Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SECCON2016Yokohama x CEDEC CHALLENGE(totem)
Search
totem
September 10, 2016
Programming
0
1.5k
SECCON2016Yokohama x CEDEC CHALLENGE(totem)
SECCON2016横浜 x CEDEC CHALLENGEで発表した資料
ところどころ誤りが存在するのは仕様です(・ω<) テヘペロ
totem
September 10, 2016
Tweet
Share
Other Decks in Programming
See All in Programming
Ruby GitHub Packages
bkuhlmann
0
620
StreamlitとTerraformでデータカタログを作った話
gussan0223
0
300
VSCodeでのDatabricks開発もお勧めしたい/I would also recommend Databricks development with VSCode.
kazumain
0
240
Rails と人魚の話/rails-and-mermaid
sanfrecce_osaka
0
100
入門 AWS Amplify Gen2 / Introduction to AWS Amplify Gen2
genkiogasawara
1
310
スクラムガイドのスプリントレトロスペクティブを改めて読みかえしてみた / Re-reading the Sprint Retrospective Section in the Scrum Guide
mackey0225
3
330
Elm 0.19.0 Changes
bkuhlmann
0
480
pixivアプリでマルチモジュールを実現するまで
gatosyocora
1
130
Site Reliability Engineering for GMO
pyama86
6
940
Doctrine ORMでValue Objectを扱う方法4選 #phpstudy / 4 ways to handle Value Objects with Doctrine ORM
77web
4
110
両面どころかインフラもTSでできるよ ~ 全方位TypeScriptによるプロダクト開発 ~
myfinder
9
3.2k
Ruby Function Composition
bkuhlmann
1
330
Featured
See All Featured
Visualization
eitanlees
135
14k
The Language of Interfaces
destraynor
151
23k
Creatively Recalculating Your Daily Design Routine
revolveconf
209
11k
Navigating Team Friction
lara
177
13k
Building a Modern Day E-commerce SEO Strategy
aleyda
16
6.4k
BBQ
matthewcrist
80
8.7k
Large-scale JavaScript Application Architecture
addyosmani
503
110k
Web Components: a chance to create the future
zenorocha
305
41k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
6
990
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
