Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SECCON2016Yokohama x CEDEC CHALLENGE(totem)
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
totem
September 10, 2016
Programming
0
1.6k
SECCON2016Yokohama x CEDEC CHALLENGE(totem)
SECCON2016横浜 x CEDEC CHALLENGEで発表した資料
ところどころ誤りが存在するのは仕様です(・ω<) テヘペロ
totem
September 10, 2016
Tweet
Share
Other Decks in Programming
See All in Programming
HTTPプロトコル正しく理解していますか? 〜かわいい猫と共に学ぼう。ฅ^•ω•^ฅ ニャ〜
hekuchan
2
690
AIエージェントのキホンから学ぶ「エージェンティックコーディング」実践入門
masahiro_nishimi
6
600
Unicodeどうしてる? PHPから見たUnicode対応と他言語での対応についてのお伺い
youkidearitai
PRO
1
2.6k
CSC307 Lecture 08
javiergs
PRO
0
670
今こそ知るべき耐量子計算機暗号(PQC)入門 / PQC: What You Need to Know Now
mackey0225
3
380
CSC307 Lecture 07
javiergs
PRO
1
560
AI Agent の開発と運用を支える Durable Execution #AgentsInProd
izumin5210
7
2.3k
AI時代のキャリアプラン「技術の引力」からの脱出と「問い」へのいざない / tech-gravity
minodriven
21
7.4k
KIKI_MBSD Cybersecurity Challenges 2025
ikema
0
1.3k
FOSDEM 2026: STUNMESH-go: Building P2P WireGuard Mesh Without Self-Hosted Infrastructure
tjjh89017
0
170
Amazon Bedrockを活用したRAGの品質管理パイプライン構築
tosuri13
5
790
Oxlint JS plugins
kazupon
1
990
Featured
See All Featured
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
16k
Paper Plane (Part 1)
katiecoart
PRO
0
4.3k
The Language of Interfaces
destraynor
162
26k
We Have a Design System, Now What?
morganepeng
54
8k
Building a Modern Day E-commerce SEO Strategy
aleyda
45
8.7k
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
1
330
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
1k
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
rkaga
60
42k
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
220
Unsuck your backbone
