Viber Communication Security - Bad Request
Viber Communication Security - Bad Request
Viber Communication Security - Bad Request
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Viber</strong> <strong>Communication</strong> <strong>Security</strong><br />
Michiel Appelman<br />
Jeffrey Bosma<br />
Gerrie Veerman<br />
unscramble the scrambled<br />
Abstract<br />
michiel.appelman@os3.nl<br />
jeffrey.bosma@os3.nl<br />
gerrie.veerman@os3.nl<br />
In the past couple of years more and more communications which used to use the regular<br />
mobile operator networks started moving towards ip-based networks. This has given rise to<br />
‘apps’ on smartphones that enable consumers to connect to each other without the use of their<br />
mobile operator. More recently the security implications of switching from the closed network<br />
of the operator to the open Internet have become apparent after some ‘apps’ have shown severe<br />
weaknesses. In this project we will take a look at one app in particular: <strong>Viber</strong>, a voip application<br />
used on cellphones. The report tries to answer the question how <strong>Viber</strong> performs — security-wise<br />
— in comparison to other services. A definitive conclusion has not been found but most details<br />
of the protocol used to transfer the voice data have been documented. The application code has<br />
been analyzed but no real weaknesses were found. This lack of weaknesses found doesn’t mean<br />
that the app is secure, due to limited time and experience of the authors a lot of investigation is<br />
still to be done.<br />
December 24, 2011
Contents<br />
1 Introduction 1<br />
1.1 <strong>Viber</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1<br />
1.2 Why focus on <strong>Viber</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1<br />
1.3 <strong>Viber</strong> policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1<br />
1.4 Research Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2<br />
2 Preliminary Research 4<br />
2.1 Other Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4<br />
2.2 Reverse Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9<br />
3 Experiments 12<br />
3.1 Local Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12<br />
3.2 Reverse Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17<br />
3.3 Application Code Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25<br />
3.4 Other Weaknesses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33<br />
4 Conclusion 35<br />
4.1 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35<br />
4.2 Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35<br />
4.3 Future Research . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36<br />
Appendices 37<br />
A Acronyms 37<br />
B Bibliography 38<br />
C Log 40<br />
i
Introduction Chapter 1<br />
1 Introduction<br />
1.1 <strong>Viber</strong><br />
<strong>Viber</strong> is a communication application for mobile phones. The current version works on Android and<br />
iOS devices. You are able to call, send text messages, photos or your current Global Position System<br />
(gps) location. Reviews predict this can be a real competitor to Skype, this because of the simplicity<br />
that <strong>Viber</strong> offers.[1] It can be used free of charge and no registration is needed, only your phone<br />
number is required. <strong>Viber</strong> states to be freemium which means offering free services with one app<br />
and having a paid app with more attributes and possibilities. Since it is a relative new application<br />
we would like to see what kind of security implementations <strong>Viber</strong> has made. This since privacy and<br />
security became an important issue regarding communication.<br />
1.2 Why focus on <strong>Viber</strong><br />
There is virtually no research done in the field of <strong>Viber</strong> and their security. An extensive search<br />
on the internet resulted in only a few vague statements from a spokesperson of <strong>Viber</strong>. This was<br />
intriguing and made us very sceptical, because of the amount of information that could be found.<br />
The openness about security implementation and the clarity on matters of the spokesperson stating<br />
these claims is very dubious to say the least. The findings about the security implementations in<br />
<strong>Viber</strong>, or their absence, are quoted below. Talmon Marco is an online spokesperson for <strong>Viber</strong> and<br />
answered a few questions asked by consumers. About encryption of messages he replied as follows:<br />
They were not in the very first version, but they are now.[2]<br />
When asked about the encryption of calls:<br />
To be honest, since our code is not open source, we cannot claim ‘encryption’ as it is<br />
not open to outside scrutiny. The most we can say is that ‘it is scrambled’ (and in our<br />
opinion the same applies to anybody who does not have an open source technology. So,<br />
<strong>Viber</strong> messages are scrambled.[3]<br />
We want to look closer into the security of <strong>Viber</strong> since it’s a relative new application and see if it<br />
has any dangerous security flaws. More information about why this research is done can be found<br />
in the project proposal.[4]<br />
1.3 <strong>Viber</strong> policy<br />
It is always interesting to look into applications their policy. To see how they describe to protect your<br />
data and how they handle your data. Sometimes data gets stored by the services other applications<br />
remove the data when it is being delivered. Those policies also differ per country, different kind of<br />
rules and laws are present. Let’s have a look on what <strong>Viber</strong> claims to do. Their information and<br />
data protection policy:<br />
1
Introduction Chapter 1<br />
We do not rent, sell, or share any information about the user with any third-parties.<br />
We may disclose your Personal Information if we believe such action is necessary to: (a)<br />
comply with the law, or legal process served on us; (b) protect and defend our rights or<br />
property (including the enforcement of our agreements); or (c) act in urgent circumstances<br />
to protect the personal safety of users of our services or members of the public.[5]<br />
We take reasonable precaution to protect Personal Information from misuse, loss and<br />
unauthorized access. Although we cannot guarantee that Personal Information will not be<br />
subject to unauthorized access, we have physical, electronic, and procedural safeguards in<br />
place to protect Personal Information. Personal Information is stored on our servers and<br />
protected by secured networks to which access is limited to a few authorized employees<br />
and personnel. However, no method of transmission over the Internet, or method of<br />
electronic storage, is 100% secure.[5]<br />
What they say about their encryption policy:<br />
Some companies in our field claim that they encrypt their traffic. They do so while using<br />
proprietary technologies, not open to external scrutiny. We believe that unless you use<br />
open technologies, you should not claim that you use encryption. At <strong>Viber</strong>, we believe<br />
in being 100% truthful to our users. This applies to everything we do and even more<br />
so when it comes to matters of security and encryption. Since <strong>Viber</strong> uses proprietary<br />
technologies, we believe we cannot claim that <strong>Viber</strong> is truly encrypted and as such, unlike<br />
some companies in our field, we do not claim that we are encrypted. We leave the decision<br />
of how to use our service and whether to trust its security to our users.[6]<br />
As you can read <strong>Viber</strong> claims to secure your data. But they can’t promise you this for 100%. They<br />
also have to obey laws and legal processes and may share your personal information. However it<br />
claims not to be encrypted because it uses proprietary technology. Let’s find out if <strong>Viber</strong> can be<br />
trusted in their security mechanisms or not.<br />
1.4 Research Questions<br />
After these interesting facts the focus of research was set to find out how secure the app <strong>Viber</strong><br />
actually is and the main research question is:<br />
How secure is communication through the <strong>Viber</strong> application in comparison to other voip<br />
services?<br />
The research is also split up in two areas with several subquestions. The first will span the local<br />
storage of <strong>Viber</strong> with the following questions:<br />
• What information is stored by <strong>Viber</strong>, and in what form?<br />
2
Introduction Chapter 1<br />
• How does <strong>Viber</strong> for iPhone differ from the implementation on Android?<br />
• Are <strong>Viber</strong> messages stored encrypted/scrambled? If yes, what kind of encryption is used?<br />
How prone is it to currently known attacks? What about photos, and transmitted location<br />
information?<br />
The second area which will be researched is the data that is actually being sent over the wire:<br />
• How are <strong>Viber</strong> messages send, are they encrypted/scrambled?<br />
• Can one modify the content, the recipient address, or the sender address of a message?<br />
• What other kind of flaws are present in the protocol, and how can they be improved?<br />
3
Preliminary Research Chapter 2<br />
2 Preliminary Research<br />
2.1 Other Services<br />
This chapter will focus on mobile communication services and their security. Some different services<br />
will be looked into. What exploits have been found in those applications and is it possible to maybe<br />
reproduce those attacks.<br />
2.1.1 <strong>Communication</strong> Risks<br />
Many of the services that are in use today already existed before the mobile-phone platform became<br />
huge. It shouldn’t surprise you that those services who already were built for Voice over ip (voip)<br />
software on desktops or voip phones now also build them for mobile-phones. This was not only a<br />
way to expand some company their business, but also a great moment for new competitors to join<br />
the competition in becoming a big player in mobile communication.<br />
The main reason people use those services is for today-to-today communication. Normally normal<br />
users don’t see any problems in using those services. Until a security exploit is found in one of them<br />
and gets leaked/published into the media. Then users suddenly are aware that it is maybe possible<br />
someone saw their messages or captured their voip communication. <strong>Security</strong> is always a big issue<br />
regarding communication. Most communications that take place are not meant for everyone. You can<br />
suspect you don’t want a third person or party reading them. Now that mobiles are used everywhere<br />
it becomes increasingly worse, users connect their phones to unsecure or untrusted environments,<br />
this without knowing the dangers of it. Applications usually automatically login over those unsecure<br />
channels. Mobile users don’t have any clue what security risks or dangers this can bring for their<br />
privacy. Some of the information that can be gain can be worth a lot for a random hacker or sniffer<br />
on those networks. But not only have those networks formed a risk. Think about your Internet<br />
Service Provider (isp) who forwards all of your traffic, they can capture your data without you even<br />
knowing it. This is why you want your data to be secure.<br />
Developers of those mobile applications are of course also aware of those security flaws, well hopefully<br />
at least. But implementing those security mechanism isn’t always as easy as said. Besides this their<br />
main product/activity is making sure their communication channels are fast and robust. But when<br />
developers implement security mechanism in their service it becomes slower and more complex. Also<br />
hackers know this and search for even more complex ways of breaking it or finding an exploit in a<br />
different angle. All this just too gain mobile users their private information and data.<br />
A problem for securing voip services is that it uses User Datagram Protocol (udp) for the transport<br />
level communication. This to make sure packets arrive in relative ‘real-time’ on the other side. This<br />
