SlideShare uma empresa Scribd logo

Bypass Security Checking with Frida

Transferir como PPTX, PDF
Satria Ady Pradana
Satria Ady Pradana

Small discussion on Echo's Hack In The Zoo (HITZ) 2017 Ragunan Zoo Jakarta Jakarta, 2017-09-09 Frida? It's a Dynamic Binary Instrumentation. DBI. Let's see what frida can do for us, reverse engineer.

Tecnologia
1 de 22
Bypass Security Checking With Frida
Hi! I am Satria Ady Pradana Cyber Security Consultant @ Mitra Integrasi Informatika xathrya.sabertooth @xathrya Reversing.ID Revealing the Truth through Breaking Things
My problem as Reverser (And Pentester)  I want to analyze some binary, application, or whatever  How it works?  What’s this functions for?  Why they use this solution?  Sometimes I want to know specific part of function.  And sometimes the binary is protected with certain kinds of “magic”  Bypass it? Of course  Btw, I am lazy…
Solution (of OldSchool Technique)  Code Injection to alter the behavior  DLL Injection, modify IAT, hook function, etc … Problem:  Too much works!  Need to recreate the DLL for each iteration.
Enter Frida!
What is Frida?  Dynamic instrumentation toolkit  Inspect and instrument live process  Execute instrumentation scripts inside other processes  Multiplatform  Windows, Linux, Mac, iOS, Android, QNX  Open source
DBI?  Dynamic Binary Instrumentation  Method of analyzing the behavior of a binary application at runtime through the injection of instrumentation code.  gain insight into the state of an application at various points in execution.  Instrumentation code executes as part of the normal instruction stream after being injected.
What can be done in DBI?  Access process memory  Overwrite functions while the application is running  Call functions from imported classes  Find object instance on the heap and use them  Hook, trace, and intercept function.
Frida’s Dynamic Nature  JavaScript API for instrumentation script (debugging logic)  With various bindings:  Python  .NET  JavaScript (Node.js)  Qt/Qml  etc
Install Frida (Python)  # python –m pip install Frida  Or  # pip install frida
Basics  Attach to process (locally, remotely)  Enumerate modules and threads  Check function call’s arguments  Modify arguments  Modify function
Bypassing Security Check In Our Example:  Get Plaintext on Encryption Process  Brute Force PIN  Root Checking  SSL Pinning
Get Plaintext on Encryption Process  Concept: To produce a Ciphertext, an encryption process need a plaintext, key, and some other parameters such as Initialization vector.  Bypass: Hook the encryption function and log the plaintext data.
Brute Force PIN  Concept: A PIN or password protected binary need a function to compare user-input PIN with the correct one.  Bypass: Hook the checking and force it to return true.
Root Checking (Android, iOS)  Concept: Check the presence of several items as result or end of rooting process  Does binary SU exist?  Does apk Superuser exist?  Bypass: Hook the checking and force it to return true.
SSL Pinning  Concept: Use a local copy of x509 digital certificate to verify digital certificate provided by server.  Bypass: Hook the checking and force it to return true, regardless the value of provided certificate.
Alternative?  PIN:  https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation- tool  DynamoRIO:  http://www.dynamorio.org/ In both cases, you write a code on top of those framework, compile them, and inject the library into the target.

Recomendados

Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationSatria Ady Pradana
 
How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017Ammarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMBGA Cyber Security
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usagen|u - The Open Security Community
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityPanda Security
 
Building an Empire with PowerShell
Building an Empire with PowerShellBuilding an Empire with PowerShell
Building an Empire with PowerShellWill Schroeder
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 

Recomendados

Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationSatria Ady Pradana
 
How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017Ammarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMBGA Cyber Security
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usagen|u - The Open Security Community
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityPanda Security
 
Building an Empire with PowerShell
Building an Empire with PowerShellBuilding an Empire with PowerShell
Building an Empire with PowerShellWill Schroeder
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Explain it to Me Like I’m 5: Oauth2 and OpenID
Explain it to Me Like I’m 5: Oauth2 and OpenIDExplain it to Me Like I’m 5: Oauth2 and OpenID
Explain it to Me Like I’m 5: Oauth2 and OpenIDVMware Tanzu
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
The New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise AssessmentThe New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise AssessmentInfocyte
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules CoverageSunny Neo
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Social Engineering the Windows Kernel by James Forshaw
Social Engineering the Windows Kernel by James ForshawSocial Engineering the Windows Kernel by James Forshaw
Social Engineering the Windows Kernel by James ForshawShakacon
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat ModelingDanny Wong
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Not a Security Boundary
Not a Security BoundaryNot a Security Boundary
Not a Security BoundaryWill Schroeder
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01Michael Gough
 
Abusing Symlinks on Windows
Abusing Symlinks on WindowsAbusing Symlinks on Windows
Abusing Symlinks on WindowsOWASP Delhi
 
aclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundaclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundDirkjanMollema
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat HuntingGIBIN JOHN
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsSam Bowne
 
Bypass Security Checking with Frida
Bypass Security Checking with FridaBypass Security Checking with Frida
Bypass Security Checking with FridaSatria Ady Pradana
 
Why monitoring is an analytics problem
Why monitoring is an analytics problemWhy monitoring is an analytics problem
Why monitoring is an analytics problemPhillip Liu
 

Mais conteúdo relacionado

Mais procurados

Explain it to Me Like I’m 5: Oauth2 and OpenID
Explain it to Me Like I’m 5: Oauth2 and OpenIDExplain it to Me Like I’m 5: Oauth2 and OpenID
Explain it to Me Like I’m 5: Oauth2 and OpenIDVMware Tanzu
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
The New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise AssessmentThe New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise AssessmentInfocyte
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules CoverageSunny Neo
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Social Engineering the Windows Kernel by James Forshaw
Social Engineering the Windows Kernel by James ForshawSocial Engineering the Windows Kernel by James Forshaw
Social Engineering the Windows Kernel by James ForshawShakacon
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat ModelingDanny Wong
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Not a Security Boundary
Not a Security BoundaryNot a Security Boundary
Not a Security BoundaryWill Schroeder
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01Michael Gough
 
Abusing Symlinks on Windows
Abusing Symlinks on WindowsAbusing Symlinks on Windows
Abusing Symlinks on WindowsOWASP Delhi
 
aclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundaclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundDirkjanMollema
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat HuntingGIBIN JOHN
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsSam Bowne
 

Mais procurados (20)

Explain it to Me Like I’m 5: Oauth2 and OpenID
Explain it to Me Like I’m 5: Oauth2 and OpenIDExplain it to Me Like I’m 5: Oauth2 and OpenID
Explain it to Me Like I’m 5: Oauth2 and OpenID
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
The New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise AssessmentThe New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise Assessment
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules Coverage
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
 
Social Engineering the Windows Kernel by James Forshaw
Social Engineering the Windows Kernel by James ForshawSocial Engineering the Windows Kernel by James Forshaw
Social Engineering the Windows Kernel by James Forshaw
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat Modeling
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Not a Security Boundary
Not a Security BoundaryNot a Security Boundary
Not a Security Boundary
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active Directory
 
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
 
Abusing Symlinks on Windows
Abusing Symlinks on WindowsAbusing Symlinks on Windows
Abusing Symlinks on Windows
 
aclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundaclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHound
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security Operations
 

Semelhante a Bypass Security Checking with Frida

Bypass Security Checking with Frida
Bypass Security Checking with FridaBypass Security Checking with Frida
Bypass Security Checking with FridaSatria Ady Pradana
 
Why monitoring is an analytics problem
Why monitoring is an analytics problemWhy monitoring is an analytics problem
Why monitoring is an analytics problemPhillip Liu
 
Microservices and Devs in Charge: Why Monitoring is an Analytics Problem
Microservices and Devs in Charge: Why Monitoring is an Analytics ProblemMicroservices and Devs in Charge: Why Monitoring is an Analytics Problem
Microservices and Devs in Charge: Why Monitoring is an Analytics ProblemSignalFx
 
From Reversing to Exploitation
From Reversing to ExploitationFrom Reversing to Exploitation
From Reversing to ExploitationSatria Ady Pradana
 
DEVNET-1010 Using Cisco pxGrid for Security Platform Integration
DEVNET-1010 Using Cisco pxGrid for Security Platform IntegrationDEVNET-1010 Using Cisco pxGrid for Security Platform Integration
DEVNET-1010 Using Cisco pxGrid for Security Platform IntegrationCisco DevNet
 
From Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceFrom Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceSatria Ady Pradana
 
Building Interpretable & Secure AI Systems using PyTorch
Building Interpretable & Secure AI Systems using PyTorchBuilding Interpretable & Secure AI Systems using PyTorch
Building Interpretable & Secure AI Systems using PyTorchgeetachauhan
 
MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsRon Munitz
 
Delivering Infrastructure and Security Policy as Code with Puppet and CyberAr...
Delivering Infrastructure and Security Policy as Code with Puppet and CyberAr...Delivering Infrastructure and Security Policy as Code with Puppet and CyberAr...
Delivering Infrastructure and Security Policy as Code with Puppet and CyberAr...Claire Priester Papas
 
Java Hurdling: Obstacles and Techniques in Java Client Penetration-Testing
Java Hurdling: Obstacles and Techniques in Java Client Penetration-TestingJava Hurdling: Obstacles and Techniques in Java Client Penetration-Testing
Java Hurdling: Obstacles and Techniques in Java Client Penetration-TestingTal Melamed
 
Allegory of the cave(1)
Allegory of the cave(1)Allegory of the cave(1)
Allegory of the cave(1)setuid0
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedYury Chemerkin
 
Agile Secure Development
Agile Secure DevelopmentAgile Secure Development
Agile Secure DevelopmentBosnia Agile
 
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試Secview
 
Making Security Agile
Making Security AgileMaking Security Agile
Making Security AgileOleg Gryb
 
SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia Insurance
SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia InsuranceSplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia Insurance
SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia InsuranceSplunk
 
Secure visual algorithm simulator
Secure visual algorithm simulatorSecure visual algorithm simulator
Secure visual algorithm simulatorPrachi Singhal
 
Test driven development for infrastructure as-a-code, the future trend_Gianfr...
Test driven development for infrastructure as-a-code, the future trend_Gianfr...Test driven development for infrastructure as-a-code, the future trend_Gianfr...
Test driven development for infrastructure as-a-code, the future trend_Gianfr...Katherine Golovinova
 

Semelhante a Bypass Security Checking with Frida (20)

Bypass Security Checking with Frida
Bypass Security Checking with FridaBypass Security Checking with Frida
Bypass Security Checking with Frida
 
Why monitoring is an analytics problem
Why monitoring is an analytics problemWhy monitoring is an analytics problem
Why monitoring is an analytics problem
 
Microservices and Devs in Charge: Why Monitoring is an Analytics Problem
Microservices and Devs in Charge: Why Monitoring is an Analytics ProblemMicroservices and Devs in Charge: Why Monitoring is an Analytics Problem
Microservices and Devs in Charge: Why Monitoring is an Analytics Problem
 
From Reversing to Exploitation
From Reversing to ExploitationFrom Reversing to Exploitation
From Reversing to Exploitation
 
DEVNET-1010 Using Cisco pxGrid for Security Platform Integration
DEVNET-1010 Using Cisco pxGrid for Security Platform IntegrationDEVNET-1010 Using Cisco pxGrid for Security Platform Integration
DEVNET-1010 Using Cisco pxGrid for Security Platform Integration
 
From Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceFrom Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in Essence
 
Building Interpretable & Secure AI Systems using PyTorch
Building Interpretable & Secure AI Systems using PyTorchBuilding Interpretable & Secure AI Systems using PyTorch
Building Interpretable & Secure AI Systems using PyTorch
 
MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android Apps
 
Delivering Infrastructure and Security Policy as Code with Puppet and CyberAr...
Delivering Infrastructure and Security Policy as Code with Puppet and CyberAr...Delivering Infrastructure and Security Policy as Code with Puppet and CyberAr...
Delivering Infrastructure and Security Policy as Code with Puppet and CyberAr...
 
Java Hurdling: Obstacles and Techniques in Java Client Penetration-Testing
Java Hurdling: Obstacles and Techniques in Java Client Penetration-TestingJava Hurdling: Obstacles and Techniques in Java Client Penetration-Testing
Java Hurdling: Obstacles and Techniques in Java Client Penetration-Testing
 
Pentesting iOS Apps
Pentesting iOS AppsPentesting iOS Apps
Pentesting iOS Apps
 
Allegory of the cave(1)
Allegory of the cave(1)Allegory of the cave(1)
Allegory of the cave(1)
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learned
 
Agile Secure Development
Agile Secure DevelopmentAgile Secure Development
Agile Secure Development
 
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
 
Making Security Agile
Making Security AgileMaking Security Agile
Making Security Agile
 
The Hookshot: Runtime Exploitation
The Hookshot: Runtime ExploitationThe Hookshot: Runtime Exploitation
The Hookshot: Runtime Exploitation
 
SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia Insurance
SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia InsuranceSplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia Insurance
SplunkLive! Zurich 2018: The Evolution of Splunk at Helvetia Insurance
 
Secure visual algorithm simulator
Secure visual algorithm simulatorSecure visual algorithm simulator
Secure visual algorithm simulator
 
Test driven development for infrastructure as-a-code, the future trend_Gianfr...
Test driven development for infrastructure as-a-code, the future trend_Gianfr...Test driven development for infrastructure as-a-code, the future trend_Gianfr...
Test driven development for infrastructure as-a-code, the future trend_Gianfr...
 