ammeep
671
58k
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
150
Fireside Chat
paigeccino
41
3.8k
Transcript
totem(@bbottait) SECCON 2016 × CEDEC CHALLENGE ήʔϜΫϥοΩϯάˍνʔτνϟϨϯδ ௐࠪ݁Ռ
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? • ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅͷґཔ༰ SECCON 2016 x
CEDEC CHALLENGE
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ அ݁Ռ:είΞͷվ͟ΜHPͷෆਖ਼૿Ճ͍͠ ϦεΫ: ͳ͠ Өڹ: ͳ͠
ରԠࡦ: ͳ͠ ݕূڥ: BlueStacks(0.9.30, Android 4.4.2)+ GameGurdian(8.5.6) ॴݟ: ϝϞϦ͕దʹ҉߸Խ͞Ε͍ͯΔͨΊʹɺ ͜ΕΒͷϝϞϦվ͟Μʹର͢Δνʔτ͍͠ SECCON 2016 x CEDEC CHALLENGE
• ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅ݁Ռ அ݁Ռ: ήʔϜຊମͷιʔείʔυͷӾཡՄೳ ϦεΫ: େ Өڹ: తࡒ࢈ͷଛࣦ ରԠࡦ:
ޙड़ ݕূڥ: Android Virtual Device(Nexus5 Android 6.0) ॴݟ: ϦόʔεΤϯδχΞϦϯάରࡦࣗମߦ͍ͬͯΔ ͷͷෆेͰ͋Γɺͬͱదͳରࡦ͕ඞཁͰ͋Δ SECCON 2016 x CEDEC CHALLENGE
• ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅ݁Ռ Assembly-CSharp.dllΛ҉߸Խ ݱঢ়ͷNightMareͷϦόʔεΤϯδχΞϦϯάରࡦ • ϑΝΠϧ͕҉߸Խ͞Ε͍ͯΔͷͷɺ࣮ߦ࣌ʹ෮߸Խ ͞ΕΔͨΊɺιʔείʔυͷӾཡ͕Ͱ͖ͯ͠·͏ SECCON 2016
x CEDEC CHALLENGE
• ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅ݁Ռ ࠶ݱख๏ πʔϧ: - GikDbg.Art ͳͲɺAndroid্ͰgdbΛ͏πʔϧ - foremost
ͳͲɺόΠφϦ͔ΒϑΝΠϧΛ෮ݩ͢Δπʔϧ - ILSpyͳͲɺdllϑΝΠϧ͔ΒC#ιʔείʔυΛ෮ݩ͢Δπʔϧ ख๏: ήʔϜͷϓϩηεΛgdbʹΞλονͯ͠ɺcoreϑΝΠϧΛಘΔ foremostͳͲͷπʔϧͰcoreϑΝΠϧ͔ΒdllϑΝΠϧΛ෮ݩ͢Δ ILSpyͳͲͷπʔϧͰdll͔ΒC#ͷιʔείʔυΛ෮ݩ͢Δ SECCON 2016 x CEDEC CHALLENGE
• ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅ݁Ռ ࠶ݱख๏ͷ࣮ࡍ gdbʹΞϓϦͷϓϩηεΛΞλονͯ͠gcoreͰίΞΠϝʔδΛॻ͖ग़͢ SECCON 2016 x CEDEC CHALLENGE
• ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅ݁Ռ ࠶ݱख๏ͷ࣮ࡍ ͳ͓ɺࠓճϑΥϨϯδοΫπʔϧͰ͋ΔwinHexΛ༻͍ͯͷϑΝΠϧͷ෮ݩ ࢼΈ͕ͨɺͦͪΒࣦഊͨ͠ ಘΒΕͨίΞϑΝΠϧʹforemostΛ༻͍Δ ͢Δͱ্ͷΑ͏ʹdllϑΝΠϧ͕ಘΒΕΔ SECCON 2016
x CEDEC CHALLENGE
• ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅ݁Ռ ࠶ݱख๏ͷ࣮ࡍ dllϑΝΠϧΛILSpyͰ։͘ SECCON 2016 x CEDEC CHALLENGE
• ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅ݁Ռ ରࡦҊ̍ ιʔείʔυࣗମʹࣝผࢠมߋͳͲͷಡԽॲཧΛ͔͚͔ͯΒ҉߸Խ͢Δ ϝϦοτ σϝϦοτ ιʔείʔυ͕ӾཡͰ͖ͯίʔυͷཧղʹ͕͔͔࣌ؒΔΑ͏ʹͳΔ πʔϧͳͲͰखܰʹߦ͑Δ ಡԽ͞Ε͍ͯͯࠜؾ͕͋ΕಡΊͯ͠·͏ͷͰશͳରࡦͱ
ͳΒͳ͍ SECCON 2016 x CEDEC CHALLENGE ίετ
• ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅ݁Ռ ରࡦҊ̎ C#ʹଘࡏ͠ͳ͍ػೳΛILϨΠϠͰهड़͢Δ ϝϦοτ σϝϦοτ σίϯύΠϧՄೳͳͷ͕ILϨΠϠ·ͰͱͳΓɺίʔυࣗମอޢ͞ΕΔ ιʔείʔυͦ͜ӾཡͰ͖ͳ͍ͷͷɺIL·ͩόΠφϦΑΓ ಡΈ͘͢ɺཧղͰ͖ͯ͠·͏
SECCON 2016 x CEDEC CHALLENGE ίετ த
• ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅ݁Ռ ରࡦҊ̏ IL2CppͰίϯύΠϧΛߦͬͯɺ෮ݩՄೳͳILͷঢ়ଶʹ͠ͳ͍ ϝϦοτ σϝϦοτ ιʔείʔυʹ෮ݩ͞ΕΔՄೳੑ͕ͳ͍ ιʔε͕ࣦΘΕΔͨΊɺιʔείʔυߦ୯Ґͷσόοά͕Ͱ͖ͳ͍ MonoͰಈ͍ͯIL2CPPͰಈ͔ͳ͍߹͕͋Δ
SECCON 2016 x CEDEC CHALLENGE ίετ த blogs.unity3d.com ΑΓҾ༻
• ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅ݁Ռ ରࡦҊ·ͱΊ SECCON 2016 x CEDEC CHALLENGE ίετ
ϝϦοτ σϝϦοτ ಡԽ খ খ ILͰهड़ த த খ IL2CPP த େ த ՄೳͰ͋ΕIL2CPPΛબɺͦ͏Ͱͳ͚ΕILͰͷهड़ͱಡԽΛߦ͍͍ͨ
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ ιʔείʔυͷӾཡ͕ՄೳͳΒɺ ιʔεͷॻ͖͑Ͱ্ͷΑ͏ͳνʔτ͕Մೳ͔ʁ SECCON 2016 x
CEDEC CHALLENGE dllͷ෮߸Խॲཧ͕ߦΘΕΔͨΊɺ҉߸Խ͞Εͯͳ͍վdllΛஔͯ͠ಈ͔ͳ͍ ·ͨɺ҉߸Խͷ伴ͷೖख͍͠ ෮߸Խॲཧ෦ʹύονΛͯΔͱ͍͏ख๏͋Δ͕ɺ͍͠ ͪΖΜ͍͕͠ՄೳͰ͋ΔͷͰɺιʔείʔυͷӾཡࣗମΛ͙͖
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE
͍͕͠ɺ෮߸Խॲཧ෦ʹύονΛͯΕՄೳͰ͋Δ ࠶ݱख๏ πʔϧ: - VisualStudio - IDA Pro DEMO - Stirling ͳͲͷόΠφϦΤσΟλ ख๏: VisualStudioͰapkιʔείʔυͷdllΛվ͟Μͯ͠Ϗϧυ IDA Pro ͰɺϑΝΠϧ෮߸Խॲཧ෦Λ୳͠ɺ StirlingͰॻ͖͑Δ
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE
VisualStudioͰείΞΛվ͟Μ͠Ϗϧυ ࠶ݱख๏ͷ࣮ࡍ
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE
IDA ProͰAssembly-CSharpͷಡΈࠐ·ΕΔॴΛಛఆ͠ɺ StirilingͷΑ͏ͳόΠφϦΤσΟλͰcrypt෦Λ nop(Կ͠ͳ͍)ͰຒΊΔ (Demo൛ͰฤूΛอଘͰ͖ͳ͍) ࠶ݱख๏ͷ࣮ࡍ
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE
࠶ݱख๏ͷ࣮ࡍ
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE
࠶ݱख๏ͷ࣮ࡍ
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE
࠶ݱख๏ͷ࣮ࡍ ૬खͷ߈ܸͰମྗ͕ݮࢉ͞ΕΔॲཧΛ Ճࢉʹมߋͯ͠Ϗϧυ͢Δ
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE
࠶ݱख๏ͷ࣮ࡍ HPΛෆਖ਼ʹ૿Ճͤ͞ ෆࢮ
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE
࠶ݱख๏ͷ࣮ࡍ ࣗ༝ʹιʔε͕ॻ͖͑ΒΕΔͷͰHPɺείΞʹݶΒͣ߈ܸྗͷνʔτ ఢͷࣗյͰԿͰࣗ༝ʹͰ͖ͯ͠·͏
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ ରࡦҊ SECCON 2016 x CEDEC
CHALLENGE ιʔείʔυͷӾཡࣗମΛ͙ վ͟ΜݕnopͰ௵͞Εͯͦ͜·ͰޮՌ͕ͳ͍ͷͰ
NightMareͷஅ݁Ռ ࠓޙIL2CPPͰϦόʔεΤϯδχΞϦϯάΛ͖͗ΕΔ͔? SECCON 2016 x CEDEC CHALLENGE IL2CPPͷڧΈ ->
UnityEngine෦ɺIL2CPP෦ɺϢʔβʔίʔυ෦͕શͯStripped Binary -> ͜ΕͰղੳ͕વ͍͠ IL2CPPͷഁΓํ UnityEngine෦ɺIL2CPP෦ʹ͍ͭͯڞ௨෦Ͱ͋ΔͷͰɺಛఆ͕Մೳ ࠓޙ݄͕ܦͭʹ͖ͭɺΞηϯϒϥ͔ΒͲͷ͔ؔಛఆ͞Ε͏ΔΑ͏ʹͳΔ -> ͋ͱϢʔβʔίʔυͷΞηϯϒϥ͚ͩಡΊ͍͍ -> ಛʹUnityEngineʹ͔ͬΔϓϩάϥϜͰ͋Δ͔ΒɺUnityEngineͷͲͷؔΛݺͿ͔Ͱ -> େମͷϓϩάϥϜͷಈ͖͕͔ͬͯ͠·͏ ैདྷͷAnti-Disassembleٕज़(ΨʔϕʔδόΠτͷஔͳͲ)ͱΈ߹Θ͙͖ͤͯ
֤छεςʔλεΛ͡ΊɺશൠతͳηΩϡϦςΟ (νʔτͷՄ൱)ʹ͍ͭͯௐ͍͚ࠪͯͨͩ͠Ε ͱ ࢥ͍·͢ɻ νʔτ͕Ͱ͖Δ߹ɺͦͷख๏ͱରࡦҊ͝ ڭत͍͚ͨͩΕ༗͍Ͱ͢ɻ SUNIDRA2ͷஅͷґཔ༰ SECCON 2016 x
CEDEC CHALLENGE
εςʔδΫϦΞঢ়گٴͼελϛφͷվ͟Μ͕༰қ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ϦεΫ: த Өڹ:
ήʔϜͷण໋ΛॖΊΔ ରԠࡦ: ޙड़ ݕূڥ:Android Virtual Device(Nexus5 Android 6.0) ॴݟ: rootԽͯ͠shared_prefsΛॻ͖͑Δ͚ͩͰग़དྷ ΔͷͰ༰қ
εςʔδΫϦΞঢ়گٴͼελϛφͷվ͟Μ͕༰қ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE վ͟ΜՕॴ
εςʔδΫϦΞঢ়گٴͼελϛφͷվ͟Μ͕༰қ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ πʔϧ: -
rootԽͨ͠Android ख๏: /data/data/com.kenji.seccon.cedec.game/shared_prefs/ com.kenji.seccon.cedec.game.xml ͷstamina_update_timeͷvaluegame_flagɺstaminaͳͲΛฤू͢Δ
εςʔδΫϦΞঢ়گٴͼελϛφͷվ͟Μ͕༰қ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ KeyValueΘ͔Γ͘͢อଘ͞Ε͓ͯΓɺ༰қʹվ͟ΜՄೳ (·ͨɺrootͰͳ͍ͱΞΫηεͰ͖ͳ͍ͱͯ͠ύεϫʔυͷฏจอଘਪ͞Εͳ͍)
(ͪΖΜͦͦrootԽਪͰ͖·ͤΜ!!)