12
1.5k
The Pragmatic Product Professional
lauravandoore
24
5.8k
Reflections from 52 weeks, 52 projects
jeffersonlam
344
19k
Transcript
totem(@bbottait) SECCON 2016 × CEDEC CHALLENGE ήʔϜΫϥοΩϯάˍνʔτνϟϨϯδ ௐࠪ݁Ռ
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? • ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅͷґཔ༰ SECCON 2016 x
CEDEC CHALLENGE
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ அ݁Ռ:είΞͷվ͟ΜHPͷෆਖ਼૿Ճ͍͠ ϦεΫ: ͳ͠ Өڹ: ͳ͠
ରԠࡦ: ͳ͠ ݕূڥ: BlueStacks(0.9.30, Android 4.4.2)+ GameGurdian(8.5.6) ॴݟ: ϝϞϦ͕దʹ҉߸Խ͞Ε͍ͯΔͨΊʹɺ ͜ΕΒͷϝϞϦվ͟Μʹର͢Δνʔτ͍͠ SECCON 2016 x CEDEC CHALLENGE
• ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅ݁Ռ அ݁Ռ: ήʔϜຊମͷιʔείʔυͷӾཡՄೳ ϦεΫ: େ Өڹ: తࡒ࢈ͷଛࣦ ରԠࡦ:
ޙड़ ݕূڥ: Android Virtual Device(Nexus5 Android 6.0) ॴݟ: ϦόʔεΤϯδχΞϦϯάରࡦࣗମߦ͍ͬͯΔ ͷͷෆेͰ͋Γɺͬͱదͳରࡦ͕ඞཁͰ͋Δ SECCON 2016 x CEDEC CHALLENGE
• ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅ݁Ռ Assembly-CSharp.dllΛ҉߸Խ ݱঢ়ͷNightMareͷϦόʔεΤϯδχΞϦϯάରࡦ • ϑΝΠϧ͕҉߸Խ͞Ε͍ͯΔͷͷɺ࣮ߦ࣌ʹ෮߸Խ ͞ΕΔͨΊɺιʔείʔυͷӾཡ͕Ͱ͖ͯ͠·͏ SECCON 2016
x CEDEC CHALLENGE
• ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅ݁Ռ ࠶ݱख๏ πʔϧ: - GikDbg.Art ͳͲɺAndroid্ͰgdbΛ͏πʔϧ - foremost
ͳͲɺόΠφϦ͔ΒϑΝΠϧΛ෮ݩ͢Δπʔϧ - ILSpyͳͲɺdllϑΝΠϧ͔ΒC#ιʔείʔυΛ෮ݩ͢Δπʔϧ ख๏: ήʔϜͷϓϩηεΛgdbʹΞλονͯ͠ɺcoreϑΝΠϧΛಘΔ foremostͳͲͷπʔϧͰcoreϑΝΠϧ͔ΒdllϑΝΠϧΛ෮ݩ͢Δ ILSpyͳͲͷπʔϧͰdll͔ΒC#ͷιʔείʔυΛ෮ݩ͢Δ SECCON 2016 x CEDEC CHALLENGE
• ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅ݁Ռ ࠶ݱख๏ͷ࣮ࡍ gdbʹΞϓϦͷϓϩηεΛΞλονͯ͠gcoreͰίΞΠϝʔδΛॻ͖ग़͢ SECCON 2016 x CEDEC CHALLENGE
• ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅ݁Ռ ࠶ݱख๏ͷ࣮ࡍ ͳ͓ɺࠓճϑΥϨϯδοΫπʔϧͰ͋ΔwinHexΛ༻͍ͯͷϑΝΠϧͷ෮ݩ ࢼΈ͕ͨɺͦͪΒࣦഊͨ͠ ಘΒΕͨίΞϑΝΠϧʹforemostΛ༻͍Δ ͢Δͱ্ͷΑ͏ʹdllϑΝΠϧ͕ಘΒΕΔ SECCON 2016
x CEDEC CHALLENGE
• ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅ݁Ռ ࠶ݱख๏ͷ࣮ࡍ dllϑΝΠϧΛILSpyͰ։͘ SECCON 2016 x CEDEC CHALLENGE
• ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅ݁Ռ ରࡦҊ̍ ιʔείʔυࣗମʹࣝผࢠมߋͳͲͷಡԽॲཧΛ͔͚͔ͯΒ҉߸Խ͢Δ ϝϦοτ σϝϦοτ ιʔείʔυ͕ӾཡͰ͖ͯίʔυͷཧղʹ͕͔͔࣌ؒΔΑ͏ʹͳΔ πʔϧͳͲͰखܰʹߦ͑Δ ಡԽ͞Ε͍ͯͯࠜؾ͕͋ΕಡΊͯ͠·͏ͷͰશͳରࡦͱ
ͳΒͳ͍ SECCON 2016 x CEDEC CHALLENGE ίετ
• ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅ݁Ռ ରࡦҊ̎ C#ʹଘࡏ͠ͳ͍ػೳΛILϨΠϠͰهड़͢Δ ϝϦοτ σϝϦοτ σίϯύΠϧՄೳͳͷ͕ILϨΠϠ·ͰͱͳΓɺίʔυࣗମอޢ͞ΕΔ ιʔείʔυͦ͜ӾཡͰ͖ͳ͍ͷͷɺIL·ͩόΠφϦΑΓ ಡΈ͘͢ɺཧղͰ͖ͯ͠·͏
SECCON 2016 x CEDEC CHALLENGE ίετ த
• ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅ݁Ռ ରࡦҊ̏ IL2CppͰίϯύΠϧΛߦͬͯɺ෮ݩՄೳͳILͷঢ়ଶʹ͠ͳ͍ ϝϦοτ σϝϦοτ ιʔείʔυʹ෮ݩ͞ΕΔՄೳੑ͕ͳ͍ ιʔε͕ࣦΘΕΔͨΊɺιʔείʔυߦ୯Ґͷσόοά͕Ͱ͖ͳ͍ MonoͰಈ͍ͯIL2CPPͰಈ͔ͳ͍߹͕͋Δ
SECCON 2016 x CEDEC CHALLENGE ίετ த blogs.unity3d.com ΑΓҾ༻
• ήʔϜຊମͷιʔείʔυΛӾཡͰ͖Δ͔? NightMareͷஅ݁Ռ ରࡦҊ·ͱΊ SECCON 2016 x CEDEC CHALLENGE ίετ
ϝϦοτ σϝϦοτ ಡԽ খ খ ILͰهड़ த த খ IL2CPP த େ த ՄೳͰ͋ΕIL2CPPΛબɺͦ͏Ͱͳ͚ΕILͰͷهड़ͱಡԽΛߦ͍͍ͨ
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ ιʔείʔυͷӾཡ͕ՄೳͳΒɺ ιʔεͷॻ͖͑Ͱ্ͷΑ͏ͳνʔτ͕Մೳ͔ʁ SECCON 2016 x
CEDEC CHALLENGE dllͷ෮߸Խॲཧ͕ߦΘΕΔͨΊɺ҉߸Խ͞Εͯͳ͍վdllΛஔͯ͠ಈ͔ͳ͍ ·ͨɺ҉߸Խͷ伴ͷೖख͍͠ ෮߸Խॲཧ෦ʹύονΛͯΔͱ͍͏ख๏͋Δ͕ɺ͍͠ ͪΖΜ͍͕͠ՄೳͰ͋ΔͷͰɺιʔείʔυͷӾཡࣗମΛ͙͖
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE
͍͕͠ɺ෮߸Խॲཧ෦ʹύονΛͯΕՄೳͰ͋Δ ࠶ݱख๏ πʔϧ: - VisualStudio - IDA Pro DEMO - Stirling ͳͲͷόΠφϦΤσΟλ ख๏: VisualStudioͰapkιʔείʔυͷdllΛվ͟Μͯ͠Ϗϧυ IDA Pro ͰɺϑΝΠϧ෮߸Խॲཧ෦Λ୳͠ɺ StirlingͰॻ͖͑Δ
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE
VisualStudioͰείΞΛվ͟Μ͠Ϗϧυ ࠶ݱख๏ͷ࣮ࡍ
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE
IDA ProͰAssembly-CSharpͷಡΈࠐ·ΕΔॴΛಛఆ͠ɺ StirilingͷΑ͏ͳόΠφϦΤσΟλͰcrypt෦Λ nop(Կ͠ͳ͍)ͰຒΊΔ (Demo൛ͰฤूΛอଘͰ͖ͳ͍) ࠶ݱख๏ͷ࣮ࡍ
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE
࠶ݱख๏ͷ࣮ࡍ
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE
࠶ݱख๏ͷ࣮ࡍ
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE
࠶ݱख๏ͷ࣮ࡍ ૬खͷ߈ܸͰମྗ͕ݮࢉ͞ΕΔॲཧΛ Ճࢉʹมߋͯ͠Ϗϧυ͢Δ
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE
࠶ݱख๏ͷ࣮ࡍ HPΛෆਖ਼ʹ૿Ճͤ͞ ෆࢮ
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE
࠶ݱख๏ͷ࣮ࡍ ࣗ༝ʹιʔε͕ॻ͖͑ΒΕΔͷͰHPɺείΞʹݶΒͣ߈ܸྗͷνʔτ ఢͷࣗյͰԿͰࣗ༝ʹͰ͖ͯ͠·͏
• είΞͷվ͟ΜͰ͖Δ͔? • HPΛෆਖ਼ʹ૿ՃͰ͖Δ͔? NightMareͷஅ݁Ռ ରࡦҊ SECCON 2016 x CEDEC
CHALLENGE ιʔείʔυͷӾཡࣗମΛ͙ վ͟ΜݕnopͰ௵͞Εͯͦ͜·ͰޮՌ͕ͳ͍ͷͰ
NightMareͷஅ݁Ռ ࠓޙIL2CPPͰϦόʔεΤϯδχΞϦϯάΛ͖͗ΕΔ͔? SECCON 2016 x CEDEC CHALLENGE IL2CPPͷڧΈ ->
UnityEngine෦ɺIL2CPP෦ɺϢʔβʔίʔυ෦͕શͯStripped Binary -> ͜ΕͰղੳ͕વ͍͠ IL2CPPͷഁΓํ UnityEngine෦ɺIL2CPP෦ʹ͍ͭͯڞ௨෦Ͱ͋ΔͷͰɺಛఆ͕Մೳ ࠓޙ݄͕ܦͭʹ͖ͭɺΞηϯϒϥ͔ΒͲͷ͔ؔಛఆ͞Ε͏ΔΑ͏ʹͳΔ -> ͋ͱϢʔβʔίʔυͷΞηϯϒϥ͚ͩಡΊ͍͍ -> ಛʹUnityEngineʹ͔ͬΔϓϩάϥϜͰ͋Δ͔ΒɺUnityEngineͷͲͷؔΛݺͿ͔Ͱ -> େମͷϓϩάϥϜͷಈ͖͕͔ͬͯ͠·͏ ैདྷͷAnti-Disassembleٕज़(ΨʔϕʔδόΠτͷஔͳͲ)ͱΈ߹Θ͙͖ͤͯ
֤छεςʔλεΛ͡ΊɺશൠతͳηΩϡϦςΟ (νʔτͷՄ൱)ʹ͍ͭͯௐ͍͚ࠪͯͨͩ͠Ε ͱ ࢥ͍·͢ɻ νʔτ͕Ͱ͖Δ߹ɺͦͷख๏ͱରࡦҊ͝ ڭत͍͚ͨͩΕ༗͍Ͱ͢ɻ SUNIDRA2ͷஅͷґཔ༰ SECCON 2016 x
CEDEC CHALLENGE
εςʔδΫϦΞঢ়گٴͼελϛφͷվ͟Μ͕༰қ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ϦεΫ: த Өڹ:
ήʔϜͷण໋ΛॖΊΔ ରԠࡦ: ޙड़ ݕূڥ:Android Virtual Device(Nexus5 Android 6.0) ॴݟ: rootԽͯ͠shared_prefsΛॻ͖͑Δ͚ͩͰग़དྷ ΔͷͰ༰қ
εςʔδΫϦΞঢ়گٴͼελϛφͷվ͟Μ͕༰қ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE վ͟ΜՕॴ
εςʔδΫϦΞঢ়گٴͼελϛφͷվ͟Μ͕༰қ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ πʔϧ: -
rootԽͨ͠Android ख๏: /data/data/com.kenji.seccon.cedec.game/shared_prefs/ com.kenji.seccon.cedec.game.xml ͷstamina_update_timeͷvaluegame_flagɺstaminaͳͲΛฤू͢Δ
εςʔδΫϦΞঢ়گٴͼελϛφͷվ͟Μ͕༰қ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ KeyValueΘ͔Γ͘͢อଘ͞Ε͓ͯΓɺ༰қʹվ͟ΜՄೳ (·ͨɺrootͰͳ͍ͱΞΫηεͰ͖ͳ͍ͱͯ͠ύεϫʔυͷฏจอଘਪ͞Εͳ͍)
(ͪΖΜͦͦrootԽਪͰ͖·ͤΜ!!)
εςʔδΫϦΞঢ়گٴͼελϛφͷվ͟Μ͕༰қ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE νʔτͰͳ͍͕… ύεϫʔυ͕ฏจอଘ͞Ε͍ͯΔ ->
ΞΧϯτϋοΩϯάʹͭͳ͕Δ ख๏ ϑΝΠϧ͔ΒύεϫʔυͱIDΛಡΈग़ͯ͠௨৴͢ΔΞϓϦΛ࡞Γ SUNIDRA2ͷνʔτπʔϧΛ໊ͬͯ͢Δ [rootԽ͍ͯ͠ΔSUNIDRA2ϢʔβʔʹλʔήοτΛߜΕΔ] ରࡦҊ ύεϫʔυΛฏจอଘ͠ͳ͍ ͔͠͠ɺΦʔτίϯϓϦʔτͰύεϫʔυΛิ͢ΔͨΊʹ෮߸ॲཧ͕ΞϓϦʹؚ·ΕΔ -> ϦόʔεΤϯδχΞϦϯάͰ෮߸ॲཧ͕ݟ͚ͭΒΕΔͱഁΒΕΔ ϢʔβʔଆͰrootԽ͠ͳ͍ɺո͍͠πʔϧΛΠϯετʔϧ͠ͳ͍
εςʔδΫϦΞঢ়گٴͼελϛφͷվ͟Μ͕༰қ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ରࡦҊ̍ RootͰήʔϜΛϓϨΠग़དྷͳ͍Α͏ʹઃఆ͢Δ ϝϦοτ
σϝϦοτ ଞͷνʔτͷରࡦͱͯ͠ػೳ͢Δ RootͰxml͕ฤूͰ͖ɺ͔ͭΞϓϦଆ͔ΒrootͰͳ͍Α ͏ʹݟ͑ΔΑ͏ʹઃఆͰ͖ΔͷͰޮՌݶఆత ίετ த
εςʔδΫϦΞঢ়گٴͼελϛφͷվ͟Μ͕༰қ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ରࡦҊ̎ xmlʹ֨ೲ͢ΔσʔλΛ҉߸Խ͢Δ+ϋογϡͰվ͟Μݕ ϝϦοτ
σϝϦοτ σʔλͷվ͟Μ͕͘͠ͳΔ ελϛφͳͲɺϋογϡʹΑΔվ͟ΜݕΛؚΊͨͱͯɺ ͱͦͷ࣌ͷϋογϡΛه͢Δ͜ͱͰɺϋογϡؚΊ վ͟Μ͢Δ͜ͱͰվ͟ΜݕΛճආͰ͖ͯ͠·͏ ίετ த
εςʔδΫϦΞঢ়گٴͼελϛφͷվ͟Μ͕༰қ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ରࡦҊ̏ ͦͦʹͦ͏͍ͬͨσʔλΛอଘ͠ͳ͍ ϝϦοτ
σϝϦοτ ϩʔΧϧσʔλͷվ͟ΜΛશʹ્ࢭͰ͖Δ ௨৴ྔ͕େ͖͘ͳͬͯ͠·͏ αʔόʔͱͷ௨৴ؒνʔτʹϦεΫ͕ूத͢Δ ίετ த
SUNIDRA2ͷஅ݁Ռ ରࡦҊ·ͱΊ SECCON 2016 x CEDEC CHALLENGE ίετ ϝϦοτ σϝϦοτ
Rootରࡦ த த খ ҉߸Խ +վ͟Μݕ த த খ σʔλͷҠৡ த େ த RootରࡦޮՌݶఆత͕ͩߦ͏͖ɺԼ2ͭͷରࡦΞϓϦʹԠͯ͡બ εςʔδΫϦΞঢ়گٴͼελϛφͷվ͟Μ͕༰қ
ΞϓϦىಈ࣌ʹωοτϫʔΫ͕ෆ௨ͷ߹ɺ ϩάΠϯޙͷ௨৴͕ෆೳʹͳΔ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ϦεΫ: ࢀߟఔ
Өڹ: ϢʔβʔͷࠞཚΛট͘ ରԠࡦ: ޙड़ ݕূڥ:Android Virtual Device(Nexus5 Android 6.0) ॴݟ: ޙड़ͷνʔτํ๏Λࢥ͍ͭ͘ख͕͔ΓͱͳΓಘΔ
ΞϓϦىಈ࣌ʹωοτϫʔΫ͕ෆ௨ͷ߹ɺ ϩάΠϯޙͷ௨৴͕ෆೳʹͳΔ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ πʔϧ:
- /etc/hostsͷॻ͖͑ΒΕͨAndroid - burp suite ͳͲͷϓϩΩγπʔϧ ख๏: BurpͰΞϓϦىಈ࣌ʹߦΘΕΔ௨৴Ͱbodyʹcodeͱ͍͏key͕͋Δ ϦΫΤετΛDrop͢Δ