Mais de Satria Ady Pradana

Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalSatria Ady Pradana
 
MITM: Tales of Trust and Betrayal
MITM: Tales of Trust and BetrayalMITM: Tales of Trust and Betrayal
MITM: Tales of Trust and BetrayalSatria Ady Pradana
 
IoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstIoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstSatria Ady Pradana
 
Silabus Training Reverse Engineering
Silabus Training Reverse EngineeringSilabus Training Reverse Engineering
Silabus Training Reverse EngineeringSatria Ady Pradana
 
Practical Security - Modern Day Software
Practical Security - Modern Day SoftwarePractical Security - Modern Day Software
Practical Security - Modern Day SoftwareSatria Ady Pradana
 
Reverse Engineering: The Crash Course
Reverse Engineering: The Crash CourseReverse Engineering: The Crash Course
Reverse Engineering: The Crash CourseSatria Ady Pradana
 
The Offensive Python: Practical Python for Penetration Testing
The Offensive Python: Practical Python for Penetration TestingThe Offensive Python: Practical Python for Penetration Testing
The Offensive Python: Practical Python for Penetration TestingSatria Ady Pradana
 
Android Security: Art of Exploitation
Android Security: Art of ExploitationAndroid Security: Art of Exploitation
Android Security: Art of ExploitationSatria Ady Pradana
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Satria Ady Pradana
 
Reverse Engineering: Protecting and Breaking the Software (Workshop)
Reverse Engineering: Protecting and Breaking the Software (Workshop)Reverse Engineering: Protecting and Breaking the Software (Workshop)
Reverse Engineering: Protecting and Breaking the Software (Workshop)Satria Ady Pradana
 
Reverse Engineering: Protecting and Breaking the Software
Reverse Engineering: Protecting and Breaking the SoftwareReverse Engineering: Protecting and Breaking the Software
Reverse Engineering: Protecting and Breaking the SoftwareSatria Ady Pradana
 
Memory Forensic: Investigating Memory Artefact (Workshop)
Memory Forensic: Investigating Memory Artefact (Workshop)Memory Forensic: Investigating Memory Artefact (Workshop)
Memory Forensic: Investigating Memory Artefact (Workshop)Satria Ady Pradana
 
Memory Forensic: Investigating Memory Artefact
Memory Forensic: Investigating Memory ArtefactMemory Forensic: Investigating Memory Artefact
Memory Forensic: Investigating Memory ArtefactSatria Ady Pradana
 
Automatic Malware Analysis & Repository
Automatic Malware Analysis & RepositoryAutomatic Malware Analysis & Repository
Automatic Malware Analysis & RepositorySatria Ady Pradana
 

Mais de Satria Ady Pradana (20)

Malware for Red Team
Malware for Red TeamMalware for Red Team
Malware for Red Team
 
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security Professional
 
MITM: Tales of Trust and Betrayal
MITM: Tales of Trust and BetrayalMITM: Tales of Trust and Betrayal
MITM: Tales of Trust and Betrayal
 
Berkarir di Cyber Security
Berkarir di Cyber SecurityBerkarir di Cyber Security
Berkarir di Cyber Security
 
IOT Security FUN-damental
IOT Security FUN-damentalIOT Security FUN-damental
IOT Security FUN-damental
 
IoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstIoT Security - Preparing for the Worst
IoT Security - Preparing for the Worst
 
Silabus Training Reverse Engineering
Silabus Training Reverse EngineeringSilabus Training Reverse Engineering
Silabus Training Reverse Engineering
 
Practical Security - Modern Day Software
Practical Security - Modern Day SoftwarePractical Security - Modern Day Software
Practical Security - Modern Day Software
 
Firmware Reverse Engineering
Firmware Reverse EngineeringFirmware Reverse Engineering
Firmware Reverse Engineering
 
Reverse Engineering: The Crash Course
Reverse Engineering: The Crash CourseReverse Engineering: The Crash Course
Reverse Engineering: The Crash Course
 
The Offensive Python: Practical Python for Penetration Testing
The Offensive Python: Practical Python for Penetration TestingThe Offensive Python: Practical Python for Penetration Testing
The Offensive Python: Practical Python for Penetration Testing
 
