A Hacker's Perspective

1
A Hacker's Perspective
Silverlight Security

• Kamran Bilgrami / Angelo Chan

2
Agenda

• Silverlight overview
• Scope
• Key concepts
• Demos
• Recommendations
• QA

    
3
Silverlight Overview

• User
• Cross-browser, cross-platform
• Media-rich (audio/video)
• Run in-browser, out-of-browser
• .xap - archive of assemblies, manifest
•  
• Programmer
• .NET programming model
• Networking and LINQ support

4
Silverlight architecture

• Presentation (e.g. Media)
• CoreCLR (optimized)

5
Silverlight overview - security

• Run-time security modes 
• In browser, out of browser
• Sandbox
• User initiated, same origin policy

   
6
Scope

• In scope
• Vulnerabilities against Silverlight related
  components
•  
• Out of scope
• Classical attacks (SQL Injection, XSS etc)
•  
•  
• Due to XAP/CoreCLR, hackers can now apply .NET
  assembly hacking techniques to your web
  application

7
Useful concepts

• XAP
• CoreCLR
• