Wartime Pigeons

WARTIME PIGEONS 2022.3.29 OWASP SAITAMA MTG #7, TALK #2

TEXT SESSION FLAGS ▸ ࿥ըɾ࿥Իɾެ։: OK Image by Nico Kaiser
on flickr, CC-BY 2.0

TEXT WHO I AM ▸ Takahiro Yoshimura (@alterakey)   https://keybase.io/alterakey
▸ Monolith Works Inc.   Co-founder, CTO   Security researcher ▸ ໌࣏େֶαΠόʔηΩϡϦςΟݚڀॴ   ٬һݚڀһ

TEXT WHAT I DO ▸ Security research and development ▸
iOS/Android Apps   →Financial, Games, IoT related, etc. (>200)   →trueseeing: Non-decompiling Android Application Vulnerability Scanner [2017] ▸ Windows/Mac/Web/HTML5 Apps   →POS, RAD tools etc. ▸ Network/Web penetration testing   →PCI-DSS etc. ▸ Search engine reconnaissance   (aka. Google Hacking) ▸ Whitebox testing ▸ Forensic analysis

TEXT WHAT I DO ▸ CTF ▸ Enemy10, Sutegoma2 ▸
METI CTFCJ 2012 Qual.: Won ▸ METI CTFCJ 2012: 3rd ▸ DEF CON 21 CTF: 6th ▸ DEF CON 22 OpenCTF: 4th ▸ ൃදɾߨԋͳͲ   DEF CON 25 Demo Labs (2017)   DEF CON 27 AI Village (2019)   CODE BLUE (2017, 2019)   CYDEF (2020) etc. Image by Wiyre Media on flickr, CC-BY 2.0

TEXT BACKGROUND ▸ ϩγΞʹΑΔ΢ΫϥΠφ৵߈ ▸ IT Army of Ukraine  
΢ΫϥΠφ͕ࢦش͢ΔαΠόʔٛ༐܉ ▸ Ճೖཁ݅: ಛʹͳ͠ ▸ ৘ใ఻ୡ: Telegram

TEXT TELEGRAM ▸ Telegram ▸ ϩγΞͰVKΛڵͨ͠Durovܑఋ͕ॻ͍ͨ   IMϓϥοτϑΥʔϜ   →VK͸ϓʔνϯ੓ݖʹ઀ऩ͞ΕɺPavel͕ѹྗ
Λݏͬͯࠃ֎Ҡॅͨ͠ޙɺ࢒ͬͨNikolaiΛۚમ తʹࢧԉ͠MTProto (લ਎) ͕ग़དྷͨ… ▸ ӳࠃόʔδϯॾౡͱυόΠʹHQ͕͋Δ ▸ ӦརΛ໨తͱ͠ͳ͍ɺ͕ͩඇӦརஂମͰ͸ͳ͍

TEXT TELEGRAM ▸ Telegram ▸ L&Fͱͯ͠͸LINEʹ͍ۙ   →ଟ෼ର৅ௌऺ͕͍ۙͷͰ͸ ▸ ೔ຊͰ͸࠮ٗूஂ͕ࢦش໋ྩܥ౷ʹ࠾༻
▸ Self-destruction / E2EE ▸ ௥੻͕೉͍͠ͱ͍͏͜ͱͰݏΘΕΔ ▸ ϓϥοτϑΥʔϜతʹ͸ѱ͍΋ͷͰ͸ͳ͍

TEXT TELEGRAM ▸ Telegram ▸ ҉߸ܥͷܽؕ → Ұ࣌ظ͕͋ͬͨɺݱࡏ͸վम ͞Ε͍ͯΔ (Royal
Holloway/ETH Zurich)   ※੓ݖʹΑΔׯবʹ͍ͭͯ͸৘ใ͕ͳ͍ ▸ ߴ౓ͳ҉߸Խʁˠ E2EE͸ݸਓ͚ؒͩ ▸ ߴ౓ͳಗ໊ੑʁ → ి࿩൪߸ʹඥ෇͚   Self-destruction͸Snapchat/WhatsappͰ΋ ׂͱී௨ʹ͋Δ

TEXT OPEN QUESTIONS ▸ αʔό͸Ͳ͜ʹ͋Δͷ͔ ▸ ੓ݖͷख͕ಧ͘Մೳੑ͸ʁ ▸ ٛ༐܉ͷࢦشʹ଱͑ΔΑ͏ͳ҆શੑͳͷ͔ ▸
Ϣʔβͷ਎ݩׂ͕ΕΔՄೳੑ͸ʁ ▸ Ϣʔβͷपลਓ෺ׂ͕ΕΔՄೳੑ͸ʁ ▸ ཪ੾Γ͔Ͷͳ͍Ӆ͠ػೳͳͲͷଘࡏ͸ʁ Image by ☼☼Jo Zimny Photos☼☼ on flickr, CC-BY-NC-ND 2.0

TEXT TELEGRAM ▸ Telegram ▸ ΫϥΠΞϯτ͸FLOSS (GPL-2) ▸ UI/UX͸ඇৗʹ༏Ε͍ͯΔͱײ͡Δ ▸
αʔό΋౰ॳެ։͢Δͱ͍ͯͨ͠ͷ͕ͩ…   ެ։ʹ޲͚ͨಈ͖͸ࠓͷͱ͜Ζͳ͍

TEXT ANALYSIS ▸ Telegram for Android 8.6.2 (࠷৽) ▸ πʔϧΩοτ
▸ Trueseeing 2.1.2 ▸ github (FLOSSͱ͍͏͜ͱͰ) Swiss Army Knife on black by Edgar Pierce on flickr, CC-BY 2.0

TEXT MANIFEST ANALYSIS ▸ API: 23ʙ (target: 30) ▸ Network
Security Con fi g: ͳ͠ ▸ ݖݶཁٻ: ඇৗʹଟ͍͕ɺ·ͩଥ౰ͳൣғ

TEXT DATACENTER GEOLOCATION ▸ GB:   149.154.175.50:443   2001:b28:f23d:f001:0000:0000:0000:000a:443  
149.154.167.51:443   2001:67c:4e8:f002:0000:0000:0000:000a:443   149.154.175.100:443   2001:b28:f23d:f003:0000:0000:0000:000a:443   149.154.167.91:443   2001:67c:4e8:f004:0000:0000:0000:000a:443   149.154.171.5:443   2001:b28:f23f:f005:0000:0000:0000:000a:443   149.154.175.40:443   2001:b28:f23d:f001:0000:0000:0000:000e:443   149.154.167.40:443   2001:67c:4e8:f002:0000:0000:0000:000e:443   149.154.175.117:443   2001:b28:f23d:f003:0000:0000:0000:000e:443

TEXT DATACENTER GEOLOCATION ▸ NL/GB:   95.161.76.100:443 ▸ Telegram Messenger
Inc (AS62041) ▸ Global Network Management Inc (AG) ; AS31500 ▸ Vodafone Group PLC (GB) ; AS1273 ▸ Telecom Italia S.p.A (IT) ; AS3269 ▸ Amsterdam Internet Exchange B.V. (NL) ; AS6777

TEXT FINDINGS ▸ AS62041ͷ୅දऀ͸Nikolai ▸ ࠃ֎Ҡॅͨ͠ͷ͸ఋͷPavelͷํͳ͸ͣ ▸ Wikipedia͕ؒҧ͍ͬͯΔʁ ▸ ࿐಺ʹ͍ͭͭࠃ֎اۀͷCEOΛ͍ͯ͠Δʁ

TEXT FINDINGS ▸ API: 23ʙ (target: 30)   Network Security
Con fi g: ͳ͠ ▸ TLS interception (API == 23) ▸ ݱ࣌఺ͰAPI 23Λٹࡁ͢Δཧ༝ͱ͸…

TEXT FINDINGS ▸ ฏจ௨৴ ▸ Google Map Directions: ݱࡏ஍ͱߦ͖ઌ͕࿙ ΕΔՄೳੑ

TEXT FINDINGS ▸ ฏจ௨৴ ▸ ͋Δಈըڞ༗αʔϏεΛ࢖༻ͨ͠ࡍʹɺӾཡ ཤྺ͕࿙ΕΔՄೳੑ

TEXT FINDINGS ▸ ฏจ௨৴ ▸ ಺ଂWebViewʹ͓͍ͯMIXED_MODEͷ໌ࣔ త༗ޮԽͷࣔࠦ → Ϛϧ΢ΣΞૠೖՄೳੑ

TEXT REPORTING POLICY? ▸ Issueͷӡ༻͕ͳ͍, PRͷϚʔδ͕ۃ୺ʹগͳ͍   →ಁ໌ͳҹ৅͸ड͚ͳ͍

TEXT FINDINGS ▸ ి࿩൪߸ͷ޿ൣͳ࢖༻ ▸ ͳͥి࿩൪߸ʹؔ࿈෇͚͕ͨΔͷ͔… ▸ ॳظcontactsͷੜ੒

TEXT PHONE NUMBERS AS IDS ▸ ి࿩൪߸ͷ޿ൣͳ࢖༻ ▸ SignalͳͲͰ΋͜ͷ܏޲ ▸
Session͕͜ΕΛഉ͢Δ࣮ݧΛ͍ͯ͠Δ͕…

TEXT TAKEAWAYS ▸ IT ArmyͷࢦشʹTelegram͕࢖༻͞Ε͍ͯΔ ▸ TelegramΫϥΠΞϯτ͸FLOSS ▸ αʔό͸ӳࠃ·ͨ͸Φϥϯμ ▸
໨ཱͬͯ҆શͱ͍͏Θ͚Ͱ͸ͳ͍ ▸ Ή͠Ζएׯͷෆ͕҆࢒Δ   →͍͔ͭ͘ͷ໰୊ɺՃ͑ͯӡӦ͕ෆಁ໌   →ݸਓతʹ͸࢖͍ͨ͘ͳ͍

TEXT TAKEAWAYS ▸ ͲͪΒ͔ͱ͍͑͹Signalͷ΄͏͕͍͍͕… ▸ ి࿩൪߸ʹؔ࿈෇͚Δͷ͸΍Ίͯ΄͍͠

TEXT OPEN QUESTIONS, REVISITED ▸ αʔό͸Ͳ͜ʹ͋Δͷ͔ ▸ ੓ݖͷख͕ಧ͘Մೳੑ͸ʁ → ଟ෼ͳ͍
▸ ٛ༐܉ͷࢦشʹ଱͑ΔΑ͏ͳ҆શੑͳͷ͔ ▸ Ϣʔβͷ਎ݩׂ͕ΕΔՄೳੑ͸ʁˠ͋Δ ▸ Ϣʔβͷपลਓ෺ׂ͕ΕΔՄೳੑ͸ʁˠ͋Δ ▸ ཪ੾Γ͔Ͷͳ͍Ӆ͠ػೳͳͲͷଘࡏ͸ʁ   →ଟ෼ͳ͍ Image by ☼☼Jo Zimny Photos☼☼ on flickr, CC-BY-NC-ND 2.0

FIN. 2022.3.29 TAKAHIRO YOSHIMURA (@ALTERAKEY)

Wartime Pigeons

Wartime Pigeons

Takahiro Yoshimura

More Decks by Takahiro Yoshimura

Other Decks in Technology

Featured

Transcript

WARTIME PIGEONS 2022.3.29 OWASP SAITAMA MTG #7, TALK #2

TEXT SESSION FLAGS ▸ ࿥ըɾ࿥Իɾެ։: OK Image by Nico Kaiser

TEXT WHO I AM ▸ Takahiro Yoshimura (@alterakey)   https://keybase.io/alterakey

TEXT WHAT I DO ▸ Security research and development ▸

TEXT WHAT I DO ▸ CTF ▸ Enemy10, Sutegoma2 ▸

TEXT BACKGROUND ▸ ϩγΞʹΑΔ΢ΫϥΠφ৵߈ ▸ IT Army of Ukraine

TEXT TELEGRAM ▸ Telegram ▸ ϩγΞͰVKΛڵͨ͠Durovܑఋ͕ॻ͍ͨ   IMϓϥοτϑΥʔϜ   →VK͸ϓʔνϯ੓ݖʹ઀ऩ͞ΕɺPavel͕ѹྗ