εςʔδΫϦΞঢ়گٴͼελϛφͷվ͟Μ͕༰қ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE νʔτͰͳ͍͕… ύεϫʔυ͕ฏจอଘ͞Ε͍ͯΔ ->
ΞΧϯτϋοΩϯάʹͭͳ͕Δ ख๏ ϑΝΠϧ͔ΒύεϫʔυͱIDΛಡΈग़ͯ͠௨৴͢ΔΞϓϦΛ࡞Γ SUNIDRA2ͷνʔτπʔϧΛ໊ͬͯ͢Δ [rootԽ͍ͯ͠ΔSUNIDRA2ϢʔβʔʹλʔήοτΛߜΕΔ] ରࡦҊ ύεϫʔυΛฏจอଘ͠ͳ͍ ͔͠͠ɺΦʔτίϯϓϦʔτͰύεϫʔυΛิ͢ΔͨΊʹ෮߸ॲཧ͕ΞϓϦʹؚ·ΕΔ -> ϦόʔεΤϯδχΞϦϯάͰ෮߸ॲཧ͕ݟ͚ͭΒΕΔͱഁΒΕΔ ϢʔβʔଆͰrootԽ͠ͳ͍ɺո͍͠πʔϧΛΠϯετʔϧ͠ͳ͍
εςʔδΫϦΞঢ়گٴͼελϛφͷվ͟Μ͕༰қ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ରࡦҊ̍ RootͰήʔϜΛϓϨΠग़དྷͳ͍Α͏ʹઃఆ͢Δ ϝϦοτ
σϝϦοτ ଞͷνʔτͷରࡦͱͯ͠ػೳ͢Δ RootͰxml͕ฤूͰ͖ɺ͔ͭΞϓϦଆ͔ΒrootͰͳ͍Α ͏ʹݟ͑ΔΑ͏ʹઃఆͰ͖ΔͷͰޮՌݶఆత ίετ த
εςʔδΫϦΞঢ়گٴͼελϛφͷվ͟Μ͕༰қ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ରࡦҊ̎ xmlʹ֨ೲ͢ΔσʔλΛ҉߸Խ͢Δ+ϋογϡͰվ͟Μݕ ϝϦοτ
σϝϦοτ σʔλͷվ͟Μ͕͘͠ͳΔ ελϛφͳͲɺϋογϡʹΑΔվ͟ΜݕΛؚΊͨͱͯɺ ͱͦͷ࣌ͷϋογϡΛه͢Δ͜ͱͰɺϋογϡؚΊ վ͟Μ͢Δ͜ͱͰվ͟ΜݕΛճආͰ͖ͯ͠·͏ ίετ த
εςʔδΫϦΞঢ়گٴͼελϛφͷվ͟Μ͕༰қ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ରࡦҊ̏ ͦͦʹͦ͏͍ͬͨσʔλΛอଘ͠ͳ͍ ϝϦοτ
σϝϦοτ ϩʔΧϧσʔλͷվ͟ΜΛશʹ્ࢭͰ͖Δ ௨৴ྔ͕େ͖͘ͳͬͯ͠·͏ αʔόʔͱͷ௨৴ؒνʔτʹϦεΫ͕ूத͢Δ ίετ த
SUNIDRA2ͷஅ݁Ռ ରࡦҊ·ͱΊ SECCON 2016 x CEDEC CHALLENGE ίετ ϝϦοτ σϝϦοτ
Rootରࡦ த த খ ҉߸Խ +վ͟Μݕ த த খ σʔλͷҠৡ த େ த RootରࡦޮՌݶఆత͕ͩߦ͏͖ɺԼ2ͭͷରࡦΞϓϦʹԠͯ͡બ εςʔδΫϦΞঢ়گٴͼελϛφͷվ͟Μ͕༰қ
ΞϓϦىಈ࣌ʹωοτϫʔΫ͕ෆ௨ͷ߹ɺ ϩάΠϯޙͷ௨৴͕ෆೳʹͳΔ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ϦεΫ: ࢀߟఔ
Өڹ: ϢʔβʔͷࠞཚΛট͘ ରԠࡦ: ޙड़ ݕূڥ:Android Virtual Device(Nexus5 Android 6.0) ॴݟ: ޙड़ͷνʔτํ๏Λࢥ͍ͭ͘ख͕͔ΓͱͳΓಘΔ
ΞϓϦىಈ࣌ʹωοτϫʔΫ͕ෆ௨ͷ߹ɺ ϩάΠϯޙͷ௨৴͕ෆೳʹͳΔ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ πʔϧ:
- /etc/hostsͷॻ͖͑ΒΕͨAndroid - burp suite ͳͲͷϓϩΩγπʔϧ ख๏: BurpͰΞϓϦىಈ࣌ʹߦΘΕΔ௨৴Ͱbodyʹcodeͱ͍͏key͕͋Δ ϦΫΤετΛDrop͢Δ
