Viber Communication Security - Bad Request

More documents

Recommendations

Info

Experiments Chapter 3 Time Source ip Dest ip udp Payload 01.765650000 192.168.2.2 79.125.85.225 4b990100010077cab3315922.. 01.789661000 79.125.85.225 192.168.2.2 4b99020077cab33159228d12.. 01.814890000 192.168.2.2 145.18.248.29 4b99030077cab33159228d12 01.814973000 79.125.85.225 192.168.2.2 4b99020077cab33159228d12.. 02.054238000 192.168.2.2 145.18.248.29 4b99030077cab33159228d12 02.256731000 192.168.2.2 145.18.248.29 4b99030077cab33159228d12 02.503092000 192.168.2.2 145.18.248.29 4b99030077cab33159228d12 . . . . 31.497124000 192.168.2.2 145.18.248.29 4b99030077cab33159228d12 31.704656000 192.168.2.2 145.18.248.29 4b99030077cab33159228d12 33.042943000 192.168.2.2 79.125.85.225 4b99050077cab33159228d12 Table 2: Message exchange between clients and server. 060ccc02 2 204 12 6 1df81291 145 18 248 29 3fc81df8 248 29 200 63 12913fc8 200 63 145 18 06000000 0 0 0 6 Table 3: Little Endian translations to decimal octets from payload of 0x0200 value message. The extra byte that follows the 0x0600 message type alternates between 0x00 and 0x01 between every measurement. This could provide some frame loss checking, for example if the server receives two messages with that byte set to 0x01 after each other it would know that it missed a whole measurement with 0x00 set as the value. The last message type that was captured has a value of 0x0a00 and has a considerably longer payload. The message is sent to the server every couple of seconds and may contain some information about network performance, bytes exchanged and possibly even key information if decent encryption will be used. Table 5 contains a list of data in 32-bit words in the payload. Time was too short to sort out the meaning of every byte but some patterns did emerge. Voice Messages The second packet stream starts its payload with the 0x4b19 sequence. It contains the actual voice data and of course some header information. After the first two bytes which are unique for each call follow two bytes that are the same for each call: 0x8067. Also included is a sequence number which increases with every packet and a time field that increases with 0x00001000 every quarter of a second. The opening and ending sequence from Table 5 follows that and the end of the header consist of one byte which varies a lot over the course a call and apparently has no relation any of the frame characteristics like length. This could possibly be an indication of the quality of the network as the client itself is experiencing it. 22
Experiments Chapter 3 Time Source ip Dest ip udp Payload 3.821356 192.168.2.2 79.125.85.225 4b990600001a7ea50e34010000 3.831607 192.168.2.2 79.125.85.225 4b9909001a7ea50e3401000000 3.875186 79.125.85.225 192.168.2.2 80ba0600001a7ea50e34010000 Table 4: Measurement messages between client and server. Value Type Description 4b990a00 CONSTANT ‘Known’ Header 81c8000c CONSTANT eb6e70fb CONSTANT Opening? d28754fe INCREASING +1 each second 37f90d9d f9a85dba INCREASING Fast increase 00000194 INCREASING 00009beb INCREASING 99ad3e5a CONSTANT 00000000 Flags? 00001957 INCREASING 000000ed 54f0f0b9 INCREASING 00038d10 81ca0002 CONSTANT eb6e70fb CONSTANT Ending? 01000000 CONSTANT Table 5: Analysis of data in payload of 0x0a00 messages. We guessed the end of the headers due to the fact that all other data following the last byte was pretty much random. Running a frequency analysis over this data gives us an indicating of how random exactly, as shown in Table 7. This randomness could be because of some decent encryption that has been implemented but even unencrypted audio data is exceptionally random because of background noise and cosmic interference. 3.2.4 Text Messages Besides the voice calls that <strong>Viber</strong> enables the user to make, it also allows them to send and receive text messages. This functionality uses some specialized tcp-based protocol to connect to the server and exchange messages. Decoding this stream has not been a priority within this project and there wasn’t any time left to research this further. 23
Page 1 and 2: Viber Communication Security Michie
Page 3 and 4: Introduction Chapter 1 1 Introducti
Page 5 and 6: Introduction Chapter 1 • How does
Page 7 and 8: Preliminary Research Chapter 2 2.1.
Page 9 and 10: Preliminary Research Chapter 2 mess
Page 15 and 16: Experiments Chapter 3 Android On An
Page 17 and 18: Experiments Chapter 3 (a) Android D
Page 19 and 20: Experiments Chapter 3 3.2 Reverse E
Page 21 and 22: Experiments Chapter 3 mappelman@ath
Page 23: Experiments Chapter 3 Signaling Mes
Page 27 and 28: Experiments Chapter 3 3.3 Applicati
Page 29 and 30: Experiments Chapter 3 1 public Stri
Page 31 and 32: Experiments Chapter 3 It does nothi
Page 33 and 34: Experiments Chapter 3 1 private Con
Page 35 and 36: Experiments Chapter 3 3.4 Other Wea
Page 37 and 38: Conclusion Chapter 4 4 Conclusion 4
Page 39 and 40: Acronyms Appendix A A Acronyms aes
Page 41 and 42: Appendix B [16] A. Greene, “Skype

Viber Communication Security - Bad Request

Create successful ePaper yourself

Delete template?

Save as template?