is quite important since you want you connection for voice communication as fast as possible. You<br />
don’t want users to have jittering communication channels. <strong>Security</strong> only adds extra steps which<br />
most likely will slow down this communication service. However some people do care about security<br />
while others don’t.<br />
4
Preliminary Research Chapter 2<br />
2.1.2 Differences<br />
There are already many mobile communication applications on the market. You can distinguish<br />
them into two groups. Some of the most famous ones will be looked into later in this chapter. The<br />
first one only can send messages, applications like this are Whatsapp, Ping and eBuddy XMS. The<br />
other one are those that can send messages and besides this can call over voip communication,<br />
applications in this group are Skype, Nimbuzz and <strong>Viber</strong> which this document will be concentrating<br />
on.<br />
Most of the applications mentioned above were not secure in the first version. As you would know<br />
by now that’s because they focus on their communication service first. You can say that’s their main<br />
‘product’. When time passed more users began using these applications and security became more<br />
of an issue. That’s why in later versions security got implemented. You can already guess that some<br />
of those applications do this better than others. Below you can read about the different security<br />
issues of those applications. What exploits and security issues have been discovered? If it’s known<br />
what are their security mechanisms?<br />
Analysing which application their security mechanism is more robust and secure can be a very<br />
difficult subject. Because some of the applications say they are very ‘open’ it even says in some of<br />
the policies. But when you look deeper into them they don’t say how it is secured or what kind of<br />
mechanism or encryption there is being used. But on the other hand some other applications do say<br />
what they are using. Also should be noted that some mobile communication applications have more<br />
exploits then others. But this can maybe be because their popularity amongst users. For this reason<br />
some can be more researched looked into then others. Looking at security can be a difficult task and<br />
as Garfinkel would say ‘<strong>Security</strong> is not some abstract quality that can be analysed in isolation’.[7]<br />
A paper from Marjalaakso formulates the functional and technical security requirements for a voip<br />
communication.[8]<br />
Functional <strong>Security</strong> Requirements:<br />
1. Information exchanged among the participants of a call should be kept confidential,<br />
and access to such information should be impossible to any third party. Motivation<br />
for this clause is easy to see: without confidentiality, third parties may misuse the<br />
information which they were able to eavesdrop during a conversation.<br />
2. Only service provider should have access to statistical information and such information<br />
should be safeguarded against attacks from third parties. Who would like<br />
to get cought from calling to sex or escort service numbers?<br />
Technical <strong>Security</strong> Requirements: <strong>Security</strong> requirements, which should be met and fully<br />
supported by any voip protocol to be considered as, secure, are summarized in the list<br />
below:<br />
1. All connections between network elements should be encrypted;<br />
2. The endpoints of all connections should always be authenticated in two-ways to<br />
prevent man-in-the middle attacks;<br />
5
Preliminary Research Chapter 2<br />
3. End-to-end user authentication should be provided at terminal devices; and<br />
4. Both clients and servers should be protected against Denial of Service type of attacks.<br />
The list could be continued with many other detailed requirements but the above list<br />
provides sufficient requirements for the analysis of security constraints in the next section.<br />
2.1.3 Whatsapp<br />
Whatsapp is one of the most used communication application for mobile messaging. Whatsapp<br />
had some pretty bad security issues. A review from around May 2011 announced the following.[9]<br />
Messages where send unencrypted over the network and everyone who wanted could read them. If<br />
you think this is all your wrong, besides this you were able to hijack other users their account and<br />
receive their messages or send messages as them.<br />
With the latest Whatsapp version when sending messages you’re still able to see the following: “(1)<br />
the number the message is going to, and (2) the contact name is still send in plaintext”.[10] It should<br />
also still be able to steal other people their accounts through SMS-spoofing, a detailed explanation<br />
by Ricky Gevers.[11] How exactly the messages are encrypted is unclear in their policy:<br />
Whatsapp uses commercially reasonable physical, managerial, and technical safeguards<br />
to preserve the integrity and security of your personal information. We cannot, however,<br />
ensure or warrant the security of any information you transmit to Whatsapp and you do<br />
so at your own risk.[12]<br />
If you read their policy you can notice their a little scared about reverse-engineering. Here is a short<br />
sentence in their policy:<br />
We do disallow any efforts to reverse-engineer our system, our protocols, or explore<br />
outside the boundaries of the normal requests made by WhatsApp clients.[12]<br />
This last sentence does sound a bit inviting to hackers and sort. Even after some security breaches<br />
it’s still possible to see who calls or sends messages to whom in plaintext. The content however is<br />
‘secure’. But you are still able to count the amount of data flowing between mobile numbers/persons.<br />
What is the reason about not encrypting everything?<br />
2.1.4 eBuddy XMS<br />
eBuddy is a well know communication service that integrates different Instant Message (im) services<br />
in a web browser. For mobile phones they launched their own service called eBuddy XMS. eBuddy<br />
XMS is relative new application on the market for mobile messaging. It has a build-in function<br />
to enable and disable encryption. This because encrypting takes more time to deliver and receive<br />
6
Preliminary Research Chapter 2<br />
messages. Encrypting and decrypting of messages takes more time and end-users in general only<br />
care attention to the speed messages are send/received. Since eBuddy XMS is relative new there are<br />
not many to none security flaws/reviews. eBuddy says to be secure, they say the following about<br />
their encryption:<br />
To be exact, the method to secure it is Transport Layer <strong>Security</strong> (tls) 1.0, using a 2048<br />
bit encryption key. This is considered to be highly secure.[13]<br />
They also say the following about their build-in security function:<br />
Not using the secure connection does not necessarily mean that all data is unsecured.<br />
Authentication and uploading your address book is always secured even when you are<br />
not using the secure connection. So, no one can hijack your account or your address<br />
book. Not using the secure connection only affects sending and receiving messages.[13]<br />
In their own policy they say the following about users their data security:<br />
eBuddy will take reasonable technical and organizational measures to protect the information<br />
we collect against loss, misuse or any form of unlawful processing. Information<br />
on eBuddy servers is stored in a secured manner and access is limited to authorized employees<br />
only. However, it is important to note that we cannot eliminate all security risks<br />
associated with data transmission and storage.[14]<br />
eBuddy claims to be ‘highly secure’ with their encryption. However no review or media articles<br />
can been found about this. They also claim not storing your data and even encrypting important<br />
information if the security option is off.<br />
2.1.5 Skype<br />
Skype always has been the big player for voip calling this isn’t any different for mobile devices.<br />
Because it’s one of the most used ones you can expect it’s reviewed a lot. That’s why Skype already<br />
was in the media quitted a lot for some security flaws. Some which are even recent. It was possible<br />
to see from where a Skype connection came from.[15][16] On iOS it was possible to steal people their<br />
information, like your address book.[17]<br />
Skype hired a security expert who made a review in 2005 about Skype their security. In this review<br />
is written that Skype is quitted secure, but unclear if this also reflexes to their mobile platform. The<br />
review says the following:<br />
Skype claims that its system uses the Ron Rivest, Adi Shamir and Leonard Adleman<br />
(rsa) encryption algorithm for key exchange and 256-bit Advanced Encryption<br />
Standard (aes) as its bulk encryption algorithm. However, Skype does not publish its<br />
7
Preliminary Research Chapter 2<br />
key exchange algorithm or its over-the-wire protocol and, despite repeated requests, refused<br />
to explain the underlying design of its certificates, is authentication system, or its<br />
encryption implementation. Therefore it is impossible to validate the company’s claims<br />
regarding encryption. It is entirely possible that the data is both encrypted and not<br />
secure.[7]<br />
Their policy says the following about your personal information:<br />
Skype will take appropriate organizational and technical measures to protect the personal<br />
data and traffic data provided to it or collected by it with due observance of the applicable<br />
obligations and exceptions under the relevant legislation. Your personal and traffic data<br />
can only be accessed by authorized employees of Microsoft or its affiliates, subsidiaries or<br />
service providers who need to have access to this data in order to be able to fulfill their<br />
given duties.[18]<br />
This same policy says it may or may not store information about you. Because of this you can<br />
concluded they will store anything they know about you. They also say that:<br />
Skype will retain your information for as long as is necessary to: (1) fulfill any of the<br />
Purposes (as defined in article 3 of this Privacy Policy) or (2) comply with applicable<br />
legislation, regulatory requests and relevant orders from competent courts.[18]<br />
Regarding your personal data and information they say the following:<br />
Except as provided below, Skype will not sell, rent, trade or otherwise transfer any<br />
personal and/or traffic data or communications content outside of Microsoft and its<br />
controlled subsidiaries and affiliates without your explicit permission, unless it is obliged<br />
to do so under applicable laws or by order of the competent authorities. Please note<br />
that information that you voluntarily make public in your user profile, or which you<br />
disclose on forums, discussions boards or by posting comments will be publicly available<br />
and viewable by others. Skype may disclose personal information to respond to legal<br />
requirements, exercise our legal rights or defend against legal claims, to protect Skype’s<br />
interests, fight against fraud and to enforce our policies or to protect anyone’s rights,<br />
property, or safety.[18]<br />
Skype is very strict in keeping their security mechanism to the company. The review claims that<br />
Skype their platform is secure. But can this also be said about their mobile platform since it’s new?<br />
Skype should be secure since it’s used a lot. Not only for normal users but it’s famous amongst<br />
corporate businesses also. But as could be read they still had some security flaws in their system to<br />
gain your address-book for example.<br />
8
Preliminary Research Chapter 2<br />
2.1.6 Nimbuzz<br />
Nimbuzz is a communication application for calling and integrating different im services. They<br />
are based in the Netherlands the same as eBuddy. They have some blogs and posted about how<br />
they think about security: ‘We want to assure you that privacy and security is the top priority for<br />
Nimbuzz’.[19] They also inform users a lot on how they can assure user their own information and<br />