TEXT TELEGRAM ▸ Telegram ▸ L&Fͱͯ͠͸LINEʹ͍ۙ   →ଟ෼ର৅ௌऺ͕͍ۙͷͰ͸ ▸ ೔ຊͰ͸࠮ٗूஂ͕ࢦش໋ྩܥ౷ʹ࠾༻

TEXT TELEGRAM ▸ Telegram ▸ ҉߸ܥͷܽؕ → Ұ࣌ظ͕͋ͬͨɺݱࡏ͸վम ͞Ε͍ͯΔ (Royal

TEXT OPEN QUESTIONS ▸ αʔό͸Ͳ͜ʹ͋Δͷ͔ ▸ ੓ݖͷख͕ಧ͘Մೳੑ͸ʁ ▸ ٛ༐܉ͷࢦشʹ଱͑ΔΑ͏ͳ҆શੑͳͷ͔ ▸

TEXT TELEGRAM ▸ Telegram ▸ ΫϥΠΞϯτ͸FLOSS (GPL-2) ▸ UI/UX͸ඇৗʹ༏Ε͍ͯΔͱײ͡Δ ▸

TEXT ANALYSIS ▸ Telegram for Android 8.6.2 (࠷৽) ▸ πʔϧΩοτ

TEXT MANIFEST ANALYSIS ▸ API: 23ʙ (target: 30) ▸ Network

TEXT DATACENTER GEOLOCATION ▸ GB:   149.154.175.50:443   2001:b28:f23d:f001:0000:0000:0000:000a:443

TEXT DATACENTER GEOLOCATION ▸ NL/GB:   95.161.76.100:443 ▸ Telegram Messenger

TEXT FINDINGS ▸ AS62041ͷ୅දऀ͸Nikolai ▸ ࠃ֎Ҡॅͨ͠ͷ͸ఋͷPavelͷํͳ͸ͣ ▸ Wikipedia͕ؒҧ͍ͬͯΔʁ ▸ ࿐಺ʹ͍ͭͭࠃ֎اۀͷCEOΛ͍ͯ͠Δʁ

TEXT FINDINGS ▸ API: 23ʙ (target: 30)   Network Security

TEXT FINDINGS ▸ ฏจ௨৴ ▸ Google Map Directions: ݱࡏ஍ͱߦ͖ઌ͕࿙ ΕΔՄೳੑ

TEXT FINDINGS ▸ ฏจ௨৴ ▸ ͋Δಈըڞ༗αʔϏεΛ࢖༻ͨ͠ࡍʹɺӾཡ ཤྺ͕࿙ΕΔՄೳੑ

TEXT FINDINGS ▸ ฏจ௨৴ ▸ ಺ଂWebViewʹ͓͍ͯMIXED_MODEͷ໌ࣔ త༗ޮԽͷࣔࠦ → Ϛϧ΢ΣΞૠೖՄೳੑ

TEXT REPORTING POLICY? ▸ Issueͷӡ༻͕ͳ͍, PRͷϚʔδ͕ۃ୺ʹগͳ͍   →ಁ໌ͳҹ৅͸ड͚ͳ͍

TEXT FINDINGS ▸ ి࿩൪߸ͷ޿ൣͳ࢖༻ ▸ ͳͥి࿩൪߸ʹؔ࿈෇͚͕ͨΔͷ͔… ▸ ॳظcontactsͷੜ੒

TEXT PHONE NUMBERS AS IDS ▸ ి࿩൪߸ͷ޿ൣͳ࢖༻ ▸ SignalͳͲͰ΋͜ͷ܏޲ ▸

TEXT TAKEAWAYS ▸ IT ArmyͷࢦشʹTelegram͕࢖༻͞Ε͍ͯΔ ▸ TelegramΫϥΠΞϯτ͸FLOSS ▸ αʔό͸ӳࠃ·ͨ͸Φϥϯμ ▸

TEXT TAKEAWAYS ▸ ͲͪΒ͔ͱ͍͑͹Signalͷ΄͏͕͍͍͕… ▸ ి࿩൪߸ʹؔ࿈෇͚Δͷ͸΍Ίͯ΄͍͠

TEXT OPEN QUESTIONS, REVISITED ▸ αʔό͸Ͳ͜ʹ͋Δͷ͔ ▸ ੓ݖͷख͕ಧ͘Մೳੑ͸ʁ → ଟ෼ͳ͍

FIN. 2022.3.29 TAKAHIRO YOSHIMURA (@ALTERAKEY)