Magnum PI is a tool for live dynamic application analysis on Android developed at the Institute for Applied Information Processing and Communications (IAIK) at Graz University of Technology.
License: GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Background
As smartphones are ubiquitous and carry our most personal information they are not only viable targets for attacks, but security and correctness of applications are especially important on such devices. Furthermore Android's permission system is not only complex but in some cases not very expressive.
Overview
Magnum PI provides a way to analyse Android applications at runtime, yielding comprehensive information about the inner workings of applications.
For example, more and more people know not to reuse passwords but rather rely on a password safe. However, an insecure password safe (or worse: well disguised spyware) poses a threat. The Google Play Store offers lots of different password safes all of which are praised by their developers as the best, most secure one of all.
Magnum PI makes it possible to check if applications live up to the promise a high level of security.
However, analysing password safes and file vaults is only one of many possible applications of Magnum PI. It is also possible to discover leakage of personal information and to find out if apps transmit user data, IMEI, IMSI, … without the user's consent or if the external storage is not only used for savegames, but also to readout photos and documents. Yet, these are only examples, as Magnum PI is a very generic tool that enables general purpose application analysis, making it possible to gain whichever insights are sought after.
Magnum PI relies on the Xposed framework to instrument application code at runtime. A client running on a PC called Eve's Dropper (pun intended) processes the gathered information which includes:
- The application's APK
- All classes loaded during an applications life cycle
- Every method invocation including
- Method parameters
- Return value
- Calling method
This information is used on the client to visualise the class hierarchy, compute graphical, interactive execution traces and even display the source code of the application (decompiled from the APK). All gathered information can be filtered and exported at any time.
For more information and a user manual check out the GitHub repository.
Demo
The following screencast illustrates how Magnum PI is used to dynamically analyse an Android application at runtime. In order not to discredit any apps that can be found on the Google Play Store, a rudimentary password safe was implemented specifically for demonstration purposes. As shown, this application features security problems often found in similar applications.
In this screencast 'pfeffer' is used as the master password. The APK can be found here for anyone to dissect, to verify the presented results (note that the password safe's user interface has some bugs and the overall architecture contains some anti-patterns).
Analysis Findings
Magnum PI has been successfully used to assess the security of applications aimed at protecting sensitive data on Android. An anonymised excerpt of the analysis results reveals that password safes and file encryption apps often do not sufficiently protect users' data. If the number of app installs shown in the Google Play Store accurately reflects the number of an app's users, the following results lead to the conclusion that both millions of user credentials, and other sensitive data are not sufficiently protected:
File Encryption App 1
Price: Free
Installs (May '15): 1 000 000 - 5 000 000
File Encryption App 1 enables users to encrypt arbitrary files using a password-derived key.
Analysis Results: A custom KDF without salt is used, which just multiplies each password character with a hard-coded prime number <60 mod 256. The encryption scheme works similarly:int n2 = 0; for (int i = 0; i < n; ++i) { output[i] = (byte)((n2 += input[i] + password[i % password.length]) & 0xFF); }This makes it possible to very easily brute-force the password by trying to decrypt a file, where the file's header is either known or an educated guess about the file's contents can be made. This is even further eased by the fact that, in spite of enabling full file encryption, only the beginning and the end of a file are actually encrypted.
Password Safe 1
Price: Free (premium version available)
Installs (Sept '14): 100 000 - 500 000
Password Safe 1 is a purely offline app (no Internet permission) that protects various data (text documents, credentials, ...) using a master password.
Analysis Results: No KDF is used. If the password is shorter than 32 characters it is repeated until a string of 32 characters length is produced. This String is then used as 256 bit AES key. This scheme allows for very efficient brute-force attacks, in part also because passwords like yxz, yxzyxz are equivalent.Password Safe 2
Price: Free
Installs (Sept '14): 100 000 - 500 000
Password Safe 2 is a purely offline app (no Internet permission) that protects a set of credentials using a master password.
Analysis Results: A standardised KDF is used: PBKDF2 with HMAC SHA-1, however only 20 iterations are performed, which makes brute-force attacks feasible.Password Safe 3
Price: Free + in-app purchases
Installs (Sept '14): 1 000 000 - 5 000 000
Password Safe 3 is a purely offline app (no Internet permission) that protects a set of credentials using a master password.
Analysis Results: Obfuscated code makes analysis difficult. A custom KDF is used: The password is hashed 1000 times (without salt) using SHA-256. The resulting byte array is then used as input for a standard PBEKeySpec with a static 256 bit salt, a key length of 256 bits and 1024 iterations.Incomprehensible code has a high probability of being a sign of a flawed implementation, since a secure and correct implementation should be recognisable as such. Furthermore the static salt makes is possible to precompute keys.
Password Safe 4
Price: Free trial, then $9,99
Installs (Sept '14): 100 000 - 500 000
Password Safe 4 can be used offline, but also provides means of synchronising stored credentials between different devices. Stored credentials are protected by a master password.
Analysis Results: Bouncy Castle's PBKDF2 with HMAC SHA-1 with 8000 iterations is used. A randomly generated salt is also used, making this app highly secure.File Encryption App 2
Price: Free, in-app purchases to donate
Installs (Sept '14): 10 000 - 50 000
File Encryption App 2 enables users to encrypt arbitrary files using AES256 and stores them inside a so called vault which is protected by a password.
Analysis Results: No KDF is used. The AES key consists of the first 32 bytes of the password provided by the user (if the password is shorter, it is padded using zeros). No salt is used. Brute-force attacks, password precomputations and rainbow tables can be employed to guess the AES key.