data is secure.[20]<br />
However Nimbuzz got hacked by Anonymous in July this year. They had full access of their network<br />
and data.[21] Although the company claimed this wasn’t the corporate environment and users their<br />
account information and data wasn’t in danger.[22] Besides this not much information can be found<br />
about the security of Nimbuzz.<br />
Their policy says the following regarding data security and private information:<br />
Nimbuzz takes appropriate organizational and technical measures to protect the personal<br />
information and communications data provided to them or collected by them. For example,<br />
your personal and communications data can only be accessed by authorized Nimbuzz<br />
staff that need to have access to this data in order for their work. Nimbuzz takes technical<br />
measures to protect the confidentiality of the content of communications sent over the<br />
Nimbuzz Services, subject to all applicable obligations and exceptions under applicable<br />
law.[23]<br />
Nimbuzz does not sell, rent, trade or otherwise transfer any personal information, communications<br />
data or communications content to any third party without your express<br />
permission (unless it is obliged to do so under applicable laws or by order of the competent<br />
authorities) except as set out in this Statement.[23]<br />
Nimbuzz wants to inform their users how security can be guaranteed for example how their password<br />
should look like and what they should and shouldn’t do. They got hacked once but this doesn’t say<br />
that their communication service is insecure. They claim to protect your data very well and should<br />
only be possible to view inside Nimbuzz their company.<br />
2.2 Reverse Engineering<br />
Most protocols in use today are defined according to publicly available standards. Some developers<br />
though, choose to keep their implementation to themselves as to keep others out. This ‘security<br />
by obscurity’ idea is the complete opposite of the Kerckhoffs’s principle which states that a system<br />
should be secure even if anything about the system (except the key) is publicly known. The reason<br />
for this is that eventually people with enough knowledge, materials and time will figure out how it<br />
works and might also find weaknesses the inventor did not think of. This process is called ‘reverse<br />
engineering’ and is used in the it-world to get to know how a program, file or network protocol is<br />
constructed.<br />
9
Preliminary Research Chapter 2<br />
One of the most well-known reverse engineering projects is the Samba-project. It was started in 1992<br />
by Andrew Tridgell in effort to make allow ms-dos clients to access files on a Sun Microsystems server.<br />
The name is derived from the Microsoft-developed protocol it tried to dissect: the Server Message<br />
Block (smb) protocol (also known as cifs).<br />
2.2.1 Techniques<br />
To explain the process Tridgell (also known as the co-write of rsync) describes it as learning French<br />
without the use of any books or courses. One approach may be to just sit down in a French cafe<br />
and listening to what people are ordering. If you do this long enough you soon will know the words<br />
for ‘coffee’ and ‘bread’ and may even be able to call the waiter and order yourself. Tridgell used<br />
some other techniques (and a lot of time) before he was able to build his own Samba ‘French waiter’<br />
which would respond just like a real smb-server.[24]<br />
Documentation<br />
Although the reason for reverse engineering is the lack of documentation, there might be some earlier<br />
work available on which the implementation is based. Tridgell found some old documents sent to the<br />
Internet Engineering Task Force (ietf) in which Microsoft was applying cifs to become a standard.<br />
The draft expired and Microsoft did not follow through with the standardisation process, but the<br />
document was still available (although outdated).<br />
Sniffing<br />
The ‘French cafe’ anecdote can be seen as the explanation for sniffing. The engineer listens in on the<br />
communication between two parties and tries to learn what both of them are saying. After that he<br />
tries to talk to one of them directly and see what kind of responses he can get. This process takes a<br />
very long time and a lot of scanning though large dumps of hexadecimal values.<br />
Scanning<br />
After some information about the semantics of the protocol has been gathered a protocol scanner<br />
can be used to try all possible commands. It will try combinations of different options, flags, payloads,<br />
etc. just to see how the other side will respond. This way new commands can be found which<br />
normally aren’t exchanged between server and client.<br />
There are a lot of other techniques and each developer has his own ways of reverse engineering. Rob<br />
Savoye is famous for working on Gnash 1 , an Open Source implementation of Adobe’s Flash. In 2009<br />
he gave an interesting talk about his work on Adobe’s Real Time Messaging Protocol (rtmp) and<br />
confirmed that reverse engineering requires a lot of patience and sifting through hex dumps, and<br />
that he would put on some hardrock music and just stare at it for months.[25]<br />
1 gnu Gnash – http://www.gnu.org/s/gnash/<br />
10
Preliminary Research Chapter 2<br />
2.2.2 Analyzers<br />
This fine art of reverse engineering is well respected within the Open Source community because of<br />
the time it takes get to a working implementation. There have also been some attempts to automate<br />
this process.<br />
Protocol Informatics Project<br />
The first and one of the more documented tools is the Protocol Informatics Project. Written by<br />
Marshall Meddoe, it is based on algorithms found in bioinformatics.[26] It looks for relationships<br />
between sequences in the data of the packets in the same way researchers would look for relationships<br />
between sequences of genetic information in dna.<br />
To map these sequences and their relations a phylogenetic tree is build, this is an evolutionary tree<br />
that shows differences as time goes on. Network protocol packets also ‘evolve’ in the sense that the<br />
information in their headers is constantly changing. After it has created a ptree it will try to align<br />
fields with common information and thus come up with a packet structure.<br />
This tool is a bit outdated (2004) but can still be useful in some cases, mostly with small binary<br />
protocols or text-based implementations. If there is a lot of zeroed data, it can get a bit confused<br />
though.<br />
Discoverer<br />
Discoverer is a tool which is much less documented and is even less usable. It was developed by<br />
Microsoft employees and unfortunately has not been released. The paper is an interesting read,<br />
though as the procedures are pretty basic and can come up with some decent results.[27]<br />
The tool consists of three steps. The first step tries to find the field boundaries in the packets (tokenization)<br />
and sorts them based on those characteristics initial clustering. Because similar looking<br />
structures in packets do not mean the packets are of the same kind, another round of clustering is<br />
performed (recursive clustering). After this second step messages of the same or similar kind may<br />
be spread over multiple clusters and the last phase uses a sequence alignment algorithm to group,<br />
and finally merge them to get a definite message pattern.<br />
There are also some tools that aren’t really automated protocol reverse engineering but can be a<br />
huge help to the developer. These allow for differences in messages to be automatically found but<br />
leave the specification up to the developer.[28] Eventually all developers of these tools will explain<br />
that although their programs can be a huge help, there will still be a lot of manual research to be<br />
done. Some pattern recognition logic just isn’t easily implemented in software.[29]<br />
11
Experiments Chapter 3<br />
3 Experiments<br />
In this chapter different approaches are documented which were used to try and reveal any weaknesses<br />
in the application.<br />
3.1 Local Storage<br />
For a mobile communication application it is not only important to secure data which is send or<br />
received from your phone. But also what kind information gets stored and kept on it. Suppose your<br />
phone gets stolen or lost, what may other people retrieve or find on it? In this chapter will be looked<br />
in the files that <strong>Viber</strong> stores on your phone. What information can be gained from it? <strong>Viber</strong> not<br />
only uses a database but also uses some Extensible Markup Language (xml) files where it stores<br />
data in.<br />
3.1.1 Database<br />
<strong>Viber</strong> uses a database to store different kind of information. <strong>Viber</strong> makes use of a so called SQLite<br />
database for storing their data. The first thing that could be noticed was that everything was<br />
unencrypted and you could access the database fairly easily, once you have access on a phone of<br />
course. Since the implementation can differ between Operating System (os) we will look closer into<br />
Android and iOS and then end with a short conclusion about what can be found.<br />
iOS<br />
It was easy to locate and access the SQLite database on an iOS phone. You only need to jailbreak your<br />
phone. All data is stored into a single database. Only the important data that could be interesting<br />
or important for this project is mentioned. The following information is stored in plaintext inside<br />
the iOS database:<br />
• Your whole address-book (even non-<strong>Viber</strong> users)<br />
• Other address-book with <strong>Viber</strong> contacts (phone number and name)<br />
• All messages that have been send plus the current location<br />
• All calls made and received<br />
• A list with links to attachment (pictures)<br />
• Log file for missed and received calls<br />
• Your <strong>Viber</strong> user ID<br />
• A table which counts/summarise all above<br />
12
Experiments Chapter 3<br />
Android<br />
On Android it’s almost the same to gain access to the files since your Android device also needs to<br />
be rooted to get to them. But once you have done this you can get to the files, it was also quite<br />
easy to locate them. Android has three SQLite databases stored one is called ‘viber_hashes’ which<br />
sounded promising but unfortunately was empty. The other two did contain information one more<br />
than the other. It contained globally the following information:<br />
• Contains call log information (who called you and did you call)<br />
• Address book of <strong>Viber</strong> contacts (phone number and name)<br />
• All messages send/received with location information and if data (pictures) linked to it<br />
• Every message has its own token<br />
• A table which counts message per user contact<br />
• A table which counts/summarises all above<br />
3.1.2 Files<br />
<strong>Viber</strong> not only stores data into database but also has some xml files. It also stores the pictures<br />
send and received in a different location on your phone, which are of course possible to get without<br />
rooting your phone.<br />
iOS<br />
<strong>Viber</strong> has only one xml file on iOS, this file is called ‘settings’ and contains the following information:<br />
• Your own phone number<br />
• Count of your <strong>Viber</strong> contacts<br />
• If you are registered or not<br />
• Messages received and send count<br />
• Version that is being used<br />
• Some hashes (You can guess that it’s the same as on android)<br />
13
Experiments Chapter 3<br />
Android<br />
In Android <strong>Viber</strong> has multiple xml files which all contain little information, in those xml files the<br />
following can be found:<br />
• <strong>Viber</strong> account version number<br />
• A ‘dm_registration’ key number (used for the android market)<br />
• Your ‘device key’ (hash)<br />
• Last registered number (your own number)<br />
• Your <strong>Viber</strong> User ID (hash)<br />
• A ‘Sync hash’<br />
• Last message token ID<br />
• Last mist call log<br />
• Your activation code (the one you get through SMS)<br />
3.1.3 Conclusion of <strong>Viber</strong>’s data stored<br />
