Contenu connexe
Similaire à App과 Server의 은밀한 대화 (20)
App과 Server의 은밀한 대화
- 1. !?
[App Server ]
2010. 7. 17
( )
- 2. !
• /( ) CTO
• 2005~2010 : SK
- /
- ( , , , )
• contact : @cserock | http://rockk.egloos.com
blueonion
• :
• 2010. 4
• 24 ( :3 )
• http://blueonionsoft.com
blueonion
- 4. !
• http://test.com/savePoint.php?id=2&point=450
• http://test.com/updateUserInfo.php?id=2&password=teertfdsa
• http://test.com/getUserInfo.php?id=2
blueonion
- 5. ;
• endpoint : savePoint.php, updateUserInfo.php
!
• data : id, point, password
!
• Abusing
! savePoint.php id=3&point=500000 ?
blueonion
- 6. ,‘ ’ .
• - App “ ”
• .
• -
• - .
blueonion
- 8. • AES-128
• CryptoHelper ( )
• CommonCrypto / Security framework
• st(security token)
• libmcrypt
• php mcrypt function
• st
blueonion
- 9. :
// make parameter
NSString *param = [[NSString stringWithFormat:@"id=2&point=450&nonce=%d",
rand()] stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];
// make st (key is ‘123456789abcdef’)
NSString *st = [[CryptoHelper sharedInstance] encryptString:param];
// now lets create the body of the post
NSMutableData *body = [NSMutableData data];
[body appendData:[[NSString stringWithFormat:@"rn--%@rn",boundary]
dataUsingEncoding:NSUTF8StringEncoding]];
[body appendData:[[NSString stringWithFormat:@"Content-Disposition: form-data;
name="st"rnrn%@", st] dataUsingEncoding:NSUTF8StringEncoding]];
[body appendData:[[NSString stringWithFormat:@"rn--%@--rn",boundary]
dataUsingEncoding:NSUTF8StringEncoding]];
[request setHTTPBody:body];
blueonion
- 10. :
<?php
// base64 decode st
$tmp_st = base64_decode($_POST[‘st’]);
// decrypt st (key is ‘123456789abcdef’)
$st = urldecode(trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, ‘123456789abcdef’,
$tmp_st, MCRYPT_MODE_ECB,
mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128,
MCRYPT_MODE_ECB), MCRYPT_RAND))));
// st is ‘id=2&point=450&nonce=12342234’
?>
blueonion
- 11. • HTTP_USER_AGENT
=> App
• framework
=>
=> endpoint
• st(security token) timestamp
•
blueonion