We recently hosted webinars on how to recover secrets using the white-box cryptography framework that runs on our esDynamic platform. Some questions were raised after these webinars, which might you find useful. So please see below!
1) Is it possible to trace Android apps using your esDynamic platform and the white-box cryptography framework?
Yes this is possible, with a side note. Not the entire application (dalvik), but by extracting the targeted binary (native) you will be able to analyse this code and recover (if not properly protected) the embedded manipulated secrets. This is how we regularly perform white-box crypto analysis on Android applications with esDynamic to challenge their security.
2) Is it possible to do the same attack if the binary is obfuscated?
Actually, the obfuscation has no real effect on our attack success. This is a huge advantage compared to straight forward reverse engineering. If you don’t have an entry point on your binary, you can just use a probe for instance where you specify from which point you would like to target the binary. Then the statistical attack will just be performed on every state. The obfuscation is no limit for the tracer.
3) Why would this method be more efficient than reverse engineering on a white-box cryptography module?
We are actually attacking in a ‘black box’ mode. The work is done by the statistical attack toolkit that is provided in the esDynamic framework. When you don’t have structure in your code, and you have to go line by line, this creates a lot of extra work (using IDA or RADARE can represent days or months worth of work). Hence we think doing the work by the statistical attack toolkit is easier and more efficient for users. Performing fault injection in this way will be a complementary approach to reverse engineering.
4) You showed it was possible to perform fault attacks, but what is the limitation ow many faults am I able to perform?
In the interface we showed that you can add as many faults as you like. However, you should be mindful that the more faults you have, the more combinations you will have to sort through. This provokes an explosion of combinations, so it really depends on the time you have to perform your analysis.
5) Is it applicable to other algorithms?
Our esDynamic platform can also be used for other algorithms, including AES, HMAC and RSA for instance.
6) How do you compare it to the side-channel marvels I can find for free on the net (Github)? I have seen a similar attack and result shown there. It does not seem too difficult to reproduce or to use?
Our framework is an all-in-one solution, and our tracer goes more in-depth as it can trace registers. We also provide filtering and attack improvements for more complex attacks to be achieved. Our interface and side-channel modules make the attack easy to handle from top to down. We can also easily perform multiple fault.
7) I heard coupling WBC and bit coding might make SW SCA/FI/DCA attacks difficult. If true, would esDynamic still be able to perform these attacks?
Such attacks are exploiting intermediate data present in memory or registers, but it can also happen when statistical bias are present in some whitebox encoding methods. Depending on the encoding or bit coding method it can still leak or not using the same attacks, in that case only some bits would be exploited for the attack. Moreover more complex attacks can also be used and developed and performed in that case, for instance, collision attacks as presented in some publications. This case is related to very state-of-the-art whitebox implementations. Recent publications have shown that using esDynamic attack techniques lots of existing whitebox techniques can be defeated.
Collision attacks are not part of the features available in esDynamic (SCA or WBC module), but they are planned in the roadmap of next developments. If you wish to use this attack technique, we can speed up our developments against your commitment to use the tool.
Keep up to date!
We will be hosting more webinars about this and related topics in the future. If you would like to stay updated, you can email us to be included in our news feed when we have something like this to share. And of course, for any questions relating to white-box cryptography or any other security topic, please feel free to contact us!