Detecting cryptographic misuse with Argus static analysis framework

In the last post I talked about Argus static analysis framework and his capabilities for analyzing decompiled Android applications. As mentioned before Argus uses Jawa language as its intermediate representation of Android bytecode. While analyzing to resolve dependencies of the statements Argus uses inter-procedural control graphs (ICFG) and inter-component data flow graphs (IDFG). Argus also presents module for detecting cryptographic misuse, being capable of detecting usage of ECB mode in symmetric encryption and usage of constant Initializing vectors for CBC mode which are deemed not to be secure enough. This features cover only first two rules that are defined in CryptoLint work. 

The mechanism in which way Argus tests is based on checking the validity of arguments when using Java Crypto Library. So for instance for the first rule the analyzer works by first checking the existence of Crypto Library cipher getInstance() method iterating over all application declared activities. The methods is represented by its signature in Jawa intermediate representation:

Ljavax/crypto/Cipher;.getInstance:(Ljava/lang/String;

This Jawa signature of getInstance method has for its first argument a java string, the parentheses are left open because other argument might follow but are not of importance. After that each method, in the activity object, is checked for existence of this signature that creates new cipher object. At each statement that the signature is found, the input argument are retrieved and checked recursively by querying control flow and reaching definition graphs to their point of construction. After the value is retrieved, it is compared with inadmissible values like definition of ECB mode. If we were to check for constant value of Initializing vector the same procedure would follow, but instead of checking values of the arguments its only necessary to check if the argument is statically defined in the code. 

In the same manner I extended the module by adding few more methods for checking the rest of CryptoLint rules which i talked about in the post earlier. These are the core signature for methods I've checked according to the rules:

Ljavax/crypto/Cipher;.init:(ILjava/security/Key;)V
Ljavax/crypto/spec/PBEKeySpec;.<init>:([C
Ljava/security/SecureRandom;.<init>:(

After the name of the method inside the braces are the signature of the types of arguments, so I would represent integer and Ljava/security/Key; Crypto library key object, and where [C would represent array of chars. The methods were checked for constant seed or key values and appropriate domain of arguments i. e. number of iterations for PBEKeySpec.

For further work it would be expected to use this module for testing Android applications on the market to evaluate how vulnerable the systems are.

Source: https://sgros-students.blogspot.com/2017/06/detecting-cryptographic-misuse-with.html