Viber Communication Security - Bad Request

More documents

Recommendations

Info

Experiments Chapter 3 1 String GetDeviceUDID ( Context paramContext ) 2 { 3 log (" GetDeviceUDID "); 4 SharedPreferences localSharedPreferences = PreferenceManager . getDefaultSharedPreferences ( paramContext ); 5 Object localObject = localSharedPreferences . getString (" viber_udid ", ""); 6 log (" UDID ␣in␣ preferences :" + ( String ) localObject ); 7 if ((( String ) localObject ). equals ("")) 8 { 9 log (" UDID ␣ not ␣ found ␣in␣ preferences ,␣ generate "); 10 String str1 = (( TelephonyManager ) paramContext . getSystemService (" phone ")). getDeviceId (); 11 if (( TextUtils . isEmpty ( str1 )) || ( str1 == null )) 12 { 13 SecureRandom localSecureRandom = new SecureRandom (); 14 str1 = localSecureRandom . nextLong () + localSecureRandom . nextLong (); 15 } 16 try 17 { 18 String str2 = Convert . getSha1 ( str1 ); 19 localObject = str2 ; 20 if (! Patterns . UDID . matcher (( CharSequence ) localObject ). matches ()) 21 throw new IllegalStateException (" error ␣ generating ␣ UDID ␣-␣ pattern ␣ doesn ’t␣ match !"); 22 } 23 catch ( NoSuchAlgorithmException localNoSuchAlgorithmException ) 24 { 25 throw new IllegalStateException (" error ␣ generating ␣ UDID "); 26 } 27 localSharedPreferences . edit (). putString (" viber_udid ", ( String ) localObject ). commit (); 28 } 29 log (" UDID ␣is␣" + ( String ) localObject ); 30 return ( String ) localObject ; 31 } Listing 3: Method GetDeviceUDID in class com.viber.voip.registration.HardwareParametersImpl This above piece of code is actually responsible for the generation of an Unique Device Identifier (udid) . Basically, it first looks in the corresponding locally stored configuration file of Viber to see if a udid is already established. If it is, it simply returns the udid as a string. Otherwise, it calls the getDeviceId method in the Android framework and stores the result in the str1 variable. Normally the getDeviceId method returns the International Mobile Equipment Identity (imei) number (for Global System for Mobile Communications (gsm) -based Android devices).[36] If it does not return anything, a “a pseudo-random uniformly distributed long” is generated by the method nextLong of the SecureRandom class and stored in the str1 variable.[37] The content of the str1 variable (either the imei or random number) is then hashed with Secure Hash Algorithm (sha) - 1. The resulting hash is stored in the str2 variable and compared to a pattern to verify its format is correct. The code of this pattern is shown in listing 4. 28
Experiments Chapter 3 It does nothing more than making sure any value’s format should be 40 characters in total, where the only allowed characters are the (non-capital) letters ‘a’ through ‘f’ and all numbers. Assuming the hash in the str2 variable complies with this requirement, it is written to the corresponding configuration file and from now on used as the udid . The above theory has been tested to be valid. For example, when Viber is registered in an Android Virtual Device (avd) , which is nothing more than a way to emulate an Android device on a regular computer, the default imei of 000000000000000 for any avd is hashed into c02c705e98588f724ca046ac59cafece65501e 1 static 2 { 3 [...] 4 UDID = Pattern . compile ("[a-f0 -9]{40} "); 5 [...] 6 } Listing 4: UDID pattern in class com.viber.voip.util.Patterns We found another interesting method regarding the process of registration. This method is named generateSignature and the corresponding application code is shown in listing 5. Just like the earlier described method which generated a udid, the method we are describing in this paragraph is also just a small part of Viber’s entire registration process. The method is part of the generation of a device key based on an input string passed along to the method. This probably sounds similar to the udid we earlier described but in fact it is not. Instead, the device key is generated by the Viber services and not at the client-side. When the registration process of a new Viber account is initiated, an SSL certificate is retrieved and used to communicate with a web server of the Viber services over http Secure (https) . The URLs for the registration process are present in the application code, shown in listing 6. 1 private String generateSignature ( String paramString ) 2 throws Exception 3 { 4 SecretKeySpec localSecretKeySpec = new SecretKeySpec ("5 eb6588086b6b2d054af80527b26caf71d165042175e0f9550ea58a8 ". getBytes () , " HmacSHA256 "); 5 Mac localMac = Mac . getInstance (" HmacSHA256 "); 6 localMac . init ( localSecretKeySpec ); 7 byte [] arrayOfByte = localMac . doFinal ( paramString . getBytes ()); 8 StringBuffer localStringBuffer = new StringBuffer (); 9 int i = arrayOfByte . length ; 10 for ( int j = 0; ; j ++) 11 { 12 if (j >= i) 13 return localStringBuffer . toString (); 14 localStringBuffer . append ( Integer . toHexString (256 + (0 xFF & arrayOfByte [j])). substring (1) ); 15 } 16 } Listing 5: Method generateSignature in class com.viber.voip.registration.GenerateDeviceKeyManager 29
Page 1 and 2: Viber Communication Security Michie
Page 3 and 4: Introduction Chapter 1 1 Introducti
Page 5 and 6: Introduction Chapter 1 • How does
Page 7 and 8: Preliminary Research Chapter 2 2.1.
Page 9 and 10: Preliminary Research Chapter 2 mess
Page 15 and 16: Experiments Chapter 3 Android On An
Page 17 and 18: Experiments Chapter 3 (a) Android D
Page 19 and 20: Experiments Chapter 3 3.2 Reverse E
Page 21 and 22: Experiments Chapter 3 mappelman@ath
Page 23 and 24: Experiments Chapter 3 Signaling Mes
Page 25 and 26: Experiments Chapter 3 Time Source i
Page 27 and 28: Experiments Chapter 3 3.3 Applicati
Page 29: Experiments Chapter 3 1 public Stri
Page 33 and 34: Experiments Chapter 3 1 private Con
Page 35 and 36: Experiments Chapter 3 3.4 Other Wea
Page 37 and 38: Conclusion Chapter 4 4 Conclusion 4
Page 39 and 40: Acronyms Appendix A A Acronyms aes
Page 41 and 42: Appendix B [16] A. Greene, “Skype

Viber Communication Security - Bad Request

Create successful ePaper yourself

Delete template?

Save as template?