In this aricle I want to demonstrate how I revealedparts of the WhatsApp VoIP protocol with the help of a jailbroken iOS device and a set of forensic tools. Whatsapp got a lot attention due to security vulnerabilitiesand hacks. So it is an interesting target for teaching security analysis.

 

 

 

While there is an official white paper describing theencryptionof Whatsapp, there is no detailed overview of how its protocols work or how thesecurity featuresare implemented. Consequently,

there is no foundation for serious security related anlaysis.

 

 

 

 

My research is based on three steps:

 

1. Analysis of the network traffic.

2. Analysis of the binary files.

3. Analysis of the runtime behaviour.

 

 

 

 

TOOLs

 

I used the following tools for analyzing an iOS WhatsApp client :

- Decryptionof binaries : bfdecrypt

- DIsassembling binary files : Hopper DIsassembler and radare2

- Observing network traffic : Wireshark

- Analyzing runtime behavior : Frida

 

How I installed a Jailbreak on my iOS device is out of scope.

 

 

 

 

 

Network Traffic Analysis

 

 

This is examines the network traffic of the WhatsApp client during a call, which was recorded with Wireshark. For recording the network traffic of iOS device, I created a remote virtual network interface. The shell command is as follows (works on MacOS), where <decviceUUID> has to be

replaced with the UUID of theinspected iOS device :

 

' rvictl -s <device UUID>'

 

Wireshark detects the usage of the Session Traversal Utilities for NAT (STUN). STUN is a signalling protocol which handles necessary steps for establishinga peer-to-peer connection between clients. There are also many TCP and UDP packets in the Wireshark recording, which could not be related with high-level protocol.

 

 

 

 

 

revealed : 드러내다

velnerabilities : 취약점

encryption : 암호화

security features : 보안기능 / 안전장치

be implemented : 구현되다

Consequently : 결과적으로

Decryption : (암호) 해독

inspected (be examined) : 검사받은 / 시찰 받은

detects the useage of : 의 사용법을 탐지하다

establishing : 확립된

 

 

 

 

 

https://medium.com/@schirrmacher/analyzing-whatsapp-calls-176a9e776213

 

728x90

+ Recent posts