Android Security: Art of Exploitation
Android Security: Art of ExploitationAndroid Security: Art of Exploitation
Android Security: Art of Exploitation
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)
 
Reverse Engineering: Protecting and Breaking the Software (Workshop)
Reverse Engineering: Protecting and Breaking the Software (Workshop)Reverse Engineering: Protecting and Breaking the Software (Workshop)
Reverse Engineering: Protecting and Breaking the Software (Workshop)
 
Reverse Engineering: Protecting and Breaking the Software
Reverse Engineering: Protecting and Breaking the SoftwareReverse Engineering: Protecting and Breaking the Software
Reverse Engineering: Protecting and Breaking the Software
 
Memory Forensic: Investigating Memory Artefact (Workshop)
Memory Forensic: Investigating Memory Artefact (Workshop)Memory Forensic: Investigating Memory Artefact (Workshop)
Memory Forensic: Investigating Memory Artefact (Workshop)
 
Memory Forensic: Investigating Memory Artefact
Memory Forensic: Investigating Memory ArtefactMemory Forensic: Investigating Memory Artefact
Memory Forensic: Investigating Memory Artefact
 
Another Side of Hacking
Another Side of HackingAnother Side of Hacking
Another Side of Hacking
 
Automatic Malware Analysis & Repository
Automatic Malware Analysis & RepositoryAutomatic Malware Analysis & Repository
Automatic Malware Analysis & Repository
 
Web Security Jumpstart
Web Security JumpstartWeb Security Jumpstart
Web Security Jumpstart
 

Último

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Último (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

Bypass Security Checking with Frida

  • 2. Hi! I am Satria Ady Pradana Cyber Security Consultant @ Mitra Integrasi Informatika xathrya.sabertooth @xathrya Reversing.ID Revealing the Truth through Breaking Things
  • 3. My problem as Reverser (And Pentester)  I want to analyze some binary, application, or whatever  How it works?  What’s this functions for?  Why they use this solution?  Sometimes I want to know specific part of function.  And sometimes the binary is protected with certain kinds of “magic”  Bypass it? Of course  Btw, I am lazy…
  • 4. Solution (of OldSchool Technique)  Code Injection to alter the behavior  DLL Injection, modify IAT, hook function, etc … Problem:  Too much works!  Need to recreate the DLL for each iteration.
  • 6. What is Frida?  Dynamic instrumentation toolkit  Inspect and instrument live process  Execute instrumentation scripts inside other processes  Multiplatform  Windows, Linux, Mac, iOS, Android, QNX  Open source
  • 7. DBI?  Dynamic Binary Instrumentation  Method of analyzing the behavior of a binary application at runtime through the injection of instrumentation code.  gain insight into the state of an application at various points in execution.  Instrumentation code executes as part of the normal instruction stream after being injected.
  • 8. What can be done in DBI?  Access process memory  Overwrite functions while the application is running  Call functions from imported classes  Find object instance on the heap and use them  Hook, trace, and intercept function.
  • 9. Frida’s Dynamic Nature  JavaScript API for instrumentation script (debugging logic)  With various bindings:  Python  .NET  JavaScript (Node.js)  Qt/Qml  etc
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15. Install Frida (Python)  # python –m pip install Frida  Or  # pip install frida
  • 16. Basics  Attach to process (locally, remotely)  Enumerate modules and threads  Check function call’s arguments  Modify arguments  Modify function
  • 17. Bypassing Security Check In Our Example:  Get Plaintext on Encryption Process  Brute Force PIN  Root Checking  SSL Pinning
  • 18. Get Plaintext on Encryption Process  Concept: To produce a Ciphertext, an encryption process need a plaintext, key, and some other parameters such as Initialization vector.  Bypass: Hook the encryption function and log the plaintext data.
  • 19. Brute Force PIN  Concept: A PIN or password protected binary need a function to compare user-input PIN with the correct one.  Bypass: Hook the checking and force it to return true.
  • 20. Root Checking (Android, iOS)  Concept: Check the presence of several items as result or end of rooting process  Does binary SU exist?  Does apk Superuser exist?  Bypass: Hook the checking and force it to return true.
  • 21. SSL Pinning  Concept: Use a local copy of x509 digital certificate to verify digital certificate provided by server.  Bypass: Hook the checking and force it to return true, regardless the value of provided certificate.
  • 22. Alternative?  PIN:  https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation- tool  DynamoRIO:  http://www.dynamorio.org/ In both cases, you write a code on top of those framework, compile them, and inject the library into the target.