Viber Communication Security - Bad Request

More documents

Recommendations

Info

Experiments Chapter 3 1 private class ProdServerConfig extends ServerConfig . IServerConfig 2 { 3 public ProdServerConfig () 4 { 5 super (); 6 this . url_activation_request = " https :// secure . viber . com / viber / viber . php ? function = ActivateUser "; 7 this . url_registration_request = " https :// secure . viber . com / viber / viber . php ? function = RegisterUser "; 8 this . url_country_request = " https :// secure . viber . com / viber / viber . php ? function = GetDefaultCountry "; 9 this . url_deactivation_request = " https :// secure . viber . com / viber / viber . php ? function = DeActivate "; 10 this . url_generate_device_key = " https :// secure . viber . com / viber / viber . php ? function = GenerateDeviceKey "; 11 this . url_generate_device_key_done = " https :// secure . viber . com / viber / viber . php ? function = GenerateDeviceKeyDone "; 12 this . url_update_phone_request = " https :// secure . viber . com / viber / viber . php ? function = UpdatePhone "; 13 this . url_voip_host = " aloha . viber . com "; 14 } 15 } Listing 6: ProdServerConfig URL’s in class com.viber.voip.ServerConfig One could easily see that the generateSignature method uses a Hash-based Message Authentication Code (hmac) based on sha -256, and a statically configured secret key with the value 5eb6588086b6b2d054af80527b We suspect that before the method is executed, an xml -based request is built by other application code and then passed onto the generateSignature method which outputs a signature of that input. Once this is transmitted along with the xml -based request, it provides integrity of the contents of the request. Lastly, we have selected some interesting methods regarding sending/receiving messages. First, the code of the sendNewMessage method shown in listing 7. This method takes two parameters: the recipient’s number, the text of the message, and the current time in milliseconds, respectively. Amongst other things, it then passes these parameters on to the method insertNewMessage along with nine other static values. 1 public void sendNewMessage ( String paramString1 , String paramString2 ) 2 { 3 log (" sendNewMessage ␣ toNumber :" + paramString1 + ",text :" + paramString2 ); 4 insertNewMessage (null , paramString1 , paramString2 , System . currentTimeMillis () , 1, 0, 1, 0, 0, 3, " text ", false ); 5 sendPendingMessages (); 6 } Listing 7: Method sendNewMessage in com.viber.voip.messages.MessagesManager Since the actual insertNewMessage method is long and not very interesting, we decided to show the code of the createMessageValues method instead, see listing 8. The reason is that this method clearly shows the meaning of almost all the different parameters passed to the insertNewMessage method. 30
Experiments Chapter 3 1 private ContentValues createMessageValues ( Long paramLong , String paramString1 , String paramString2 , long paramLong1 , int paramInt1 , int paramInt2 , int paramInt3 , int paramInt4 , int paramInt5 , int paramInt6 , int paramInt7 , String paramString3 ) 2 { 3 ContentValues localContentValues = new ContentValues (); 4 localContentValues . put (" status ", Integer . valueOf ( paramInt3 )); 5 localContentValues . put (" date ", Long . valueOf ( paramLong1 )); 6 if ( paramLong != null ) 7 localContentValues . put (" token ", paramLong ); 8 localContentValues . put (" read ", Integer . valueOf ( paramInt4 )); 9 localContentValues . put (" body ", paramString2 ); 10 localContentValues . put (" thread_id ", Integer . valueOf ( paramInt1 )); 11 localContentValues . put (" type ", Integer . valueOf ( paramInt2 )); 12 localContentValues . put (" address ", paramString1 ); 13 localContentValues . put (" flag ", Integer . valueOf ( paramInt5 )); 14 localContentValues . put (" seq ", Integer . valueOf ( paramInt6 )); 15 localContentValues . put (" extra_status ", Integer . valueOf ( paramInt7 )); 16 localContentValues . put (" extra_mime ", paramString3 ); 17 List localList = ContactsUtils . getContactIdFromNumber ( this . context , paramString1 ) ; 18 long l; 19 if (( localList != null ) && ( localList . size () > 0)) 20 l = (( Long ) localList . get (0) ). longValue (); 21 while ( true ) 22 { 23 localContentValues . put (" person ", Long . valueOf (l)); 24 return localContentValues ; 25 l = -1L; 26 } 27 } Listing 8: Method createMessageValues in com.viber.voip.messages.MessagesManager This is interesting because we now have an idea on what a message is actually composed of. It obviously contains the recipient’s address and the message text, but also a token, a flag, a sequence number, et cetera. This brings to another important fact, that of tokens being associated with messages. The code responsible for token generation is shown in listing 9. 1 private int getNewToken () 2 { 3 monitorenter ; 4 try 5 { 6 SharedPreferences localSharedPreferences = this . context . getSharedPreferences (" messages_manager ", 0); 7 int i = localSharedPreferences . getInt (" last_message_token_id ", 0); 8 if (i == 0) 9 i = 0 x7FFFFFC0 & Math . abs ( random . nextInt ()); 10 int j = i + 1; 11 localSharedPreferences . edit (). putInt (" last_message_token_id ", j). commit (); 12 monitorexit ; 13 return j; 14 } 31
Page 1 and 2: Viber Communication Security Michie
Page 3 and 4: Introduction Chapter 1 1 Introducti
Page 5 and 6: Introduction Chapter 1 • How does
Page 7 and 8: Preliminary Research Chapter 2 2.1.
Page 9 and 10: Preliminary Research Chapter 2 mess
Page 15 and 16: Experiments Chapter 3 Android On An
Page 17 and 18: Experiments Chapter 3 (a) Android D
Page 19 and 20: Experiments Chapter 3 3.2 Reverse E
Page 21 and 22: Experiments Chapter 3 mappelman@ath
Page 23 and 24: Experiments Chapter 3 Signaling Mes
Page 25 and 26: Experiments Chapter 3 Time Source i
Page 27 and 28: Experiments Chapter 3 3.3 Applicati
Page 29 and 30: Experiments Chapter 3 1 public Stri
Page 31: Experiments Chapter 3 It does nothi
Page 35 and 36: Experiments Chapter 3 3.4 Other Wea
Page 37 and 38: Conclusion Chapter 4 4 Conclusion 4
Page 39 and 40: Acronyms Appendix A A Acronyms aes
Page 41 and 42: Appendix B [16] A. Greene, “Skype

Viber Communication Security - Bad Request

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?