-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[MASTG-TEST-0210, MASTG-TEST-0211, MASTG-DEMO-0014, MASTG-DEMO-0015, …
…MASTG-DEMO-0016] New Tests and Demos (#2879) * create demo * add 2 new tests for weak encrpytion and hashing algs * minor update demo 14 * add 2 new demos for insecure hashing with cryptokit and commoncrypto * rm binary * move binaries * update .gitignore to exclude Payload/ * add demo 14 binary * update path to bin in run.sh
- Loading branch information
1 parent
49f77b7
commit c4badb8
Showing
22 changed files
with
540 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -27,4 +27,5 @@ docs/MASTG | |
docs/MASWE | ||
docs/assets/Images | ||
OWASP_MASVS.yaml | ||
cross_references.yaml | ||
cross_references.yaml | ||
Payload/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
--- | ||
platform: ios | ||
title: Uses of Insecure Encryption Algorithms in CommonCrypto with r2 | ||
code: [swift] | ||
id: MASTG-DEMO-0014 | ||
test: MASTG-TEST-0210 | ||
--- | ||
|
||
### Sample | ||
|
||
{{ MastgTest.swift }} | ||
|
||
### Steps | ||
|
||
1. Unzip the app package and locate the main binary file (@MASTG-TECH-0058), which in this case is `./Payload/MASTestApp.app/MASTestApp`. | ||
2. Open the app binary with @MASTG-TOOL-0073 with the `-i` option to run this script. | ||
|
||
{{ cccrypt.r2 }} | ||
|
||
{{ run.sh }} | ||
|
||
### Observation | ||
|
||
The output contains the disassembled code of the function using `CCCrypt`. | ||
|
||
{{ output.txt }} | ||
|
||
### Evaluation | ||
|
||
Inspect the disassembled code to identify the use of insecure algorithms. | ||
|
||
In [CommonCryptor.h](https://opensource.apple.com/source/CommonCrypto/CommonCrypto-36064/CommonCrypto/CommonCryptor.h ) you can find the definition of the `CCCrypt` function: | ||
|
||
```c | ||
CCCryptorStatus CCCrypt( | ||
CCOperation op, /* kCCEncrypt, etc. */ | ||
CCAlgorithm alg, /* kCCAlgorithmAES128, etc. */ | ||
CCOptions options, /* kCCOptionPKCS7Padding, etc. */ | ||
const void *key, | ||
size_t keyLength, | ||
const void *iv, /* optional initialization vector */ | ||
const void *dataIn, /* optional per op and alg */ | ||
size_t dataInLength, | ||
void *dataOut, /* data RETURNED here */ | ||
size_t dataOutAvailable, | ||
size_t *dataOutMoved); | ||
``` | ||
There you will also find the `alg` and the `op`: | ||
```c | ||
/*! | ||
@enum CCAlgorithm | ||
@abstract Encryption algorithms implemented by this module. | ||
@constant kCCAlgorithmAES128 Advanced Encryption Standard, 128-bit block | ||
@constant kCCAlgorithmDES Data Encryption Standard | ||
@constant kCCAlgorithm3DES Triple-DES, three key, EDE configuration | ||
@constant kCCAlgorithmCAST CAST | ||
@constant kCCAlgorithmRC4 RC4 stream cipher | ||
*/ | ||
enum { | ||
kCCAlgorithmAES128 = 0, | ||
kCCAlgorithmDES, | ||
kCCAlgorithm3DES, | ||
kCCAlgorithmCAST, | ||
kCCAlgorithmRC4, | ||
kCCAlgorithmRC2 | ||
}; | ||
typedef uint32_t CCAlgorithm; | ||
/*! | ||
@enum CCOperation | ||
@abstract Operations that an CCCryptor can perform. | ||
@constant kCCEncrypt Symmetric encryption. | ||
@constant kCCDecrypt Symmetric decryption. | ||
*/ | ||
enum { | ||
kCCEncrypt = 0, | ||
kCCDecrypt, | ||
}; | ||
``` | ||
|
||
With this information we can now inspect the disassembled code and we'll see that the 3DES algorithm (`kCCAlgorithm3DES`) can be found by its numeric value `2` in the second argument of the `CCCrypt` function (`w1`). The `CCCrypt` function is called with a padding option of PKCS7, no initialization vector, and a key of 24 bytes: | ||
|
||
{{ evaluation.txt }} | ||
|
||
The test fails because the 3DES encryption algorithm was found in the code. |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
import SwiftUI | ||
import CommonCrypto | ||
|
||
struct MastgTest { | ||
static func mastgTest(completion: @escaping (String) -> Void) { | ||
let key = "0123456789abcdef01234567" // 24-byte key for 3DES | ||
let data = "This is a sample text".data(using: .utf8)! | ||
|
||
// Create a buffer for encrypted data | ||
var encryptedBytes = [UInt8](repeating: 0, count: data.count + kCCBlockSize3DES) | ||
var numBytesEncrypted: size_t = 0 | ||
|
||
let cryptStatus = data.withUnsafeBytes { dataBytes in | ||
key.withCString { keyBytes in | ||
CCCrypt( | ||
CCOperation(kCCEncrypt), // Encrypt | ||
CCAlgorithm(kCCAlgorithm3DES), // 3DES Algorithm | ||
CCOptions(kCCOptionPKCS7Padding), // PKCS7 Padding | ||
keyBytes, kCCKeySize3DES, // Key and key length | ||
nil, // Initialization Vector (optional) | ||
dataBytes.baseAddress, data.count, // Input data | ||
&encryptedBytes, encryptedBytes.count, // Output data | ||
&numBytesEncrypted // Number of bytes encrypted | ||
) | ||
} | ||
} | ||
|
||
if cryptStatus == kCCSuccess { | ||
let encryptedData = Data(bytes: encryptedBytes, count: numBytesEncrypted) | ||
let encryptedHex = encryptedData.map { String(format: "%02hhx", $0) }.joined() | ||
let value = "Original:\n\n \(String(data: data, encoding: .utf8)!)\n\nEncrypted (Hex):\n \(encryptedHex)" | ||
completion(value) | ||
} else { | ||
completion("Encryption failed with status: \(cryptStatus)") | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# Find the address of the CCCrypt function | ||
afl~CCCrypt | ||
|
||
# Find all xrefs to CCCrypt (Replace the address with the one you find in the output) | ||
axt @ 0x1000076c4 | ||
|
||
# Seek to the function where CCCrypt is called (Replace with the address found from axt output) | ||
s fcn.1000040b8 | ||
|
||
# Print the disassembly of the function | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
│ 0x1000040c0 00008052 mov w0, 0 -> kCCEncrypt (0 for encryption) | ||
│ 0x1000040c4 41008052 mov w1, 2 -> kCCAlgorithm3DES (2 for 3DES) | ||
│ 0x1000040c8 22008052 mov w2, 1 -> kCCOptionPKCS7Padding (1 for PKCS7 padding) | ||
│ 0x1000040cc e30317aa mov x3, x23 -> key (pointer to the encryption key) | ||
│ 0x1000040d0 04038052 mov w4, 0x18 -> keyLength (0x18 or 24 bytes for 3DES) | ||
│ 0x1000040d4 050080d2 mov x5, 0 -> iv (0 or NULL, implying no initialization vector) | ||
│ 0x1000040d8 e60316aa mov x6, x22 -> dataIn (pointer to the input data to be encrypted) | ||
│ 0x1000040dc e70319aa mov x7, x25 -> dataOut (pointer to the output buffer where encrypted data will be stored) | ||
│ 0x1000040e0 790d0094 bl sym.imp.CCCrypt -> Call to CCCrypt function |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
0x1000076c4 1 12 sym.imp.CCCrypt | ||
fcn.1000040b8 0x1000040e0 [CALL:--x] bl sym.imp.CCCrypt | ||
┌ 84: fcn.1000040b8 (int64_t arg_20h, int64_t arg_30h, int64_t arg_40h, int64_t arg_50h, int64_t arg_60h, int64_t arg_70h, int64_t arg_80h); | ||
│ ; arg int64_t arg_20h @ sp+0x20 | ||
│ ; arg int64_t arg_30h @ sp+0x30 | ||
│ ; arg int64_t arg_40h @ sp+0x40 | ||
│ ; arg int64_t arg_50h @ sp+0x50 | ||
│ ; arg int64_t arg_60h @ sp+0x60 | ||
│ ; arg int64_t arg_70h @ sp+0x70 | ||
│ ; arg int64_t arg_80h @ sp+0x100 | ||
│ 0x1000040b8 fbe300a9 stp x27, x24, [sp, 8] | ||
│ 0x1000040bc e80300f9 str x8, [sp] | ||
│ 0x1000040c0 00008052 mov w0, 0 | ||
│ 0x1000040c4 41008052 mov w1, 2 | ||
│ 0x1000040c8 22008052 mov w2, 1 | ||
│ 0x1000040cc e30317aa mov x3, x23 | ||
│ 0x1000040d0 04038052 mov w4, 0x18 | ||
│ 0x1000040d4 050080d2 mov x5, 0 | ||
│ 0x1000040d8 e60316aa mov x6, x22 | ||
│ 0x1000040dc e70319aa mov x7, x25 | ||
│ 0x1000040e0 790d0094 bl sym.imp.CCCrypt | ||
│ 0x1000040e4 800200b9 str w0, [x20] | ||
│ 0x1000040e8 f50313aa mov x21, x19 | ||
│ 0x1000040ec fd7b47a9 ldp x29, x30, [sp, 0x70] | ||
│ 0x1000040f0 f44f46a9 ldp x20, x19, [sp, 0x60] | ||
│ 0x1000040f4 f75b45a9 ldp x23, x22, [sp, 0x50] | ||
│ 0x1000040f8 f96344a9 ldp x25, x24, [sp, 0x40] | ||
│ 0x1000040fc fb6b43a9 ldp x27, x26, [sp, 0x30] | ||
│ 0x100004100 fc1340f9 ldr x28, [sp, 0x20] | ||
│ 0x100004104 ff030291 add sp, sp, 0x80 | ||
└ 0x100004108 c0035fd6 ret |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
r2 -q -i cccrypt.r2 -A MASTestApp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
--- | ||
platform: ios | ||
title: Uses of Insecure Hashing Algorithms in CommonCrypto with r2 | ||
code: [swift] | ||
id: MASTG-DEMO-0015 | ||
test: MASTG-TEST-0211 | ||
--- | ||
|
||
### Sample | ||
|
||
{{ MastgTest.swift }} | ||
|
||
### Steps | ||
|
||
1. Unzip the app package and locate the main binary file (@MASTG-TECH-0058), which in this case is `./Payload/MASTestApp.app/MASTestApp`. | ||
2. Open the app binary with @MASTG-TOOL-0073 with the `-i` option to run this script. | ||
|
||
{{ cchash.r2 }} | ||
|
||
{{ run.sh }} | ||
|
||
### Observation | ||
|
||
The output contains all uses of CommonCrypto hash functions in the binary, the xrefs for `CC_MD5` and `CC_SHA1` and the disassembled code of the region where each of these functions is called. | ||
|
||
{{ output.txt }} | ||
|
||
### Evaluation | ||
|
||
The test fails because the MD5 and SHA1 algorithms were found in the code. | ||
|
||
Remember that the context is important when evaluating the use of these algorithms. In some cases, the use of MD5 or SHA1 may be acceptable, for example, when the algorithm is used for checksums or non-cryptographic purposes. In order to determine that you should further analyze the reverse-engineered code and try to learn more about the context in which these algorithms are used. |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
import Foundation | ||
import CommonCrypto | ||
|
||
struct MastgTest { | ||
// Function to generate a SHA-1 hash | ||
static func generateSHA1Hash(data: Data) -> String { | ||
var hash = [UInt8](repeating: 0, count: Int(CC_SHA1_DIGEST_LENGTH)) | ||
data.withUnsafeBytes { | ||
_ = CC_SHA1($0.baseAddress, CC_LONG(data.count), &hash) | ||
} | ||
return hash.map { String(format: "%02hhx", $0) }.joined() | ||
} | ||
|
||
// Function to generate an MD5 hash | ||
static func generateMD5Hash(data: Data) -> String { | ||
var hash = [UInt8](repeating: 0, count: Int(CC_MD5_DIGEST_LENGTH)) | ||
data.withUnsafeBytes { | ||
_ = CC_MD5($0.baseAddress, CC_LONG(data.count), &hash) | ||
} | ||
return hash.map { String(format: "%02hhx", $0) }.joined() | ||
} | ||
|
||
static func mastgTest(completion: @escaping (String) -> Void) { | ||
let input = "This is a sample text".data(using: .utf8)! | ||
|
||
// Generate SHA-1 hash | ||
let sha1Hash = generateSHA1Hash(data: input) | ||
|
||
// Generate MD5 hash | ||
let md5Hash = generateMD5Hash(data: input) | ||
|
||
let value = """ | ||
Original: \(String(data: input, encoding: .utf8)!) | ||
SHA-1 Hash: \(sha1Hash) | ||
MD5 Hash: \(md5Hash) | ||
""" | ||
|
||
completion(value) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
!printf "\n\n" | ||
|
||
!printf "Uses of CommonCrypto hash function:\n" | ||
afl~CC_ | ||
|
||
!printf "\n" | ||
|
||
!printf "xrefs to CC_MD5:\n" | ||
axt @ 0x1000071a8 | ||
|
||
!printf "xrefs to CC_SHA1:\n" | ||
axt @ 0x1000071b4 | ||
|
||
!printf "\n" | ||
|
||
!printf "Use of MD5:\n" | ||
pd-- 5 @ 0x1000048c4 | ||
|
||
!printf "\n" | ||
|
||
!printf "Use of SHA1:\n" | ||
pd-- 5 @ 0x10000456c |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
Uses of CommonCrypto hash function: | ||
0x1000071a8 1 12 sym.imp.CC_MD5 | ||
0x1000071b4 1 12 sym.imp.CC_SHA1 | ||
|
||
xrefs to CC_MD5: | ||
(nofunc) 0x1000048c4 [CALL:--x] bl sym.imp.CC_MD5 | ||
