Viber Communication Security - Bad Request

More documents

Recommendations

Info

Experiments Chapter 3 11 < string name =" sync_hash ">1 c582c9b3f8dcc12a1e74fd9fe4e27ce794b93f9 iOS: 1 2 $ class 3 4 CF$UID 5 < integer >3 6 7 NS. string 8 < string >62782 xxxx 9 10 < string >31 11 < string > 2.1.3.244 12 < string >3 d4a7ce7d4dcd02f25573e0d0d699d60c24b6094a076408e4d6ef841430e27ac 13 14 $ class 15 16 CF$UID 17 < integer >3 18 19 NS. string 20 < string >24 a6d8cd8b3024da1166d741563f27414f1cf6a7 21 22 As you can see the attribute names are much better defined in Android then those on iOS. With this you can probably distinguish what those values are on iOS through looking at the xml files in Android. Those hashes stored in the xml files especially look interesting and maybe can be used to gain extra knowledge when reverse-engineering the code. The hashes that are stored are for the: • Device key (SHA-256 hash) • Viber ID (SHA-1 hash) • Sync hash (SHA-1 hash) It’s also easy to view your activation code in the Android xml files, where also a ‘last_message_token_id’ can be found. Further the xml files contain values for all kind of configuration options. An interesting configuration value can be the one that’s says if your Viber is activated or not. We will come back to that one later. 16
Experiments Chapter 3 3.2 Reverse Engineering In Chapter 2.2 Protocol Reverse Engineering was discussed as a manual and automated process. In the chapter we will try to apply the same techniques on Viber. 3.2.1 Lab Setup Before being able to analyze the data, a network has to be set up to capture it. We found an old Linksys wireless router in the lab to use and connected that to a hub. This hub also connects to two of our servers, one that would provide the connection to the Internet and another one to just capture the packets. 192.168.1.1 192.168.1.101 linksys 192.168.2.2 192.168.2.1 berlin.stublab.os3.nl Hub No IP-address athens.studlab.os3.nl Figure 1: The packet sniffing test set-up. Internet Viber Serverfarm In Figure 1 the set-up is presented in it’s most basic form. The Linksys router wasn’t able to function as a standalone wireless Access Point (ap) so we had to nat the ip-addresses. On berlin.athens.os3.nl we added the following IPtables rule to allow nat there as well: iptables --table nat -A POSTROUTING \ -s 192.168.2.0/24 \ ! -d 192.168.2.0/24 -j MASQUERADE After we completed the setup we could associate a smartphone with the Linksys ap and we started seeing incoming frames on the capturing interface of athens. We used tcpdump to capture the traffic that was going over the line and wrote that to several .pcap-files. This allowed us to later filter these packets. 17
Page 1 and 2: Viber Communication Security Michie
Page 3 and 4: Introduction Chapter 1 1 Introducti
Page 5 and 6: Introduction Chapter 1 • How does
Page 7 and 8: Preliminary Research Chapter 2 2.1.
Page 9 and 10: Preliminary Research Chapter 2 mess
Page 15 and 16: Experiments Chapter 3 Android On An
Page 17: Experiments Chapter 3 (a) Android D
Page 21 and 22: Experiments Chapter 3 mappelman@ath
Page 23 and 24: Experiments Chapter 3 Signaling Mes
Page 25 and 26: Experiments Chapter 3 Time Source i
Page 27 and 28: Experiments Chapter 3 3.3 Applicati
Page 29 and 30: Experiments Chapter 3 1 public Stri
Page 31 and 32: Experiments Chapter 3 It does nothi
Page 33 and 34: Experiments Chapter 3 1 private Con
Page 35 and 36: Experiments Chapter 3 3.4 Other Wea
Page 37 and 38: Conclusion Chapter 4 4 Conclusion 4
Page 39 and 40: Acronyms Appendix A A Acronyms aes
Page 41 and 42: Appendix B [16] A. Greene, “Skype

Viber Communication Security - Bad Request

Create successful ePaper yourself

Delete template?

Save as template?