+
+!printf "xrefs to CC_SHA1:\n"
+axt @ 0x1000071b4
+
+!printf "\n"
+
+!printf "Use of MD5:\n"
+pd-- 5 @ 0x1000048c4
+
+!printf "\n"
+
+!printf "Use of SHA1:\n"
+pd-- 5 @ 0x10000456c

demos/ios/MASVS-CRYPTO/MASTG-DEMO-0015/output.txt

@@ -0,0 +1,36 @@
+Uses of CommonCrypto hash function:
+0x1000071a8    1     12 sym.imp.CC_MD5
+0x1000071b4    1     12 sym.imp.CC_SHA1
+
+xrefs to CC_MD5:
+(nofunc) 0x1000048c4 [CALL:--x] bl sym.imp.CC_MD5
+xrefs to CC_SHA1:
+(nofunc) 0x10000456c [CALL:--x] bl sym.imp.CC_SHA1
+
+Use of MD5:
+            0x1000048b0      ffe301f8       stur xzr, [sp, 0x1e]
+            0x1000048b4      ff0f00f9       str xzr, [sp, 0x18]
+            0x1000048b8      e01b00f9       str x0, [sp, 0x30]
+            0x1000048bc      e0630091       add x0, sp, 0x18
+            0x1000048c0      01008052       mov w1, 0
+            ; CODE XREF from sym.func.100004728 @ +0xf0(x)
+            0x1000048c4      390a0094       bl sym.imp.CC_MD5
+            0x1000048c8      e00316aa       mov x0, x22
+            0x1000048cc      e10314aa       mov x1, x20
+            0x1000048d0      7d000094       bl sym.func.100004ac4
+            ; CODE XREF from sym.func.100004728 @ +0x184(x)
+            0x1000048d4      e00316aa       mov x0, x22
+
+Use of SHA1:
+            0x100004558      ffe301f8       stur xzr, [sp, 0x1e]
+            0x10000455c      ff0f00f9       str xzr, [sp, 0x18]
+            0x100004560      e01b00f9       str x0, [sp, 0x30]
+            0x100004564      e0630091       add x0, sp, 0x18
+            0x100004568      01008052       mov w1, 0
+            ; CODE XREF from sym.func.1000043cc @ +0xf4(x)
+            0x10000456c      120b0094       bl sym.imp.CC_SHA1
+            0x100004570      e00316aa       mov x0, x22
+            0x100004574      e10314aa       mov x1, x20
+            0x100004578      53010094       bl sym.func.100004ac4
+            ; CODE XREF from sym.func.1000043cc @ +0x188(x)
+            0x10000457c      e00316aa       mov x0, x22

demos/ios/MASVS-CRYPTO/MASTG-DEMO-0015/run.sh

@@ -0,0 +1 @@
+r2 -q -i cchash.r2 -A MASTestApp

demos/ios/MASVS-CRYPTO/MASTG-DEMO-0016/MASTG-DEMO-0016.md

@@ -0,0 +1,32 @@
+---
+platform: ios
+title: Uses of Insecure Hashing Algorithms in CryptoKit with r2
+code: [swift]
+id: MASTG-DEMO-0016
+test: MASTG-TEST-0211
+---
+
+### Sample
+
+{{ MastgTest.swift }}
+
+### Steps
+
+1. Unzip the app package and locate the main binary file (@MASTG-TECH-0058), which in this case is `./Payload/MASTestApp.app/MASTestApp`.
+2. Open the app binary with @MASTG-TOOL-0073 with the `-i` option to run this script.
+
+{{ cryptokit_hash.r2 }}
+
+{{ run.sh }}
+
+### Observation
+
+The output contains all uses of `CryptoKit.Insecure` functions in the binary, the xrefs for `Insecure.MD5` and `Insecure.SHA1` and the disassembled code of the region where each of these functions is called.
+
+{{ output.txt }}
+
+### Evaluation
+
+The test fails because the MD5 and SHA1 algorithms were found in the code.
+
+Remember that the context is important when evaluating the use of these algorithms. In some cases, the use of MD5 or SHA1 may be acceptable, for example, when the algorithm is used for checksums or non-cryptographic purposes. In order to determine that you should further analyze the reverse-engineered code and try to learn more about the context in which these algorithms are used.

demos/ios/MASVS-CRYPTO/MASTG-DEMO-0016/MastgTest.swift

@@ -0,0 +1,34 @@
+import Foundation
+import CryptoKit
+
+struct MastgTest {
+    // Function to generate a SHA-1 hash
+    static func generateSHA1Hash(data: Data) -> String {
+        let hash = Insecure.SHA1.hash(data: data)
+        return hash.compactMap { String(format: "%02x", $0) }.joined()
+    }
+
+    // Function to generate an MD5 hash
+    static func generateMD5Hash(data: Data) -> String {
+        let hash = Insecure.MD5.hash(data: data)
+        return hash.compactMap { String(format: "%02x", $0) }.joined()
+    }
+
+    static func mastgTest(completion: @escaping (String) -> Void) {
+        let input = "This is a sample text".data(using: .utf8)!
+
+        // Generate SHA-1 hash
+        let sha1Hash = generateSHA1Hash(data: input)
+
+        // Generate MD5 hash
+        let md5Hash = generateMD5Hash(data: input)
+
+        let value = """
+        Original: \(String(data: input, encoding: .utf8)!)
+        SHA-1 Hash: \(sha1Hash)
+        MD5 Hash: \(md5Hash)
+        """
+
+        completion(value)
+    }
+}