xrefs to CC_SHA1: | ||
(nofunc) 0x10000456c [CALL:--x] bl sym.imp.CC_SHA1 | ||
|
||
Use of MD5: | ||
0x1000048b0 ffe301f8 stur xzr, [sp, 0x1e] | ||
0x1000048b4 ff0f00f9 str xzr, [sp, 0x18] | ||
0x1000048b8 e01b00f9 str x0, [sp, 0x30] | ||
0x1000048bc e0630091 add x0, sp, 0x18 | ||
0x1000048c0 01008052 mov w1, 0 | ||
; CODE XREF from sym.func.100004728 @ +0xf0(x) | ||
0x1000048c4 390a0094 bl sym.imp.CC_MD5 | ||
0x1000048c8 e00316aa mov x0, x22 | ||
0x1000048cc e10314aa mov x1, x20 | ||
0x1000048d0 7d000094 bl sym.func.100004ac4 | ||
; CODE XREF from sym.func.100004728 @ +0x184(x) | ||
0x1000048d4 e00316aa mov x0, x22 | ||
|
||
Use of SHA1: | ||
0x100004558 ffe301f8 stur xzr, [sp, 0x1e] | ||
0x10000455c ff0f00f9 str xzr, [sp, 0x18] | ||
0x100004560 e01b00f9 str x0, [sp, 0x30] | ||
0x100004564 e0630091 add x0, sp, 0x18 | ||
0x100004568 01008052 mov w1, 0 | ||
; CODE XREF from sym.func.1000043cc @ +0xf4(x) | ||
0x10000456c 120b0094 bl sym.imp.CC_SHA1 | ||
0x100004570 e00316aa mov x0, x22 | ||
0x100004574 e10314aa mov x1, x20 | ||
0x100004578 53010094 bl sym.func.100004ac4 | ||
; CODE XREF from sym.func.1000043cc @ +0x188(x) | ||
0x10000457c e00316aa mov x0, x22 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
r2 -q -i cchash.r2 -A MASTestApp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
--- | ||
platform: ios | ||
title: Uses of Insecure Hashing Algorithms in CryptoKit with r2 | ||
code: [swift] | ||
id: MASTG-DEMO-0016 | ||
test: MASTG-TEST-0211 | ||
--- | ||
|
||
### Sample | ||
|
||
{{ MastgTest.swift }} | ||
|
||
### Steps | ||
|
||
1. Unzip the app package and locate the main binary file (@MASTG-TECH-0058), which in this case is `./Payload/MASTestApp.app/MASTestApp`. | ||
2. Open the app binary with @MASTG-TOOL-0073 with the `-i` option to run this script. | ||
|
||
{{ cryptokit_hash.r2 }} | ||
|
||
{{ run.sh }} | ||
|
||
### Observation | ||
|
||
The output contains all uses of `CryptoKit.Insecure` functions in the binary, the xrefs for `Insecure.MD5` and `Insecure.SHA1` and the disassembled code of the region where each of these functions is called. | ||
|
||
{{ output.txt }} | ||
|
||
### Evaluation | ||
|
||
The test fails because the MD5 and SHA1 algorithms were found in the code. | ||
|
||
Remember that the context is important when evaluating the use of these algorithms. In some cases, the use of MD5 or SHA1 may be acceptable, for example, when the algorithm is used for checksums or non-cryptographic purposes. In order to determine that you should further analyze the reverse-engineered code and try to learn more about the context in which these algorithms are used. |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
import Foundation | ||
import CryptoKit | ||
|
||
struct MastgTest { | ||
// Function to generate a SHA-1 hash | ||
static func generateSHA1Hash(data: Data) -> String { | ||
let hash = Insecure.SHA1.hash(data: data) | ||
return hash.compactMap { String(format: "%02x", $0) }.joined() | ||
} | ||
|
||
// Function to generate an MD5 hash | ||
static func generateMD5Hash(data: Data) -> String { | ||
let hash = Insecure.MD5.hash(data: data) | ||
return hash.compactMap { String(format: "%02x", $0) }.joined() | ||
} | ||
|
||
static func mastgTest(completion: @escaping (String) -> Void) { | ||
let input = "This is a sample text".data(using: .utf8)! | ||
|
||
// Generate SHA-1 hash | ||
let sha1Hash = generateSHA1Hash(data: input) | ||
|
||
// Generate MD5 hash | ||
let md5Hash = generateMD5Hash(data: input) | ||
|
||
let value = """ | ||
Original: \(String(data: input, encoding: .utf8)!) | ||
SHA-1 Hash: \(sha1Hash) | ||
MD5 Hash: \(md5Hash) | ||
""" | ||
|
||
completion(value) | ||
} | ||
} |
Oops, something went wrong.