Skip to content

MASTG-DEMO-0016: Uses of Insecure Hashing Algorithms in CryptoKit with r2

Content in BETA

This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Sample

MastgTest.swift
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
import Foundation
import CryptoKit

struct MastgTest {
    // Function to generate a SHA-1 hash
    static func generateSHA1Hash(data: Data) -> String {
        let hash = Insecure.SHA1.hash(data: data)
        return hash.compactMap { String(format: "%02x", $0) }.joined()
    }

    // Function to generate an MD5 hash
    static func generateMD5Hash(data: Data) -> String {
        let hash = Insecure.MD5.hash(data: data)
        return hash.compactMap { String(format: "%02x", $0) }.joined()
    }

    static func mastgTest(completion: @escaping (String) -> Void) {
        let input = "This is a sample text".data(using: .utf8)!

        // Generate SHA-1 hash
        let sha1Hash = generateSHA1Hash(data: input)

        // Generate MD5 hash
        let md5Hash = generateMD5Hash(data: input)

        let value = """
        Original: \(String(data: input, encoding: .utf8)!)
        SHA-1 Hash: \(sha1Hash)
        MD5 Hash: \(md5Hash)
        """

        completion(value)
    }
}

Steps

  1. Unzip the app package and locate the main binary file ( Exploring the App Package), which in this case is ./Payload/MASTestApp.app/MASTestApp.
  2. Open the app binary with radare2 for iOS with the -i option to run this script.
cryptokit_hash.r2
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
?e;?e

?e Uses of CryptoKit.Insecure functions:
afl~Insecure.

?e

?e xrefs to CryptoKit.Insecure.MD5:
axt @ 0x100007280

?e

?e xrefs to CryptoKit.Insecure.SHA1:
axt @ 0x10000728c

?e

?e Use of MD5:
pd-- 5 @ 0x1000046d8

?e

?e Use of SHA1:
pd-- 5 @ 0x100004214
run.sh
1
r2 -q -i cryptokit_hash.r2 -A MASTestApp

Observation

The output contains all uses of CryptoKit.Insecure functions in the binary, the xrefs for Insecure.MD5 and Insecure.SHA1 and the disassembled code of the region where each of these functions is called.

output.txt
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Uses of CryptoKit.Insecure functions:
0x100007274    1     12 sym.imp.CryptoKit.Insecure.SHA1Digest.
0x100007280    1     12 sym.imp.CryptoKit.Insecure.MD5.
0x10000728c    1     12 sym.imp.CryptoKit.Insecure.SHA1.
0x100007298    1     12 sym.imp.CryptoKit.Insecure.MD5Digest.

xrefs to CryptoKit.Insecure.MD5:
sym.func.10000469c 0x1000046d8 [CALL:--x] bl sym.imp.CryptoKit.Insecure.MD5.

xrefs to CryptoKit.Insecure.SHA1:
sym.func.1000041d8 0x100004214 [CALL:--x] bl sym.imp.CryptoKit.Insecure.SHA1.

Use of MD5:
           0x1000046c4      48000090       adrp x8, reloc.Foundation.__DataStorage._bytes.allocator__UnsafeMutableRawPointer______ ; 0x10000c000
           0x1000046c8      08d141f9       ldr x8, reloc.__stack_chk_guard ; 0x10000c3a0
           0x1000046cc      080140f9       ldr x8, [x8]
           0x1000046d0      a8831af8       stur x8, [x29, -0x58]
           0x1000046d4      000080d2       mov x0, 0
           0x1000046d8      ea0a0094       bl sym CryptoKit.Insecure.MD5. ; sym.imp.CryptoKit.Insecure.MD5.
           0x1000046dc      f70300aa       mov x23, x0
           0x1000046e0      54000090       adrp x20, reloc.Foundation.__DataStorage._bytes.allocator__UnsafeMutableRawPointer______ ; 0x10000c000
           0x1000046e4      947241f9       ldr x20, reloc.CryptoKit.Insecure.MD5. ; 0x10000c2e0
           0x1000046e8      16805ff8       ldur x22, [x0, -8]

Use of SHA1:
           0x100004200      48000090       adrp x8, reloc.Foundation.__DataStorage._bytes.allocator__UnsafeMutableRawPointer______ ; 0x10000c000
           0x100004204      08d141f9       ldr x8, reloc.__stack_chk_guard ; 0x10000c3a0
           0x100004208      080140f9       ldr x8, [x8]
           0x10000420c      a8831af8       stur x8, [x29, -0x58]
           0x100004210      000080d2       mov x0, 0
           0x100004214      1e0c0094       bl sym CryptoKit.Insecure.SHA1. ; sym.imp.CryptoKit.Insecure.SHA1.
           0x100004218      f70300aa       mov x23, x0
           0x10000421c      54000090       adrp x20, reloc.Foundation.__DataStorage._bytes.allocator__UnsafeMutableRawPointer______ ; 0x10000c000
           0x100004220      947a41f9       ldr x20, reloc.CryptoKit.Insecure.SHA1. ; 0x10000c2f0
           0x100004224      16805ff8       ldur x22, [x0, -8]

Evaluation

The test fails because the MD5 and SHA1 algorithms were found in the code.

Remember that the context is important when evaluating the use of these algorithms. In some cases, the use of MD5 or SHA1 may be acceptable, for example, when the algorithm is used for checksums or non-cryptographic purposes. In order to determine that you should further analyze the reverse-engineered code and try to learn more about the context in which these algorithms are used.