How to perform side-channel and fault attacks on various sensitive codes

protectionLast week, eshard hosted a webinar on challenging cryptographic implementations of mobile apps with side-channel attacks. During the webinar, some questions came up, particularly about the esDynamic product portfolio. With the tools in this portfolio, you can perform side-channel and fault attacks on various sensitive codes, such as whitebox cryptography implementations. We have listed the most frequently asked questions below.

Q1) Is the tool a simulator that loads a binary “as is” or does the binary have to be pre-processed before?
A) No pre-processing is required. esDynamic executes the native code exactly as they stands in the mobile app. However, it needs to set up a launcher to tie the analysis to the specific target function or to trace a library, which may require a bit of reverse engineering.

Q2) Can the tool emulate a whole OS environment so that I can analyse a complete application or is it restricted to code that requires only a “bare metal” cpu? For example, if I want to test an Android app, can I simply load the apk-file into the tool and run it?
A: The tool is designed to analyse linux binaries as long as they don’t depend on other daemon or process running on the same platform. To be able to load an APK you need other processes running, that’s not possible with the current implementation. In further release of the tool that will be possible. It’s possible to trace the execution of a full OS but the traces will be really huge and hardly exploitable.

Q3) Which OS environments can be emulated (Android/ARM, Android/x86, iOS, Linux/x86…)?
A: We are more talking about HW platform than OS. Indeed, as long as you can extract the native code from an application running on any OS, you can run the tool externally (with its dependencies). But we fully support Linux compatible binaries, on ARM, ARM64, x86 and x86_64.

Q4) What is the licensing model, i.e. would a license entitle us to use the tool for a limited time, or is usage unlimited but updates and support are only provided for a limited time – unless the license is renewed, of course? Are there perhaps several different licensing options?
A: Our current model is to offer unlimited time usage of the licence per site. In the next 12 months, you will receive all updates and upgrades as well as a certain level of support. For getting the upgrades the subsequent years, you will have to renew the yearly program. Obviously, nothing is written in stone and this can be discussed to find more appropriate models.

Q5) Would it be possible to try the tool “hands on”?
A: We can provide demos and training either on our test codes or on yours. You can choose if you would like to experiment with the tracer, the faulter or use the side-channel engine to perform attacks on already existing traces.

Q6) About the binaries to be used with esDynamic, would it be possible to be done with an Android APK binary having its own embedded implementation e.g. for ARM?
A: You can use esDynamic with a binary library provided by an APK, but you would need to do some reverse engineering in order to understand the parameters provided to the native library (symbols and prototypes).

Q7) Also regarding the requirements, is any reverse engineering effort for the target implementations needed to be done prior to the analysis? Do you need any specific requirements regarding that, or any release version of a binary would suit for the demo?
A: There’s no additional reverse engineering needed in the generic case besides understanding how to invoque the binary and how to supply it the message/arguments needed. As we operate on real world mobile apps, the release version of the binary is all we need.

Q8) concerning the esDynamic tracer, why did you choose to rely on emulation technology (QEMU) and not on DBI(instrumentation) technologies such as PIN, Valgrind… ?
A: Intel PIN is a powerful proprietary tool but it is still restricted to x86 and x86_64 architectures. Valgrind supports a wide range of platforms (architecture/OS couple) but even if it provides control flow option it is still mainly focused on the data flow (memories and cache). Valgrind has inherent limitations that QEMU doesn’t have. Upcoming features like launching directly a full APK is really not realistic with Valgrind alone, it is with QEMU.

In our case, the dynamic binary instrumentation is not for software testing, error checking nor performance profiling. We do not modify target codes either (no dynamic binary re-compilation). The purpose of our dynamic binary analysis is clearly security oriented and we are able to perform security analysis on both the data and the control flow.

With esDynamic, we have a single tool with multi-architecture support such as x86, x86_64, aarch32 and aarch64 (and we can port other architecture supported by QEMU easily). Indeed, we target a wide range of embbeded systems, from mobiles devices to small connected objects in the IoT ecosystem.

Q9) Can you conduct the attacks for us if I don’t want to learn to use the tool?
A: In short, yes. However, we can assist you in using it through a training. But sure, we can provide you with our services to do the job ourself.

For more information, you can click here.

Marketing Leader