ΞϓϦىಈ࣌ʹωοτϫʔΫ͕ෆ௨ͷ߹ɺ ϩάΠϯޙͷ௨৴͕ෆೳʹͳΔ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ ͜ΕΛDrop͢Δ
ΞϓϦىಈ࣌ʹωοτϫʔΫ͕ෆ௨ͷ߹ɺ ϩάΠϯޙͷ௨৴͕ෆೳʹͳΔ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ 2Dը໘ͱભҠ͠ɺΞΠίϯͷλοϓɺ
ఢͱͷ৮ʹؔΘΒͣ௨৴͕ੜͣ͡3DγʔϯͷҠߦͳ͍
SUNIDRA2ͷஅ݁Ռ ରࡦҊ codeͷ௨৴ΛϩάΠϯͷϘλϯΛԡͨ͠ޙͷॲཧͱҠ͢ ϝϦοτ σϝϦοτ codeͷ௨৴ͰΤϥʔ͕ੜͯ͡ϩάΠϯॲཧͷࣦഊͱͯ͠ද ࣔͰ͖ɺϢʔβʔ͕ࠞཚͤͣʹcodeͷ௨৴Λޭͤ͞ΒΕΔ ಛʹͳ͠ SECCON 2016
x CEDEC CHALLENGE ίετ ΞϓϦىಈ࣌ʹωοτϫʔΫ͕ෆ௨ͷ߹ɺ ϩάΠϯޙͷ௨৴͕ෆೳʹͳΔ
μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ϦεΫ: େ Өڹ:
ήʔϜόϥϯεͷ่յɺήʔϜͷण໋ΛॖΊΔ ରԠࡦ: ޙड़ ݕূڥ:Android Virtual Device(Nexus5 Android 6.0) ॴݟ: ্࣮ͷෆඋ͔Β͔ɺϩʔΧϧͰͷΈμΠϠੴΛ500 ݸʹ૿͢͜ͱ͕Ͱ͖Δ ੴʹର͠՝ۚͳͲΛ՝͢߹ɺ՝ۚγεςϜ่͕յ͢Δ (μΠϠੴͷվ͟ΜʹΑͬͯΓ3ύϥϝʔλͷνʔτ)
μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE (μΠϠੴͷվ͟ΜʹΑͬͯΓ3ύϥϝʔλͷνʔτ) վ͟ΜՕॴ
Ұͭલͷͱ߹ΘͤΔͱ 2Dը໘ͷύϥϝʔλ͍ͣΕνʔτ͠͏Δ SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE վ͟ΜՕॴ
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ πʔϧ: - /etc/hostsͷॻ͖͑ΒΕͨAndroid
- burp suite ͳͲͷϓϩΩγπʔϧ ख๏: ϓϩΩγπʔϧͰ௨৴Λվ͟Μ͢Δ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE SUNIDRA2ͷ௨৴ͷྲྀΕ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ࣝผͷσʔλʁ ϩάΠϯͷॲཧ
ϢʔβʔͷύϥϝʔλΛऔͬͯ͘Δॲཧ Ҏ߱ήʔϜͷॲཧ ͳ͓ɺσʔλ҉߸Խ͞Ε͓ͯΓɺվ͟Μ͍͠
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ࣝผͷσʔλʁ ϩάΠϯͷॲཧ
ϢʔβʔͷύϥϝʔλΛऔͬͯ͘Δॲཧ ͜ͷ௨৴ΛDropͯ͠Δ
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ্࣮ͷෆඋ͔Β͔ɺ߈ܸྗɺମྗɺίΠϯ͕ॳظɺμΠϠੴ͕500ͱ͍͏ঢ়ଶʹͳΔ
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ߈ܸྗUpɺମྗUpͳͲͷϦΫΤετ Success
or Fail ͷݕূ ੴͷݸͰϦΫΤετ੍ݶ
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ૹ৴͞ΕΔϦΫΤετsession idͱ҉߸Խ͞Εͨσʔλ