Is seems that everything you do with <strong>Viber</strong> gets stored inside a database. <strong>Viber</strong> makes use of the<br />
SQLite database with some xml files for different kind of data. Both Android and iOS need to be<br />
rooted and jailbreaked to gain access to them. All <strong>Viber</strong> databases and files are stored unencrypted<br />
or could be said in normal plaintext. The data in the xml files is used for the configuration of<br />
the application. The data inside the database look like log files and only stores messages plus your<br />
address-book. Photos called attachments in the database are saved in a separated directory. But<br />
there can be concluded that your <strong>Viber</strong> data is easily accessible on your phone both on Android and<br />
iOS.<br />
Database<br />
The databases contain on both os’s all <strong>Viber</strong> contacts but on iOS also your normal address-book can<br />
be found. All messages send and received are stored with tables for your location (if that function<br />
is on). Both databases have a list of calls received and made. It’s also interesting that on Android<br />
every message has his own token and sequence numbers attached to it while iOS only stores the<br />
sequence numbers. Both databases contain a table with summaries on how many message are send<br />
and calls are made. The iOS database also looks better organised than the one on Android. Android<br />
has two more databases than iOS. Maybe they ‘viber_hashes’ database which also can be found<br />
in Android was used in a previous version of <strong>Viber</strong>. Below you can compare how the messages are<br />
stored in both databases:<br />
You can see Android uses the token value while iOS doesn’t. Android further in the table also has<br />
a sequence value which is being filled. But iOS on the other hand only has a sequence value filled<br />
14
Experiments Chapter 3<br />
(a) Android Database<br />
(b) iOS Database<br />
in, the token value stays zero. The tables in iOS link more to other tables as you can see this one<br />
contains lesser data/information then the one on Android.<br />
XML Files<br />
How though the databases contain some relevant information the most interesting data can be found<br />
inside the xml files. Those files contain configuration options. On iOS it isn’t really clear what some<br />
values are especially for the hashes stored it is unclear. Android however has clear attribute names<br />
saying what the value contains. See an example between iOS and android below:<br />
Android:<br />
1 < string name =" reg_viber_phone_num ">063834 xxxx <br />
2 < string name =" viber_udid ">3 dd7ba273122f746c1bd37c4cc8180d57b4261d5 <br />
3 < string name =" pref_list_id ">’421 ’,’367 ’,’1204 ’,’212 ’,’1841 ’,’1841 ’,’244 ’,’76 ’,’29 ’,<br />
’1685 ’,’33 ’<br />
4 < boolean name =" pref_started_before " value =" true " /><br />
5 < boolean name =" do_full_sync " value =" true " /><br />
6 < boolean name =" pref_clear_prefs " value =" false " /><br />
7 <br />
8 < string name =" reg_viber_country_code ">31 <br />
9 < string name =" reg_viber_local_country_code ">0<br />
10 < string name =" registered_viber_phone_num ">+31063834 xxxx <br />
15
Experiments Chapter 3<br />
11 < string name =" sync_hash ">1 c582c9b3f8dcc12a1e74fd9fe4e27ce794b93f9 <br />
iOS:<br />
1 <br />
2 $ class <br />
3 <br />
4 CF$UID <br />
5 < integer >3<br />
6 <br />
7 NS. string <br />
8 < string >62782 xxxx <br />
9 <br />
10 < string >31 <br />
11 < string > 2.1.3.244 <br />
12 < string >3 d4a7ce7d4dcd02f25573e0d0d699d60c24b6094a076408e4d6ef841430e27ac <br />
13 <br />
14 $ class <br />
15 <br />
16 CF$UID <br />
17 < integer >3<br />
18 <br />
19 NS. string <br />
20 < string >24 a6d8cd8b3024da1166d741563f27414f1cf6a7 <br />
21 <br />
22 <br />
As you can see the attribute names are much better defined in Android then those on iOS. With<br />
this you can probably distinguish what those values are on iOS through looking at the xml files in<br />
Android. Those hashes stored in the xml files especially look interesting and maybe can be used to<br />
gain extra knowledge when reverse-engineering the code. The hashes that are stored are for the:<br />
• Device key (SHA-256 hash)<br />
• <strong>Viber</strong> ID (SHA-1 hash)<br />
• Sync hash (SHA-1 hash)<br />
It’s also easy to view your activation code in the Android xml files, where also a ‘last_message_token_id’<br />
can be found. Further the xml files contain values for all kind of configuration options. An interesting<br />
configuration value can be the one that’s says if your <strong>Viber</strong> is activated or not. We will come<br />
back to that one later.<br />
16
Experiments Chapter 3<br />
3.2 Reverse Engineering<br />
In Chapter 2.2 Protocol Reverse Engineering was discussed as a manual and automated process. In<br />
the chapter we will try to apply the same techniques on <strong>Viber</strong>.<br />
3.2.1 Lab Setup<br />
Before being able to analyze the data, a network has to be set up to capture it. We found an old<br />
Linksys wireless router in the lab to use and connected that to a hub. This hub also connects to<br />
two of our servers, one that would provide the connection to the Internet and another one to just<br />
capture the packets.<br />
192.168.1.1<br />
192.168.1.101<br />
linksys<br />
192.168.2.2<br />
192.168.2.1<br />
berlin.stublab.os3.nl<br />
Hub<br />
No IP-address<br />
athens.studlab.os3.nl<br />
Figure 1: The packet sniffing test set-up.<br />
Internet<br />
<strong>Viber</strong> Serverfarm<br />
In Figure 1 the set-up is presented in it’s most basic form. The Linksys router wasn’t able to function<br />
as a standalone wireless Access Point (ap) so we had to nat the ip-addresses.<br />
On berlin.athens.os3.nl we added the following IPtables rule to allow nat there as well:<br />
iptables --table nat -A POSTROUTING \<br />
-s 192.168.2.0/24 \<br />
! -d 192.168.2.0/24 -j MASQUERADE<br />
After we completed the setup we could associate a smartphone with the Linksys ap and we started<br />
seeing incoming frames on the capturing interface of athens. We used tcpdump to capture the traffic<br />
that was going over the line and wrote that to several .pcap-files. This allowed us to later filter<br />
these packets.<br />
17
Experiments Chapter 3<br />
3.2.2 Protocol Informatics<br />
In paragraph 2.2.2 the Protocol Informatics (pi) Project was explained as a tool to automatically<br />
analyze a proprietary protocol. Installing pi requires the following Ubuntu packages:<br />
• python-pydot<br />
• python-pyrex<br />
• python-pcapy<br />
• python-numpy<br />
This seemed like a good starting point to get some results so we filtered the data to get a one way<br />
voice stream using the following command:<br />
tshark -r long-call.pcap \<br />
-w long-call-oneway.pcap udp.dstport == 5243<br />
Here we select only the UDP packets with the destination port for the <strong>Viber</strong> service so it is only<br />
originating voice traffic. The pi python script takes this pcap-file as input.<br />
18
Experiments Chapter 3<br />
mappelman@athens:~$ ./main.py -p long-call-oneway.pcap<br />
Protocol Informatics Prototype (v0.01 beta)<br />
Written by Marshall Beddoe <br />
Copyright (c) 2004 Baseline Research<br />
Found 1890 unique sequences in ’../real-voiceonly.pcap’<br />
Creating distance matrix .. complete<br />
Creating phylogenetic tree .. complete<br />
Discovered 1 clusters using a weight of 1.00<br />
Performing multiple alignment on cluster 1 .. complete<br />
...<br />
0152 x80 x3a x80 x67 ___ ___ ___ ___ ___ ___ x16 xdc x84 x24 x11 x0e ___ ___<br />
0120 x80 x3a x80 x67 ___ ___ ___ ___ ___ ___ x16 xbc x84 x23 xd5 x0e ___ ___<br />
0136 x80 x3a x80 x67 ___ ___ ___ ___ ___ ___ x16 xcc x84 x23 xf3 x0e ___ ___<br />
0128 x80 x3a x80 x67 ___ ___ ___ ___ ___ ___ x16 xc4 x84 x23 xe4 x0e ___ ___<br />
0144 x80 x3a x80 x67 ___ ___ ___ ___ ___ ___ x16 xd4 x84 x24 x02 x0e ___ ___<br />
0148 x80 x3a x80 x67 ___ ___ ___ ___ ___ ___ x16 xd8 x84 x24 x8e ___ ___<br />
0154 x80 x3a x80 x67 ___ ___ ___ ___ ___ ___ x16 xde x84 x24 x14 xce ___ ___<br />
0150 x80 x3a x80 x67 ___ ___ ___ ___ ___ ___ x16 xda x84 x24 x4e ___ ___<br />
0155 x80 x3a x80 x67 ___ ___ ___ ___ ___ ___ x16 xdf x84 x24 x16 xae ___ ___<br />
DT BBB AAA BBB AAA GGG GGG BBB GGG BBB GGG GGG GGG GGG GGG GGG AAA BBB BBB<br />
MT 000 000 000 000 000 007 000 013 001 002 000 013 000 000 006 007 013 000<br />
BYTE 1 2 3 4 5 6 7 8 9 10 11 12 13 14 16 17 18 19<br />
...<br />
Ungapped Consensus:<br />
CONS x80 x3a x80 x67 x84 xce x99 xad x3e<br />
DT BBB AAA BBB AAA BBB BBB BBB BBB AAA<br />
MT 000 000 000 000 001 000 000 000 000<br />
The file contains 1890 different packets which the tool has to analyze, sort into a ptree and align<br />
based on similar fields. Eventually it takes approximately 22 hours to run and comes up with the<br />
(truncated) output as seen in the above blockquote.<br />
The ungapped concensus represents the final structure that pi has found. It gives the Data Type (dt)<br />
and the percentage of mutation (mt). The cons bar indicates the most often found value in that<br />
particular byte-field. It has found that the first byte is apparently a Binary field, followed by an<br />
ascii field, and so on. The rest of the packets apparently has no real consensus, and is treated as<br />
payload.<br />
An obvious limitation here is that all the packets are treated as messages of the same kind, this<br />
limits the algorithm in seeing relationships that might be present but aren’t recognized. Another<br />
issue is that the tool doesn’t account for fields with values that are rising with each packet. These<br />
sequence numbers can be important in how the protocol works but have been lost in the process.<br />
19
Experiments Chapter 3<br />
3.2.3 Manual Reverse Engineering<br />
A lot of developers have warned us that protocol reverse engineering cannot be easily done automatically<br />
and a lot has to be done by hand. Using basic tools we will try to make sense of all the<br />
hex.<br />
Basic Structure<br />
We start by looking at the different kinds of messages and the headers we are sending towards the<br />
serevers. Starting with a truncated list of the first 32 bytes of the udp payload.<br />
4b990100010077cab33159228d1200a0..<br />
4b99020077cab33159228d12060ccc02..<br />
4b99030077cab33159228d12<br />
4b99020077cab33159228d12060ccc02..<br />
4b990600004976a50e34010000<br />
4b9909004976a50e3401000000<br />
4b990600015250a50e34010000<br />
4b9909005250a50e3401000000<br />
4b99030077cab33159228d12<br />
4b99030077cab33159228d12<br />
4b99060000327aa50e34010000<br />
4b990900327aa50e3401000000<br />
4b990600013b54a50e34010000<br />
4b9909003b54a50e3401000000<br />
4b990a0081c8000ceb6e70fbd28754e5..<br />
4b1980673cad3d353a86eb6e70fbe190..<br />
4b9906000174b2a60e34010000<br />
4b99090074b2a60e3401000000<br />
4b1980673cae3d353e46eb6e70fbe620..<br />
4b1980673caf3d354206eb6e70fbe141..<br />
4b99060000eed8a60e34010000<br />
4b990900eed8a60e3401000000<br />
4b1980673cb03d3545c6eb6e70fbe620..<br />
4b1980673cb13d354986eb6e70fbe5a9..<br />
4b1980673cb53d355886eb6e70fbe224..<br />
4b990a0080c90001eb6e70fb81cb0001..<br />
4b990a0081c900071d5a94a399ad3e5a..<br />
4b99050077cab33159228d12<br />
This piece has been immensely truncated but already we can differentiate between two packet types:<br />
long voice packets starting with 0x4b19 and shorter signaling messages starting with 0x4b99.<br />
20
Experiments Chapter 3<br />
Signaling Messages The stream of signaling messages all start with a seemingly random stream<br />
identifier (in this case 0x4b99) which in all calls is 0x0080 higher than the actual voice data stream.<br />
The next two bytes indicate some sort of message type. Table 1 displays the values of the two bytes<br />
and their occurrences during a long call. Note that these messages are for the most part just sent<br />
from client to server (except for the 0x0200 messages), the messages from the server to the client<br />
have different starting bytes.<br />
Value Occurences<br />
0100 1<br />
0200 2<br />
0300 142<br />
0500 1<br />
0600 182<br />
0900 182<br />
0a00 20<br />
Table 1: Message type indicators and their occurrences.<br />
Using these numbers and their position in the stream, we can infer the meaning of the values. The<br />
0x0100 value for example only occurs once at the begin of the stream and 0x0500 at the end, so we<br />
can assume that these message mark the beginning and the end of the call sent out by the client. The<br />
0x0300 messages are the only messages that are sent directly to the Internet Protocol (ip)-address<br />
of the other party. They occur a lot more but do not change over time:<br />
mappelman:captures michiel > cat udp-payload.txt | grep "^4b9903" | uniq -c<br />
142 4b99030077cab33159228d12<br />
This message also includes a special value which is also referenced in the beginning and end messages<br />
(0x77cab33159228d12) so this looks like a simple keep alive message sent from client to client. The<br />
special value changes each call but we haven’t found a source for it. This value is also included in<br />
another type of message which is the only message that originates from the server with the same<br />
first two bytes and has a message type value of 0x0200. Table 2 gives an overview of these messages.<br />
The message value 0x0200 contains the aforementioned special value and the ip of the other client<br />
(twice actually, separated by the values 200 and 63) and some other yet unknown information as can<br />
been seen in Table 3.<br />
Values 0x0600 and 0x0900 are messages which follow a specific routine. First a messages with a<br />
0x0600 value is sent out, then immediatly after that a message with a 0x0900 value and after some<br />
time a reply is received on the incoming stream. In Table 4 one such message exchange is displayed.<br />
A possible explanation might be the measurement of jitter in the network. The client sends two<br />
measurement in rapid succession, the server receives these messages and after a couple of those<br />
message pairs it can see how well the path to the client performs. After that it returns the packet<br />
back to the client which is then able to calculate the Round Trip Time (rtt) and jitter towards the<br />
server.<br />
21
Experiments Chapter 3<br />
Time Source ip Dest ip udp Payload<br />
01.765650000 192.168.2.2 79.125.85.225 4b990100010077cab3315922..<br />
01.789661000 79.125.85.225 192.168.2.2 4b99020077cab33159228d12..<br />
01.814890000 192.168.2.2 145.18.248.29 4b99030077cab33159228d12<br />
01.814973000 79.125.85.225 192.168.2.2 4b99020077cab33159228d12..<br />
02.054238000 192.168.2.2 145.18.248.29 4b99030077cab33159228d12<br />
02.256731000 192.168.2.2 145.18.248.29 4b99030077cab33159228d12<br />
02.503092000 192.168.2.2 145.18.248.29 4b99030077cab33159228d12<br />
. . . .<br />
31.497124000 192.168.2.2 145.18.248.29 4b99030077cab33159228d12<br />
31.704656000 192.168.2.2 145.18.248.29 4b99030077cab33159228d12<br />
33.042943000 192.168.2.2 79.125.85.225 4b99050077cab33159228d12<br />
Table 2: Message exchange between clients and server.<br />
060ccc02 2 204 12 6<br />
1df81291 145 18 248 29<br />
3fc81df8 248 29 200 63<br />
12913fc8 200 63 145 18<br />
06000000 0 0 0 6<br />
Table 3: Little Endian translations to decimal octets from payload of 0x0200 value message.<br />
The extra byte that follows the 0x0600 message type alternates between 0x00 and 0x01 between<br />
every measurement. This could provide some frame loss checking, for example if the server receives<br />
two messages with that byte set to 0x01 after each other it would know that it missed a whole<br />
measurement with 0x00 set as the value.<br />
The last message type that was captured has a value of 0x0a00 and has a considerably longer payload.<br />
The message is sent to the server every couple of seconds and may contain some information about<br />
network performance, bytes exchanged and possibly even key information if decent encryption will<br />
be used. Table 5 contains a list of data in 32-bit words in the payload. Time was too short to sort<br />
out the meaning of every byte but some patterns did emerge.<br />
Voice Messages The second packet stream starts its payload with the 0x4b19 sequence. It contains<br />
the actual voice data and of course some header information. After the first two bytes which<br />
are unique for each call follow two bytes that are the same for each call: 0x8067. Also included is a<br />
sequence number which increases with every packet and a time field that increases with 0x00001000<br />
every quarter of a second. The opening and ending sequence from Table 5 follows that and the end of<br />
the header consist of one byte which varies a lot over the course a call and apparently has no relation<br />
any of the frame characteristics like length. This could possibly be an indication of the quality of<br />
the network as the client itself is experiencing it.<br />
22
Experiments Chapter 3<br />
Time Source ip Dest ip udp Payload<br />
3.821356 192.168.2.2 79.125.85.225 4b990600001a7ea50e34010000<br />
3.831607 192.168.2.2 79.125.85.225 4b9909001a7ea50e3401000000<br />
3.875186 79.125.85.225 192.168.2.2 80ba0600001a7ea50e34010000<br />
Table 4: Measurement messages between client and server.<br />
Value Type Description<br />
4b990a00 CONSTANT ‘Known’ Header<br />
81c8000c CONSTANT<br />
eb6e70fb CONSTANT Opening?<br />
d28754fe INCREASING +1 each second<br />
37f90d9d<br />
f9a85dba INCREASING Fast increase<br />
00000194 INCREASING<br />
00009beb INCREASING<br />
99ad3e5a CONSTANT<br />
00000000 Flags?<br />
00001957 INCREASING<br />
000000ed<br />
54f0f0b9 INCREASING<br />
00038d10<br />
81ca0002 CONSTANT<br />
eb6e70fb CONSTANT Ending?<br />
01000000 CONSTANT<br />
Table 5: Analysis of data in payload of 0x0a00 messages.<br />
We guessed the end of the headers due to the fact that all other data following the last byte was<br />
pretty much random. Running a frequency analysis over this data gives us an indicating of how<br />
random exactly, as shown in Table 7.<br />
This randomness could be because of some decent encryption that has been implemented but even<br />
unencrypted audio data is exceptionally random because of background noise and cosmic interference.<br />
3.2.4 Text Messages<br />
Besides the voice calls that <strong>Viber</strong> enables the user to make, it also allows them to send and receive<br />
text messages. This functionality uses some specialized tcp-based protocol to connect to the server<br />
and exchange messages. Decoding this stream has not been a priority within this project and there<br />
wasn’t any time left to research this further.<br />
23
Experiments Chapter 3<br />
3.2.5 Cryptanalysis<br />
Value Description<br />
4b198067 Known Header<br />
3ca5 Sequence Number<br />
3d351c86 Time<br />
eb6e70fb Constant<br />
e6 Network Quality?<br />
Table 6: Analysis of header data in voice messages.<br />
Hex Frequency<br />
0 6.23839<br />
1 6.13784<br />
2 6.07624<br />
3 6.13482<br />
4 6.1007<br />
5 6.69676<br />
6 5.99381<br />
7 6.73028<br />
8 6.05782<br />
9 6.04726<br />
a 6.10765<br />
b 6.0853<br />
c 6.03457<br />
d 6.73873<br />
e 6.05994<br />
f 6.75987<br />
Table 7: Frequency analysis of data in voice packets.<br />
After getting to the voice data in the messages there was not enough time left to get to the bottom<br />
of the cryptography used in the protocol. In paragraph 3.2.3 a frequency analysis has been done<br />
but this of course isn’t particularly useful against data that by nature is already very random. We<br />
can say that because the length of the payload of each packet differs significantly and the smallest<br />
deviation is only one byte, a block cipher seems out of the question and if encryption would be used<br />
it will be a stream cipher.<br />
Of course the question still remains: is it scrambled or encrypted?<br />
24
Experiments Chapter 3<br />
3.3 Application Code Analysis<br />
3.3.1 Introduction<br />
In the previous sections, a representation was given of <strong>Viber</strong>’s security seen from the outside of the<br />
application (its externals). In the following section, some interesting details of the internals of <strong>Viber</strong><br />
are unveiled. The information in this section by no means covers the welt of information about the<br />
to be presented techniques, but tries to give a fair insight.<br />
Before we continue, let’s first think of how an iOS/Android application is developed. Generally, a<br />
team of developers start programming an application once an idea has been established and completely<br />
worked out. The result of their hard work will be the application’s source code. During several<br />
phases of development, the source code is compiled to form an application that can be executed (and<br />
thus debugged) on the iOS/Android platform. Finally, the result of one or more prototypes is a<br />
finished application that is ready to be distributed. Now, let’s assume this application was accepted<br />
by both Apple and Google, and put available for download in the App Store and Android Market,<br />
respectively. Users will be able to download, install and use the application. Most users however<br />
will not even wonder or think about the level (or lack of) communication security provided by the<br />
application, as described before. The users that do either depend on the information provided by<br />
the author, the information from other users that also use the application, or on the information<br />
gained by studying the externals of the application themselves (like we have done in the previous<br />
sections). Ideally, this last group of users could go one step further and actually also explore some<br />
of the application’s internals. In other words, one could go back to the development phase of the<br />
application and have a look at the application code, be it not always code that is easy to read and<br />
understand. The term that is generally used for this is reverse engineering. Note that the word<br />
source, as in application source code, was intentionally left out. We will get back as to why this is.<br />
Having all this said, we for a moment continue with the general notion of an Android application<br />
and will later switch back to <strong>Viber</strong> for Android in specific. Moreover, only after this description will<br />
we be able to tell as to why iOS applications were left unspoken of.<br />
Applications for Android are generally developed entirely in the Java programming language.[30] We<br />
will focus on this type of applications. However, it is useful to know there are also applications that<br />
differ due to the fact they are not entirely written in Java, but also contain portions written in the<br />
C/C++ programming language (also called native code). Google does recommend the use of Java,<br />
however portions that are either performance-critical or part of a large base of previously developed<br />
source code in C/C++, are seen as valid reasons to make use of native code.[31]<br />
Applications are stored in an (Application Package File (apk)). Without getting into too much of<br />
the details, since this is not import to understand what follows, consider the package file as nothing<br />
more than an compressed archive with important files in it. These files consist of the compiled Java<br />
application code and the data files that the application and its installation procedure depend on.<br />
What we are interested in is actually a single file named classes.dex. This file is the result of first<br />
compiling one or more Java source code files into multiple class files, followed by another compiler<br />
named dx to convert and optimize these class files into a single dex file. This process is illustrated<br />
in figure 2.<br />
25
Experiments Chapter 3<br />
Figure 2: Compilation of Android applications: from source to application[32]<br />
Obviously, this process can be reverted, otherwise we would not be giving you all this information.<br />
There are several methods currently available to do so. One can decide to simply reverse the illustrated<br />
process of compilation by first converting the single dex file back into the original class<br />
files. For this purpose the tool dex2jar 2 (which is actually a program written in Java) can be used.<br />
Assuming dex2jar did the job correctly, this results in the original class files of an application stored<br />
in an JAR archive file. At this point one needs to turn the compiled class files into Java code so that<br />
it is easy to understand by humans. Fortunately, there are several tools available that do the job.<br />
One of the tools able to do so is JD-GUI, which is ‘a standalone graphical utility that displays Java<br />
source codes of class files.’ 3 It does a pretty good job at decompilation, but unfortunately it tends<br />
to stop responding when trying to decompile certain class files. This is especially troublesome if one<br />
wants to save decompiled class files to disk. (During such an export JD-GUI saves decompiled files in<br />
an archive file, and when it suddenly stops responding because it tries to process such a certain class<br />
file, the archive file is corrupted thus rendering the successfully decompiled files useless.) Moreover, it<br />
does not allow exporting a selective amount of class files and cannot be used from the command-line.<br />
Other popular tools for Java decompilation that both do provide these properties, amongst much<br />
more, are JAD 4 and Soot 5 . However no Java decompiler is perfect in the sense that it reproduces<br />
exactly the source code that was written by the developers. In fact, it may not even be valid Java code<br />
at all.[33] Results may vary for different class files depending on the code, coding-style, optimizations,<br />
obfuscation found in the original Java source code, and the compiler that was used. All in all, despite<br />
the issues with JD-GUI, it provides enough functionality to be useful for the purpose of this report.<br />
This brings us to the last point before wrapping up this section and continuing with the decompiled<br />
application code of <strong>Viber</strong> in particular. What about the usability of the decompiled Java code? As<br />
an example, consider the two pieces of Java code given in the listings below (1 & 2).<br />
1 public String getInitParameter ( String name ) {<br />
2 ServletConfig sc = getServletConfig ();<br />
3 if (sc == null ) {<br />
4 throw new IllegalStateException (<br />
5 lStrings . getString (" err . servlet_config_not_initialized "));<br />
6 }<br />
7 return sc. getInitParameter ( name );<br />
8 }<br />
2 dex2jar – http://code.google.com/p/dex2jar/<br />
3 JD-GUI – http://java.decompiler.free.fr<br />
4 JAD – http://www.varaneckas.com/jad/<br />
5 Soot – http://www.sable.mcgill.ca/soot/<br />
Listing 1: Original Java source code[34]<br />
26
Experiments Chapter 3<br />
1 public String getInitParameter ( String paramString )<br />
2 {<br />
3 ServletConfig localServletConfig = getServletConfig ();<br />
4 if ( localServletConfig == null )<br />
5 {<br />
6 String str = lStrings . getString (" err . servlet_config_not_initialized ");<br />
7 throw new IllegalStateException ( str );<br />
8 }<br />
9 return localServletConfig . getInitParameter ( paramString );<br />
10 }<br />
Listing 2: Decompiled Java code by JD-GUI[34]<br />
Even for such a small piece of code, there are quite some notable differences between the original<br />
source code and the decompiled version of the code. Furthermore, Google provides a tool named<br />
ProGuard which “shrinks, optimizes, and obfuscates your code by removing unused code and renaming<br />
classes, fields, and methods with semantically obscure names. The result is a smaller sized<br />
.apk file that is more difficult to reverse engineer.”[35] Imagine such a tool being used, this makes it<br />
even harder to decompile to application code that is readable and at the same time being valid Java<br />
code. By now you will probably understand why we intentionally did not talk about source code,<br />
but rather decided to use the phrase ‘application code’.<br />
For the record, it is also possible to decompile applications for Apple’s iOS platform, however the<br />
resulting code is more low-level than for most decompiled Android applications (assuming these<br />
largely consist of components written in Java). The reason for this being the case is that iPhone<br />
applications are written in Objective-C, which cannot be decompiled but only disassembled. The<br />
result would be application code in assembly, which we consider a low-level language since it is not<br />
easily readable by human beings.<br />
Note, the legality of decompiling and disassembling applications for iOS and Android is bluntly<br />
ignored throughout the above section.<br />
3.3.2 Application Code<br />
An analysis of the most interesting parts of the decompiled Java application code of <strong>Viber</strong> for<br />
Android, regarding the contents of this report, is presented in this section. The analysis is based on<br />
<strong>Viber</strong> version 2.1.2.116554, which at time of writing is the latest available version.<br />
After putting the <strong>Viber</strong> package file through the previous described decompilation process, the total<br />
number of resulting class files is 468. However when minimizing all the classes that lie outside the<br />
com.viber namespace, 265 class files directly belong to <strong>Viber</strong>. By lying outside we mean all other<br />
namespaces that to not directly belong to <strong>Viber</strong> but are included in the <strong>Viber</strong> package file because<br />
they are depended on, i.e. org.apache.james.mime4j and org.apache.http.entity. After looking<br />
at the contents of all the class files, we concluded that the application code has not been obfuscated.<br />
This strongly indicates ProGuard was not used, or at least not for this purpose.<br />
Now for the actual application code. The first intriguing thing that we found in the application code<br />
is part of the method GetDeviceUDID, which is shown in listing 3.<br />
27
Experiments Chapter 3<br />
1 String GetDeviceUDID ( Context paramContext )<br />
2 {<br />
3 log (" GetDeviceUDID ");<br />
4 SharedPreferences localSharedPreferences = PreferenceManager .<br />
getDefaultSharedPreferences ( paramContext );<br />
5 Object localObject = localSharedPreferences . getString (" viber_udid ", "");<br />
6 log (" UDID ␣in␣ preferences :" + ( String ) localObject );<br />
7 if ((( String ) localObject ). equals (""))<br />
8 {<br />
9 log (" UDID ␣ not ␣ found ␣in␣ preferences ,␣ generate ");<br />
10 String str1 = (( TelephonyManager ) paramContext . getSystemService (" phone ")).<br />
getDeviceId ();<br />
11 if (( TextUtils . isEmpty ( str1 )) || ( str1 == null ))<br />
12 {<br />
13 SecureRandom localSecureRandom = new SecureRandom ();<br />
14 str1 = localSecureRandom . nextLong () + localSecureRandom . nextLong ();<br />
15 }<br />
16 try<br />
17 {<br />
18 String str2 = Convert . getSha1 ( str1 );<br />
19 localObject = str2 ;<br />
20 if (! Patterns . UDID . matcher (( CharSequence ) localObject ). matches ())<br />
21 throw new IllegalStateException (" error ␣ generating ␣ UDID ␣-␣ pattern ␣ doesn ’t␣<br />
match !");<br />
22 }<br />
23 catch ( NoSuchAlgorithmException localNoSuchAlgorithmException )<br />
24 {<br />
25 throw new IllegalStateException (" error ␣ generating ␣ UDID ");<br />
26 }<br />
27 localSharedPreferences . edit (). putString (" viber_udid ", ( String ) localObject ).<br />
commit ();<br />
28 }<br />
29 log (" UDID ␣is␣" + ( String ) localObject );<br />
30 return ( String ) localObject ;<br />
31 }<br />
Listing 3: Method GetDeviceUDID in class<br />
com.viber.voip.registration.HardwareParametersImpl<br />
This above piece of code is actually responsible for the generation of an Unique Device Identifier<br />
(udid) . Basically, it first looks in the corresponding locally stored configuration file of <strong>Viber</strong> to see<br />
if a udid is already established. If it is, it simply returns the udid as a string. Otherwise, it calls the<br />
getDeviceId method in the Android framework and stores the result in the str1 variable. Normally<br />
the getDeviceId method returns the International Mobile Equipment Identity (imei) number (for<br />
Global System for Mobile <strong>Communication</strong>s (gsm) -based Android devices).[36]<br />
If it does not return anything, a “a pseudo-random uniformly distributed long” is generated by the<br />
method nextLong of the SecureRandom class and stored in the str1 variable.[37] The content of the<br />
str1 variable (either the imei or random number) is then hashed with Secure Hash Algorithm (sha) -<br />
1. The resulting hash is stored in the str2 variable and compared to a pattern to verify its format<br />
is correct. The code of this pattern is shown in listing 4.<br />
28
Experiments Chapter 3<br />
It does nothing more than making sure any value’s format should be 40 characters in total, where<br />
the only allowed characters are the (non-capital) letters ‘a’ through ‘f’ and all numbers. Assuming<br />
the hash in the str2 variable complies with this requirement, it is written to the corresponding<br />
configuration file and from now on used as the udid .<br />
The above theory has been tested to be valid. For example, when <strong>Viber</strong> is registered in an Android<br />
Virtual Device (avd) , which is nothing more than a way to emulate an Android device on a regular<br />
computer, the default imei of 000000000000000 for any avd is hashed into c02c705e98588f724ca046ac59cafece65501e<br />
1 static<br />
2 {<br />
3 [...]<br />
4 UDID = Pattern . compile ("[a-f0 -9]{40} ");<br />
5 [...]<br />
6 }<br />
Listing 4: UDID pattern in class com.viber.voip.util.Patterns<br />
We found another interesting method regarding the process of registration. This method is named<br />
generateSignature and the corresponding application code is shown in listing 5. Just like the earlier<br />
described method which generated a udid, the method we are describing in this paragraph is also<br />
just a small part of <strong>Viber</strong>’s entire registration process. The method is part of the generation of a<br />
device key based on an input string passed along to the method. This probably sounds similar to<br />
the udid we earlier described but in fact it is not. Instead, the device key is generated by the <strong>Viber</strong><br />
services and not at the client-side. When the registration process of a new <strong>Viber</strong> account is initiated,<br />
an SSL certificate is retrieved and used to communicate with a web server of the <strong>Viber</strong> services over<br />
http Secure (https) . The URLs for the registration process are present in the application code,<br />
shown in listing 6.<br />
1 private String generateSignature ( String paramString )<br />
2 throws Exception<br />
3 {<br />
4 SecretKeySpec localSecretKeySpec = new SecretKeySpec ("5<br />
eb6588086b6b2d054af80527b26caf71d165042175e0f9550ea58a8 ". getBytes () , "<br />
HmacSHA256 ");<br />
5 Mac localMac = Mac . getInstance (" HmacSHA256 ");<br />
6 localMac . init ( localSecretKeySpec );<br />
7 byte [] arrayOfByte = localMac . doFinal ( paramString . getBytes ());<br />
8 StringBuffer localStringBuffer = new StringBuffer ();<br />
9 int i = arrayOfByte . length ;<br />
10 for ( int j = 0; ; j ++)<br />
11 {<br />
12 if (j >= i)<br />
13 return localStringBuffer . toString ();<br />
14 localStringBuffer . append ( Integer . toHexString (256 + (0 xFF & arrayOfByte [j])).<br />
substring (1) );<br />
15 }<br />
16 }<br />
Listing 5: Method generateSignature in class<br />
com.viber.voip.registration.GenerateDeviceKeyManager<br />
29
Experiments Chapter 3<br />
1 private class ProdServerConfig extends ServerConfig . IServerConfig<br />
2 {<br />
3 public ProdServerConfig ()<br />
4 {<br />
5 super ();<br />
6 this . url_activation_request = " https :// secure . viber . com / viber / viber . php ?<br />
function = ActivateUser ";<br />
7 this . url_registration_request = " https :// secure . viber . com / viber / viber . php ?<br />
function = RegisterUser ";<br />
8 this . url_country_request = " https :// secure . viber . com / viber / viber . php ? function =<br />
GetDefaultCountry ";<br />
9 this . url_deactivation_request = " https :// secure . viber . com / viber / viber . php ?<br />
function = DeActivate ";<br />
10 this . url_generate_device_key = " https :// secure . viber . com / viber / viber . php ?<br />
function = GenerateDeviceKey ";<br />
11 this . url_generate_device_key_done = " https :// secure . viber . com / viber / viber . php ?<br />
function = GenerateDeviceKeyDone ";<br />
12 this . url_update_phone_request = " https :// secure . viber . com / viber / viber . php ?<br />
function = UpdatePhone ";<br />
13 this . url_voip_host = " aloha . viber . com ";<br />