ΞϓϦىಈ࣌ʹωοτϫʔΫ͕ෆ௨ͷ߹ɺ ϩάΠϯޙͷ௨৴͕ෆೳʹͳΔ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ ͜ΕΛDrop͢Δ
ΞϓϦىಈ࣌ʹωοτϫʔΫ͕ෆ௨ͷ߹ɺ ϩάΠϯޙͷ௨৴͕ෆೳʹͳΔ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ 2Dը໘ͱભҠ͠ɺΞΠίϯͷλοϓɺ
ఢͱͷ৮ʹؔΘΒͣ௨৴͕ੜͣ͡3DγʔϯͷҠߦͳ͍
SUNIDRA2ͷஅ݁Ռ ରࡦҊ codeͷ௨৴ΛϩάΠϯͷϘλϯΛԡͨ͠ޙͷॲཧͱҠ͢ ϝϦοτ σϝϦοτ codeͷ௨৴ͰΤϥʔ͕ੜͯ͡ϩάΠϯॲཧͷࣦഊͱͯ͠ද ࣔͰ͖ɺϢʔβʔ͕ࠞཚͤͣʹcodeͷ௨৴Λޭͤ͞ΒΕΔ ಛʹͳ͠ SECCON 2016
x CEDEC CHALLENGE ίετ ΞϓϦىಈ࣌ʹωοτϫʔΫ͕ෆ௨ͷ߹ɺ ϩάΠϯޙͷ௨৴͕ෆೳʹͳΔ
μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ϦεΫ: େ Өڹ:
ήʔϜόϥϯεͷ่յɺήʔϜͷण໋ΛॖΊΔ ରԠࡦ: ޙड़ ݕূڥ:Android Virtual Device(Nexus5 Android 6.0) ॴݟ: ্࣮ͷෆඋ͔Β͔ɺϩʔΧϧͰͷΈμΠϠੴΛ500 ݸʹ૿͢͜ͱ͕Ͱ͖Δ ੴʹର͠՝ۚͳͲΛ՝͢߹ɺ՝ۚγεςϜ่͕յ͢Δ (μΠϠੴͷվ͟ΜʹΑͬͯΓ3ύϥϝʔλͷνʔτ)
μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE (μΠϠੴͷվ͟ΜʹΑͬͯΓ3ύϥϝʔλͷνʔτ) վ͟ΜՕॴ
Ұͭલͷͱ߹ΘͤΔͱ 2Dը໘ͷύϥϝʔλ͍ͣΕνʔτ͠͏Δ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE վ͟ΜՕॴ
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ πʔϧ: - /etc/hostsͷॻ͖͑ΒΕͨAndroid
- burp suite ͳͲͷϓϩΩγπʔϧ ख๏: ϓϩΩγπʔϧͰ௨৴Λվ͟Μ͢Δ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE SUNIDRA2ͷ௨৴ͷྲྀΕ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ࣝผͷσʔλʁ ϩάΠϯͷॲཧ
ϢʔβʔͷύϥϝʔλΛऔͬͯ͘Δॲཧ Ҏ߱ήʔϜͷॲཧ ͳ͓ɺσʔλ҉߸Խ͞Ε͓ͯΓɺվ͟Μ͍͠
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ࣝผͷσʔλʁ ϩάΠϯͷॲཧ
ϢʔβʔͷύϥϝʔλΛऔͬͯ͘Δॲཧ ͜ͷ௨৴ΛDropͯ͠Δ
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ্࣮ͷෆඋ͔Β͔ɺ߈ܸྗɺମྗɺίΠϯ͕ॳظɺμΠϠੴ͕500ͱ͍͏ঢ়ଶʹͳΔ
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ߈ܸྗUpɺମྗUpͳͲͷϦΫΤετ Success
or Fail ͷݕূ ੴͷݸͰϦΫΤετ੍ݶ
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ૹ৴͞ΕΔϦΫΤετsession idͱ҉߸Խ͞Εͨσʔλ