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ αʔόʔଆͷͷݕূʹҾ͔͔ͬΔͱ ্ͷΑ͏ʹϨεϙϯε͕ฦΓɺΞϓϦ͕ఀࢭ͢Δ(Dropͯ͠ಉ༷ʹఀࢭ͢Δ)
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ҰํϦΫΤετ͕ਖ਼ৗʹॲཧ͞ΕΔͱ succeed{session}ͷΑ͏ʹϨεϙϯε͕ฦΔ
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ߈ܸྗUpɺମྗUpͳͲͷϦΫΤετ Success
or Fail ਖ਼نαʔόʔ ࣮ͷෆඋͰੴ500ί ௨ৗ͜͜ͰFailΛฦ͢͜ͱʹΑͬͯվ͟Μࢭ
SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ਖ਼نαʔόʔ ࣮ͷෆඋͰੴ500ί ߈ܸྗUpɺମྗUpͳͲͷϦΫΤετ
ѱҙ͋Δαʔό ͷݕূΛߦΘͣɺৗʹsuccessΛฦ͢ ※αʔόʔҙ͕ͩɺࠓճnode.jsΛ༻͍ͨ Ϧ μ Π Ϩ Ϋ τ SUNIDRA2ͷஅ݁Ռ
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ِͨ͠Ϩεϙϯεӈ(node.jsͷExpressΛ༻͍ͯ͠Δ)
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ߈ܸྗମྗ͜ͷΑ͏ʹվ͟ΜՄೳ
SUNIDRA2ͷஅ݁Ռ SECCON 2016 x CEDEC CHALLENGE ࠶ݱख๏ͷ࣮ࡍ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ίΠϯಉ༷ʹͯ͠վ͟ΜՄೳ
SUNIDRA2ͷஅ݁Ռ ରࡦҊ̍ εςʔλεΛड͚औΒͳ͍ঢ়ଶͰͷμΠϠੴΛ0ίʹ͓ͯ͘͠ ϝϦοτ σϝϦοτ ௨৴ΛDrop͞Εͨ߹ͰμΠϠੴͷෆਖ਼Λࢭ͢Δ ࣮ͷෆඋͷగਖ਼ ಛʹͳ͠ SECCON 2016
x CEDEC CHALLENGE μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ίετ
SUNIDRA2ͷஅ݁Ռ ରࡦҊ̎ ϩάΠϯ࣌ʹμΠϠੴ߈ܸྗͳͲͷεςʔλεΛड͚औΔΑ͏ʹ͢Δ ϝϦοτ σϝϦοτ ࣮ͷෆඋ͕ଘࡏ͍ͯͯ͠ɺෆਖ਼Λࢭ͢Δ͜ͱ͕Ͱ͖Δ ಛʹͳ͠ SECCON 2016 x
CEDEC CHALLENGE μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ίετ
SUNIDRA2ͷஅ݁Ռ ରࡦҊ̏ ௨৴ͷresponseSuccess{session}͚ͩͰແ͘ɺ࣌ࠁͳͲΛมԽ ͢ΔΛՃ্ͨ͠Ͱ҉߸ԽΛߦ͏ ϝϦοτ σϝϦοτ Ϩεϙϯεͷِ͕ඇৗʹ͘͠ͳΔ ॲཧ͕૿͑ΔͨΊ͕མͪΔ SECCON 2016
x CEDEC CHALLENGE μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ ίετ த
SUNIDRA2ͷஅ݁Ռ ରࡦҊ·ͱΊ SECCON 2016 x CEDEC CHALLENGE ίετ ϝϦοτ σϝϦοτ
࣮ͷෆඋͷగਖ਼ த ಛʹͳ͠ ௨৴λΠϛϯά ͷվળ த ಛʹͳ͠ responseͷ҉߸Խ த த খ ͍ͣΕিಥ͠ͳ͍ͷͰׂ͚ΔίετʹԠͯ͡ߦ͏͖ μΠϠੴɺ߈ܸྗɺମྗɺίΠϯͷվ͟Μ͕Մೳ