Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Exploiting WM > An Example - FlexWallet - Pg. 214

214 Chapter7·OperatingSystemandDeviceVulnerabilities 5. Analyze crash ­ After a crash has occurred, try to determine the cause. This will typically involve connecting the program up to a debugger and running through the same process that caused the crash. The debugger will let you locate the point where the program crashed and give you a chance to interact with it. 6. Develop exploit ­ If a cause can be determined, try to see if the crash (technically a DoS) can be exploited to gain control of the process, elevate privileges, or bypass a protection. This simplifies the process greatly. Often, many obstacles and dead ends must be overcome to work through the reverse-engineering process. While sometimes finding a flaw and discovering it is exploitable can take an hour, more often it takes days. An Example - FlexWallet In order to get a good grip on the vulnerability discovery and exploitation process, it is best to see an example. The following will illustrate, step-by-step, how we discovered a vulnera- bility in FlexWallet, and how it was exploited. Setup The first step is to launch Device Emulator Manager under the Tools menu of Visual Studio 2005. Once the emulator window opens, close Visual Studio 2005 and scroll down in the Emulator Manager to WM 6 Professional Emulator. Right-click this listing and select Connect. This will open up the emulator with WM running. Next, right-click the entry again, and this time select Cradle to sync your PC to the device. Upon sync, open up My Computer and place the FlexWallet3_PPC_ENU.CAB file onto the device. Then, using the interface on the device, install the application (see Figure 7.6).