Mobile Application Security Testing — SEQ.SCIENCE
Team:
- Nils Putnins, Captain, Security Research
- Einars Anspoks, Communication
- Alisher Urunov, Security Research
Resources:
- https://play.google.com/store/apps/details?id=com.touchin.vtb
- https://apps.apple.com/us/app/cifra/id1460672861
- https://cifra.app/
- https://cifra.pw/
Roadmap:
Sunday, October 29, 2019:
- Communication with the client, basic information gathering.
- Decompilation of the APK (1.4.546) and static analysis.
Saturday, 30 November, 2019:
- Gathering OSINT information.
- In-depth application analysis.
Sunday, 01 December, 2019:
- Initialisation of the repository.
- Discovering the services. SSH: "authmethod_is_enabled password".
- Creating an example dump of applications connection between application and API (connection.example).
- Discovered extra API subdomains demo.api.cifra.pw and demo-api.cifra.pw.
Android:
- Using JWT authentication tokens (android.support.v4.media.session.MediaControllerCompat$MediaControllerImplApi21).
- SHA1 usage.
- androidx.appcompat.app.AppCompatViewInflater potential vulnerability (line 82).
- Related to TwilightManager.
- androidx.appcompat.app.J IP address retrieval.
- api.cifra.pw (95.213.182.234)
iPhone:
- Retrieval of certificate.der, GlobalSign RSA DV SSL CA 20180.
Network Discovery:
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4p1 Debian 10+deb9u6 (protocol 2.0)
80/tcp open http Golang net/http server (Go-IPFS json-rpc or InfluxDB API)
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
443/tcp open ssl/http Golang net/http server (Go-IPFS json-rpc or InfluxDB API)
445/tcp filtered microsoft-ds
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
netname: SELECTEL-NET
descr: Selectel SPb
country: RU
admin-c: CMH-RIPE
admin-c: KORS
tech-c: SA32710-RIPE
status: ASSIGNED PA
route: 95.213.182.0/23
descr: SELECTEL-NET
origin: AS49505
mnt-by: MNT-SELECTEL
OSINT:
- iOS: ANGRY DEVELOPERS S.R.L. / Parasca Kirill (k.paraska@modulbank.ru), Parasca Mihail
- https://appfollow.io/ios/cifra/1460672861
- https://appadvice.com/app/cifra/1460672861
- cifrateam@gmail.com
- https://tilda.cc/ -> cifra.app
- https://apkdl.in/app/details?id=com.touchin.vtb
- https://www.linkedin.com/in/alexeevandrei/