Penetration testing Windows Phone 8(.1) devices and applications.
The script rely on appy module, you can install it using pip:
$ pip install -r requirements.txt
If you plan on using the decompile command, you'll need to install ILSpy.
Setup is more tricky on Linux because you need Mono to compile C# code. Should works like a charm if you follow these instructions:
- Install Mono following instructions
- Compile ILSpy for Mono by executing
cd wp8pentesting/decompiler && make
Prior to executing any of those commands, you'll need to boot a jailbroken Huawei Ascend W1 device in storage mode (Power + Vol-) and mount the device on your test machine.
List name and version of applications installed on device.
$ python wp.py /mnt/wp8 list
[-] @Resources/Title/AppResLib.dll,-101 (1.0.0.0)
[-] @Resources/Tilte/AppResLib.dll,-101 (1.0.0.0)
[-] @Resources/TitleResources/TitleResources.dll,-101 (1.0.0.0)
[-] Apps@Work (9.0.0.5)
[-] IE (1.0.0.3)
[-] OneDrive (3.5.0.0)
[-] @Resources\AppResLib.dll,-100 (2.0.1403.2)
[-] @Resources\AppResLib.dll,-100 (2.6.185.0)
[-] @Resources\AppResLib.dll,-100 (2.5.3995.0)
Backup binaries and isolated storage to analysis/GUID/code and analysis/GUID/storage, respectively.
$ python wp.py /mnt/wp8 backup Apps@Work
Title: Apps@Work
Author: MobileIron
Publisher: MobileIron
Version: 9.0.0.5
Description:
Runtime: Silverlight
GUID: {F632C2FB-5C10-47ED-8F8A-0B95E029D7E1}
Capabilities
- ID_CAP_NETWORKING
- ID_CAP_IDENTITY_DEVICE
- ID_CAP_PUSH_NOTIFICATION
Package: /mnt/wp8/PROGRAMS/{F632C2FB-5C10-47ED-8F8A-0B95E029D7E1}
Local storage: /mnt/wp8/Users/DefApps/APPDATA/{F632C2FB-5C10-47ED-8F8A-0B95E029D7E1}
Backing up 'Apps@Work' installation directory ...
Backing up 'Apps@Work' local storage directory ...
Decompile backed up binaries from analysis/GUID/code into analysis/GUID/decompiled using ILSpy decompiler
$ python wp.py /mnt/wp8 decompile Apps@Work
[+] Starting decompilation (this can take a while) ...