14 }<br />
15 }<br />
Listing 6: ProdServerConfig URL’s in class com.viber.voip.ServerConfig<br />
One could easily see that the generateSignature method uses a Hash-based Message Authentication<br />
Code (hmac) based on sha -256, and a statically configured secret key with the value 5eb6588086b6b2d054af80527b<br />
We suspect that before the method is executed, an xml -based request is built by other application<br />
code and then passed onto the generateSignature method which outputs a signature of that input.<br />
Once this is transmitted along with the xml -based request, it provides integrity of the contents of<br />
the request.<br />
Lastly, we have selected some interesting methods regarding sending/receiving messages. First,<br />
the code of the sendNewMessage method shown in listing 7. This method takes two parameters:<br />
the recipient’s number, the text of the message, and the current time in milliseconds, respectively.<br />
Amongst other things, it then passes these parameters on to the method insertNewMessage along<br />
with nine other static values.<br />
1 public void sendNewMessage ( String paramString1 , String paramString2 )<br />
2 {<br />
3 log (" sendNewMessage ␣ toNumber :" + paramString1 + ",text :" + paramString2 );<br />
4 insertNewMessage (null , paramString1 , paramString2 , System . currentTimeMillis () , 1,<br />
0, 1, 0, 0, 3, " text ", false );<br />
5 sendPendingMessages ();<br />
6 }<br />
Listing 7: Method sendNewMessage in com.viber.voip.messages.MessagesManager<br />
Since the actual insertNewMessage method is long and not very interesting, we decided to show<br />
the code of the createMessageValues method instead, see listing 8. The reason is that this method<br />
clearly shows the meaning of almost all the different parameters passed to the insertNewMessage<br />
method.<br />
30
Experiments Chapter 3<br />
1 private ContentValues createMessageValues ( Long paramLong , String paramString1 ,<br />
String paramString2 , long paramLong1 , int paramInt1 , int paramInt2 , int<br />
paramInt3 , int paramInt4 , int paramInt5 , int paramInt6 , int paramInt7 , String<br />
paramString3 )<br />
2 {<br />
3 ContentValues localContentValues = new ContentValues ();<br />
4 localContentValues . put (" status ", Integer . valueOf ( paramInt3 ));<br />
5 localContentValues . put (" date ", Long . valueOf ( paramLong1 ));<br />
6 if ( paramLong != null )<br />
7 localContentValues . put (" token ", paramLong );<br />
8 localContentValues . put (" read ", Integer . valueOf ( paramInt4 ));<br />
9 localContentValues . put (" body ", paramString2 );<br />
10 localContentValues . put (" thread_id ", Integer . valueOf ( paramInt1 ));<br />
11 localContentValues . put (" type ", Integer . valueOf ( paramInt2 ));<br />
12 localContentValues . put (" address ", paramString1 );<br />
13 localContentValues . put (" flag ", Integer . valueOf ( paramInt5 ));<br />
14 localContentValues . put (" seq ", Integer . valueOf ( paramInt6 ));<br />
15 localContentValues . put (" extra_status ", Integer . valueOf ( paramInt7 ));<br />
16 localContentValues . put (" extra_mime ", paramString3 );<br />
17 List localList = ContactsUtils . getContactIdFromNumber ( this . context , paramString1 )<br />
;<br />
18 long l;<br />
19 if (( localList != null ) && ( localList . size () > 0))<br />
20 l = (( Long ) localList . get (0) ). longValue ();<br />
21 while ( true )<br />
22 {<br />
23 localContentValues . put (" person ", Long . valueOf (l));<br />
24 return localContentValues ;<br />
25 l = -1L;<br />
26 }<br />
27 }<br />
Listing 8: Method createMessageValues in com.viber.voip.messages.MessagesManager<br />
This is interesting because we now have an idea on what a message is actually composed of. It<br />
obviously contains the recipient’s address and the message text, but also a token, a flag, a sequence<br />
number, et cetera. This brings to another important fact, that of tokens being associated with<br />
messages. The code responsible for token generation is shown in listing 9.<br />
1 private int getNewToken ()<br />
2 {<br />
3 monitorenter ;<br />
4 try<br />
5 {<br />
6 SharedPreferences localSharedPreferences = this . context . getSharedPreferences ("<br />
messages_manager ", 0);<br />
7 int i = localSharedPreferences . getInt (" last_message_token_id ", 0);<br />
8 if (i == 0)<br />
9 i = 0 x7FFFFFC0 & Math . abs ( random . nextInt ());<br />
10 int j = i + 1;<br />
11 localSharedPreferences . edit (). putInt (" last_message_token_id ", j). commit ();<br />
12 monitorexit ;<br />
13 return j;<br />
14 }<br />
31
Experiments Chapter 3<br />
15 finally<br />
16 {<br />
17 localObject = finally ;<br />
18 monitorexit ;<br />
19 }<br />
20 throw localObject ;<br />
21 }<br />
Listing 9: Method getNewToken in com.viber.voip.messages.MessagesManager<br />
The getNewToken method first looks in the corresponding configuration file to see if a token is<br />
already established. If it is, it increments its value by one, stores it in the configuration file, and<br />
returns it. Otherwise, a random integer value and some math is used to generate an initial token,<br />
after which the same steps described above for a existing token are repeated.<br />
This concludes our analysis of most interesting parts in the application code. Of course there is<br />
much more to explore (literally) and we recommend anyone that has become interested to do so.<br />
The ability to look at the application code has many advantages, and could save a lot of time when<br />
trying to reverse engineer a protocol. However, if an application consists of a couple hundred class<br />
files, one easily gets lots quickly. This can also get time-consuming when one needs to figure out how<br />
some functionality in the application itself translates back to the application code.<br />
32
Experiments Chapter 3<br />
3.4 Other Weaknesses<br />
In this section we will describe a couple weaknesses of <strong>Viber</strong>’s current design that can potentially<br />
be abused. We mainly focus on something that was on a somewhat other way mentioned in the<br />
previous sections: the registration process. During the project we came across a couple of things<br />
that we find useful to note. Moreover, we felt that the registration process is an important aspect<br />
of <strong>Viber</strong> and one could argue is it even more important than the communication security. Think of<br />
what would happen if one could manually configure itself to forge a person’s <strong>Viber</strong> account (their<br />
phone number that is), and by doing so listening in to all communication of that person without<br />
having to decrypt/decipher communication data.<br />
The registration process on the iOS platform is identical to that on the Android platform. It is<br />
explained below. When <strong>Viber</strong> is run for the first time it will ask for permission to access the<br />
phonebook (According to <strong>Viber</strong>’s privacy policy it is used to (a) notify you when your contacts<br />
become active on <strong>Viber</strong>, (b) indicate which of your contacts is already a <strong>Viber</strong> user, and (c) correctly<br />
display the name of each contact as it appears in your address book when a call is received.[38] ) After<br />
granting access, it will ask for a phone number. This phone number is used as an account identity<br />
to allow one to receive/send messages and calls. After filling in a phone number, an automated<br />
computer system sends a text message with an four digit activation code to this phone number (thus<br />
via the regular telephone network). However, if the text message did not arrive, one can make use of<br />
the provided callback service. This service is provided by another automated computer system that<br />
makes a phone call to the earlier filled in phone number and then reads the four digit activation code<br />
out loud. When the correct activation code is entered into <strong>Viber</strong>, the account will get activated and<br />
the application can be used.<br />
By now it might already be somewhat clear that the registration process can be abused. For example,<br />
someone could fill in the phone number of another person, and spam them with the automated text<br />
messages and phone calls. Obviously, there is a limitation to the amount of automated text messages<br />
and phone calls from the <strong>Viber</strong> services: 1 text message and 2 phone calls in 24 hours. Imagine how<br />
frustrating this could get if an imposter would do this every day with your phone number. Luckily<br />
besides annoying someone, as long as the activation code is not known to an imposter, (theoretically)<br />
no harm could be done.<br />
Earlier we described of which steps the registration process is made up of. In <strong>Viber</strong> for Android<br />
every step has several associated configuration items that are stored in corresponding configuration<br />
files, such as granting access to the phone book, the generated udid, the filled in phone number, the<br />
activation code, the generated device key, et cetera. Moreover, even the currently active registration<br />
step is stored in a configuration file (thus on the client-side). This allows one to modify the current<br />
state of the registration from non-activated to activated without the need of an activation code.<br />
This sounds much easier than it is since the <strong>Viber</strong> services are of course also keeping track of some<br />
registration state of the client. However, we did manage to bypass the official registration process in<br />
an avd and were suddenly able to use <strong>Viber</strong> from a completely unknown phone number. Basically<br />
what we did was first adding ourselves as a contact to the address book of the avd, then forced the<br />
registration state to activated by modifying the corresponding configuration file, and then after we<br />
were activated send a text message to one of our own <strong>Viber</strong> account.<br />
33
Experiments Chapter 3<br />
The figures 3(a) and 3(b) are screen captures taken on a iPhone and show that we were actually able<br />
to communicate two ways once we received a text message from the unknown <strong>Viber</strong> account.<br />
(a) <strong>Viber</strong> message overview (b) <strong>Viber</strong> message log<br />
Unfortunately trying to reproduce this did not turn out to be a success. So we are not sure if we<br />
managed to do so the first time because it is actually a design flaw, a glitch or malfunction of the<br />
<strong>Viber</strong> services, or due to a certain configuration state of the application. Though, we lean towards<br />
thinking it could be done again if one has enough time to go through various configuration scenarios<br />
in the correct order.<br />
34
Conclusion Chapter 4<br />
4 Conclusion<br />
4.1 Results<br />
Local Storage<br />
As shown in chapter 3.1 <strong>Viber</strong> contains a SQLite Database with some xml files which contain<br />
configuration data. Everything is unencrypted and can be viewed fairly easy, although your phone<br />
needs to be rooted or jailbreaked. The implementation between iOS and Android doesn’t differ much.<br />
However the local storage on iOS looks better organized and cleaner. The <strong>Viber</strong> database contains<br />
all calls logged, address-book and message information. While the xml file(s) contain different<br />
configuration attributes, which are more interesting since it contains hashes and application options.<br />
Transferred Data<br />
The data that is sent on the wire was a lot to analyze. Automatic Protocol Analysis tools were used<br />
to speed this process up but was inadequate to get any definitive structure from the packets. Manual<br />
Reverse Engineering is a long process which requires a lot of experience. Some characteristics of the<br />
protocol and the packets were documented but due to time restrictions the data encryption was not<br />
extensively looked at.<br />
When analyzing a protocol like this, it is important to cover all different angles because the key or<br />
location of the key could be revealed anywhere. Therefore the signaling protocol was analyzed as<br />
well but key material was not found.<br />
4.2 Comparison<br />
In chapter 1.3 could be read about <strong>Viber</strong> their security policy. Information about other communication<br />