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ αʔόʔଆͷͷݕূʹҾ͔͔ͬΔͱ ্ͷΑ͏ʹϨεϙϯε͕ฦΓɺΞϓϦ͕ఀࢭ͢Δ(Dropͯ͠ಉ༷ʹఀࢭ͢Δ)
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ҰํϦΫΤετ͕ਖ਼ৗʹॲཧ͞ΕΔͱ succeed{session}ͷΑ͏ʹϨεϙϯε͕ฦΔ
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ߈ܸྗUpɺମྗUpͳͲͷϦΫΤετ Success
or Fail ਖ਼نαʔόʔ ࣮ͷෆඋͰੴ500ί ௨ৗ͜͜ͰFailΛฦ͢͜ͱʹΑͬͯվ͟Μࢭ
SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ਖ਼نαʔόʔ ࣮ͷෆඋͰੴ500ί ߈ܸྗUpɺମྗUpͳͲͷϦΫΤετ
ѱҙ͋Δαʔό ͷݕূΛߦΘͣɺৗʹsuccessΛฦ͢ ※αʔόʔҙ͕ͩɺࠓճnode.jsΛ༻͍ͨ Ϧ μ Π Ϩ Ϋ τ SUNIDRA2ͷஅ݁Ռ
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ِͨ͠Ϩεϙϯεӈ(node.jsͷExpressΛ༻͍ͯ͠Δ)
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ߈ܸྗମྗ͜ͷΑ͏ʹվ͟ΜՄೳ
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ίΠϯಉ༷ʹͯ͠վ͟ΜՄೳ
SUNIDRA2ͷஅ݁Ռ ରࡦҊ̍ εςʔλεΛड͚औΒͳ͍ঢ়ଶͰͷμΠϠੴΛ0ίʹ͓ͯ͘͠ ϝϦοτ σϝϦοτ ௨৴ΛDrop͞Εͨ߹ͰμΠϠੴͷෆਖ਼Λࢭ͢Δ ࣮ͷෆඋͷగਖ਼ ಛʹͳ͠ SECCON 2016
x CEDEC CHALLENGE μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ίετ
SUNIDRA2ͷஅ݁Ռ ରࡦҊ̎ ϩάΠϯ࣌ʹμΠϠੴ߈ܸྗͳͲͷεςʔλεΛड͚औΔΑ͏ʹ͢Δ ϝϦοτ σϝϦοτ ࣮ͷෆඋ͕ଘࡏ͍ͯͯ͠ɺෆਖ਼Λࢭ͢Δ͜ͱ͕Ͱ͖Δ ಛʹͳ͠ SECCON 2016 x
CEDEC CHALLENGE μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ίετ
SUNIDRA2ͷஅ݁Ռ ରࡦҊ̏ ௨৴ͷresponseSuccess{session}͚ͩͰແ͘ɺ࣌ࠁͳͲΛมԽ ͢ΔΛՃ্ͨ͠Ͱ҉߸ԽΛߦ͏ ϝϦοτ σϝϦοτ Ϩεϙϯεͷِ͕ඇৗʹ͘͠ͳΔ ॲཧ͕૿͑ΔͨΊ͕མͪΔ SECCON 2016
x CEDEC CHALLENGE μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ίετ த
SUNIDRA2ͷஅ݁Ռ ରࡦҊ·ͱΊ SECCON 2016 x CEDEC CHALLENGE ίετ ϝϦοτ σϝϦοτ
࣮ͷෆඋͷగਖ਼ த ಛʹͳ͠ ௨৴λΠϛϯά ͷվળ த ಛʹͳ͠ responseͷ҉߸Խ த த খ ͍ͣΕিಥ͠ͳ͍ͷͰׂ͚ΔίετʹԠͯ͡ߦ͏͖ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