Once you are familiar with Blackberry as a platform, simulators, and/or phone, get into the mood of penetration testing. Penetration testing for mobile application, can be broadly classified under four categories:
Mobile application traffic related attacks Mobile device storage-related attacks
Mobile application source code-related attacks
Attacks involving mobile OS features used by mobile applications A lab for pentesting should be well equipped with basic necessities to cater for the preceding four categorical needs.
Getting ready
We have to set up a lab for Blackberry pentesting. To get going, we need the following:
Blackberry IDE Blackberry phones Blackberry simulators
Proxy tools such as Charles, Burp Suite, and Fiddler A Wi-Fi network
Blackberry backup tools
A data cable Decompiler tools
How to do it…
Let us see how each of these tools help:
Blackberry IDE: This IDE is needed majorly for code review assignments. The code of the BB apps can be analyzed to discover any insecurity from the
development-generic or business logic errors. This step is usually not required in case of pure pentest-based assignments. Installation of the Blackberry IDE is covered in the previous recipe.
Blackberry phones: Run-time applications have to be tested. BB phones are needed to install and run the app to be able to do the pentest.
Blackberry simulators: Simulators also provide a runtime environment for debugging and pentesting purposes. Simulators are life savers; when the phones of specific versions are not available, we can switch over to the simulator of that particular version. However, if RAM or disk space is limited, Simulators may be slow and may become difficult to use. Blackberry Simulators get installed as part of an IDE; this we have learnt in previous recipes.
Proxy tools such as Charles, Burp Suite, and Fiddler: Various proxy tools can be downloaded from their websites. These are quite straightforward and there are guides and help forums about those as well. These tools are easy to install; just download the installer from the respective websites and a few clicks will make the tool ready to use.
A Wi-Fi network: We need a Wi-Fi network for interception of Wi-Fi traffic. We will later set up a proxy for mobile devices to a laptop running proxy tools, both on the same Wi-Fi network.
Either you can use a Wi-Fi router to set up your personal Wi-Fi network or you can use one of the free tools available to create a hotspot from your laptop. In our experience, it is sometimes difficult to work with the latter option, so we suggest using the first option.
Blackberry backup tools: Tools to take Blackberry backups and extract or mine data from the backup. Traditionally, data stored on the BB phone has been difficult to steal. This can be overcome by taking a phone backup from the phone that and mining the data from backup.
Tools such as Blackberry Extractor or BlackBerry Backup Extractor are helpful in this regard.
Data cable: It is also important to own a data cable. Later we will use it to connect to the phone to read data and to conduct attacks originating via USB.
Decompiler tools: It is also important that these tools are ready in our lab. These small tools help us in the decompilation of applications. We will use a tool called Coddec in a recipe to follow in this chapter. There we will cover the installation and usage of this tool.
How it works…
With the tools ready at our Pentest lab, let us see how we can link the penetration testing use cases to different categories while using the tools:
Mobile application traffic-related attacks: This is where the Wi-Fi network and proxy tools are going to come in handy. A laptop with Charles or Burp proxy installed is connected to Wi-Fi. A mobile device running the application is directed to the laptop proxy, using proxy configuration on the device. Since both laptop and mobile device are on the same Wi-Fi network, application traffic gets routed via Charles or Burp proxy tools. Configure the appropriate proxy settings in the simulator or phone to be able to route the traffic to Charles or Burp proxy tools.
Effectively this whole process makes application traffic readable and editable via proxy tools and we can conduct various attacks such as parameter
manipulation to bypass business logics or to gain privilege access.
Mobile device storage-related attacks: We have a data cable to connect the phone to the laptop. We have the Simulator on the laptop. Both of them can run mobile applications. Use Blackberry desktop software to connect the phone to the laptops. This channel can lead to data stealing attacks such as directly reading the phone data or taking the backup of phone for offline data mining.
Mobile application source code-related attacks: Decompiling the BB
applications results in the raw source code. The Coddec tool can be used for this purpose. The hardcoded sensitive data present in the application source code is revealed.
There's more…
Attacks involving mobile OS features used by mobile application is the most complicated category. There are various BB OS related features which applications interact with such as Bluetooth, NFC, intents, broadcast receivers, and so on. These also need to be covered in an offensive penetration test.
See also
h t t p : / / u s . b l a c k b e r r y . c o m / s o f t w a r e / d e s k t o p . h t m l h t t p : / / w w w . b l a c k b e r r y e x t r a c t o r . c o m /