applications could be read in chapter 2.1. This chapter should conclude this research document.<br />
<strong>Viber</strong> states to comply with the law, protect your right and tries to protect your personal data.<br />
They also say no method is 100% secure. However <strong>Viber</strong> is not the only one having this kind of<br />
policy. Every policy from the different applications are more or less the same. At least on how they<br />
think what they should do with your personal information.<br />
The encryption policy however does change per application. Most applications try to protect the<br />
kind of encryption they are using. However some to see or have announced one time what kind of<br />
encryption they are using. But most state that since you don’t publish your encryption mechanism<br />
you can’t claim your using encryption. Or as the Kerckhoff principle would say: ‘A cryptosystem<br />
should be secure even if everything about the system, except the key, is public knowledge’.[39] you<br />
can only claim cryptography when you use open mechanisms and publish this.<br />
There is also a big difference on how many exploits have been found in different communication<br />
applications. Some applications are relative new on the market and are not researched much yet.<br />
But you can almost count on it that exploits will be found. Hackers only need time and money. For<br />
35
Conclusion Chapter 4<br />
example reverse engineering the source code can be handy for hackers to find exploits or holes in a<br />
application mechanism.<br />
In the end it’s very difficult to compare different communication services. This since some are older<br />
than others and the older ones are as can be expected more researched. In most of them exploits are<br />
already found. This can be a good thing since services become more aware of the security aspects<br />
of their service. Users don’t instantly become aware of those dangers but when a news item gets<br />
published about an exploit they do.<br />
For <strong>Viber</strong> we can conclude it uses some kind of encryption but what kind of encryption is unclear.<br />
We have found some exploits as could be read in chapter 3.4. We can at least conclude that messages<br />
are not send in plaintext over the internet. However the <strong>Viber</strong> database is still unencrypted and<br />
easy accessible as could be read in chapter 3.1. We are confident we could have found more if we<br />
had more time for reverse engineering <strong>Viber</strong>, what we have found concerning this can be read in<br />
chapters 3.2 & 3.3. But for now we have to conclude that ‘the scrambled is still scrambled’.<br />
4.3 Future Research<br />
Due to lack of time we were not able to get a definitive answer on how the data is actually encrypted.<br />
Apart from this there are some other areas that might be interesting to look at.<br />
• The protocol also uses Transmission Control Protocol (tcp) to exchange messages which hasn’t<br />
gotten any attention in this report. Reverse Engineering this stream could reveal other potential<br />
security risks.<br />
• If we had more time we would have liked to attach a debugger to the running program so that<br />
every piece of code used for, i.e. making a call and sending a text message, can be closely<br />
analysed by settings breakpoints (to pause the program) at specific places. Moreover, with<br />
an debugger it is also possible to dump the memory used by the program to a file for later<br />
analysis.<br />
• Since the application is written in Java it is possible to execute Java class files on a normal<br />
computer just as long as a Java Virtual Machine (jvm) is installed. Although in the case of<br />
<strong>Viber</strong> this is not really useful since many classes depend on other classes, it still could help<br />
one to determine the output of a method in a class when a certain parameter value is used to<br />
execute it.<br />
36
Acronyms Appendix A<br />
A Acronyms<br />
aes Advanced Encryption Standard<br />
ap Access Point<br />
apk Application Package File<br />
ascii American Standard Code for Information<br />
Interchange<br />
avd Android Virtual Device<br />
cifs Common Internet File System<br />
dna Deoxyribonucleic acid<br />
dt Data Type<br />
gnu GNU’s Not Unix<br />
gps Global Position System<br />
gsm Global System for Mobile <strong>Communication</strong>s<br />
hmac Hash-based Message Authentication Code<br />
http Hypertext Transfer Protocol<br />
https http Secure<br />
ietf Internet Engineering Task Force<br />
im Instant Message<br />
imei International Mobile Equipment Identity<br />
ip Internet Protocol<br />
isp Internet Service Provider<br />
irc Internet Relay Chat<br />
it Information Technology<br />
jvm Java Virtual Machine<br />
mitm Man in the Middle<br />
ms-dos Microsoft Disk Operating System<br />
nat Network Address Translation<br />
37<br />
os Operating System<br />
pi Protocol Informatics<br />
rsa Ron Rivest, Adi Shamir and Leonard Adleman<br />
rtmp Real Time Messaging Protocol<br />
rtp Real Time Protocol<br />
rtt Round Trip Time<br />
sha Secure Hash Algorithm<br />
sip Session Initiation Protocol<br />
ssl Secure Sockets Layer<br />
smb Server Message Block<br />
sne Systems and Network Engineering<br />
ssn <strong>Security</strong> of Systems and Networks<br />
tcp Transmission Control Protocol<br />
tls Transport Layer <strong>Security</strong><br />
udid Unique Device Identifier<br />
udp User Datagram Protocol<br />
voip Voice over ip<br />
xml Extensible Markup Language
B Bibliography<br />
Appendix B<br />
[1] D. Etherington, “<strong>Viber</strong> gives skype a run for its money on iphone,” December 2010. http:<br />
//gigaom.com/apple/viber-gives-skype-a-run-for-its-money-on-iphone/.<br />
[2] T. Marco, “Are the messages sent between viber users encrypted?,” June 2011. http://www.<br />
quora.com/Talmon-Marco-Are-the-messages-sent-between-<strong>Viber</strong>-users-encrypted.<br />
[3] T. Marco, “<strong>Viber</strong> for iphone updated with free text messaging (comment),” April 2011. http:<br />
//i.tuaw.com/2011/04/01/viber-for-iphone-updated-with-free-text-messaging.<br />
[4] G. V. Michiel Appelman and J. Bosma, “<strong>Viber</strong> communication security - project proposal,”<br />
November 2011. https://www.os3.nl/_media/2011-2012/courses/ssn/viber_<br />
communication_security.pdf?id=2011-2012.<br />
[5] <strong>Viber</strong>, “<strong>Viber</strong> privacy policy,” July 2011. http://www.viber.com/privacypolicy.html.<br />
[6] V. H. Desk, “Traffic encryption policy,” 2011. http://helpme.viber.com/index.php?<br />
/Troubleshooter/Step/View/3.<br />
[7] S. L. Garfinkel, “Voip and skype security,” January 2005. http://skypetips.<br />
internetvisitation.org/files/VoIP%20and%20Skype.pdf.<br />
[8] M. Marjalaakso, “<strong>Security</strong> requirements and constraints of voip,” 2010. http://www.tml.tkk.<br />
fi/Opinnot/Tik-110.501/2000/papers/marjalaakso/voip.html.<br />
[9] W. de Vries, “Fout in verificatiecheck whatsapp maakt meelezen<br />
berichten mogelijk,” May 2011. http://tweakers.net/nieuws/74576/<br />
fout-in-verificatiecheck-whatsapp-maakt-meelezen-berichten-mogelijk.html.<br />
[10] R. Gevers, “Whatsapp security weaknesses,” May 2011. http://rickey-g.blogspot.com/<br />
2011/05/whatsapp-connection-details.html.<br />
[11] R. Gevers, “Hijack whatsapp with your iphone,” May 2011. http://rickey-g.blogspot.com/<br />
2011/05/hijack-someone-elses-whatsapp-with-your.html.<br />
[12] WhatsApp, “Whatsapp legal info,” November 2009. http://www.whatsapp.com/legal/.<br />
[13] eBuddy XMS team, “Q&A on eBuddy XMS’ secure connection,” May 2011. http://blog.<br />
ebuddy.com/index.php/ebuddy-blog/qa-on-ebuddy-xms-secure-connection/.<br />
[14] eBuddy, “Privacy policy,” March 2011. http://www.ebuddy.com/privacy.php.<br />
[15] S. Kovach, “Skype for iphone lets others steal your address book contacts,” September 2011.<br />
http://articles.businessinsider.com/2011-09-20/tech/30178953_1_skype-ios-app.<br />
38
Appendix B<br />
[16] A. Greene, “Skype security flaw can expose user locations, researchers<br />
say,” November 2011. http://www.techflash.com/seattle/2011/11/<br />
skype-security-flaw-can-expose-location.html.<br />
[17] T. D. Brown, “Skype for ios has a security flaw,” September 2011. http://lifeonmymobile.<br />
com/2011/09/20/skype-for-ios-has-a-security-flaw/.<br />
[18] Skype, “Skype privacy policy,” October 2011. http://www.skype.com/intl/en-us/legal/<br />
privacy/general/.<br />
[19] T. Kemper, “Nimbuzz security tips,” August 2010. http://blog.nimbuzz.com/2010/08/03/<br />
nimbuzz-security-tips/.<br />
[20] jiah, “<strong>Security</strong> tips and advice for nimbuzz,” August 2010. http://swiftwares.com/forum/<br />
viewtopic.php?f=34&t=505.<br />
[21] Redactie, “Anonymous lekt broncode nederlands "censuurbedrijf",” July 2011.<br />
http://www.security.nl/artikel/37723/Anonymous_lekt_broncode_Nederlands_<br />
%22censuurbedrijf%22.html.<br />
[22] A. U. de Haes, “Broncode nederlandse chatdienst nimbuzz gestolen,” July 2011. http:<br />
//webwereld.nl/nieuws/107221/broncode-nederlandse-chatdienst-nimbuzz-gestolen.<br />
html.<br />
[23] Nimbuzz, “Nimbuzz privacy statement,” December 2010. http://www.nimbuzz.com/en/legal/<br />
privacy-statement.<br />
[24] A. Tridgell, “How Samba was written,” August 2003. http://samba.org/ftp/tridge/misc/<br />
french_cafe.txt.<br />
[25] R. Savoye, “Reverse Engineering of Proprietary Protocols, Tools and Techniques,” March 2009.<br />
http://www.youtube.com/watch?v=t3s-mG5yUjY.<br />
[26] M. Beddoe, “Network protocol analysis using bioinformatics algorithms,” 2005. http://www.<br />
4tphi.net/~awalters/PI/PI.html.<br />
[27] W. Cui, J. Kannan, and H. Wang, “Discoverer: Automatic protocol reverse engineering from<br />
network traces,” in Proceedings of 16th USENIX <strong>Security</strong> Symposium on USENIX <strong>Security</strong> Symposium,<br />
p. 14, USENIX Association, 2007. http://research.microsoft.com/pubs/153196/<br />
discoverer-security07.pdf.<br />
[28] T. Beardsley, “Manual Protocol Reverse Engineering,” January 2009. http://www.<br />
breakingpointsystems.com/community/blog/manual-protocol-reverse-engineering/.<br />
[29] D. D. Trammell, “Automated Protocol Reverse Engineering,” January 2009. http://www.<br />
breakingpointsystems.com/community/blog/manual-protocol-reverse-engineering/.<br />
[30] Google, “What is android?,” 2011. http://developer.android.com/guide/basics/<br />
what-is-android.html.<br />
39
Log Appendix C<br />
[31] Google, “What is the ndk?,” 2011. http://developer.android.com/sdk/ndk/overview.html.<br />
[32] D. Octeau, W. Enck, and P. McDaniel, “The ded decompiler,” tech. rep., Network and <strong>Security</strong><br />
Research Center, Department of Computer Science and Engineering, Pennsylvania<br />
State University, University Park, PA, USA, 2010. http://siis.cse.psu.edu/ded/papers/<br />
NAS-TR-0140-2010.pdf.<br />
[33] N. A. Naeem, “Programmer-friendly decompiled java,” Master’s thesis, McGill University,<br />
2006. http://www.sable.mcgill.ca/publications/thesis/masters-nnaeem/<br />
sable-thesis-2006-masters-nnaeem.pdf.<br />
[34] pxb1988@gmail.com, “dex2jar wiki entry éxample ´ ,” 2011. http://code.google.com/p/<br />
dex2jar/wiki/Example.<br />
[35] Google, “Proguard,” 2011. http://developer.android.com/guide/developing/tools/<br />
proguard.html.<br />
[36] Google, “Telephonymanager,” 2011. http://developer.android.com/reference/android/<br />
telephony/TelephonyManager.html.<br />
[37] Google, “Securerandom,” 2011. http://developer.android.com/reference/java/security/<br />
SecureRandom.html.<br />
[38] I. <strong>Viber</strong> Media, “<strong>Viber</strong> privacy policy,” 2011. http://viber.com/privacypolicy.html.<br />
[39] Wikipedia, “Kerckhoffs principle,” 19th century. http://en.wikipedia.org/wiki/<br />
Kerckhoffs%27s_principle.<br />
C Log<br />
We haven’t really kept any dates but we all worked on individual parts and collaborated during class.<br />
This accounted for at least 15-20 hours every week.<br />
Michiel Lab set-up, Protocol Reverse Engineering, Packet capturing and analysis.<br />
Jeffrey Lab set-up, Program Code Analysis, Other Weaknesses, Packet capturing.<br />
Gerrie Other Services, Local Storage (DB & configuration) Analysis.<br />
40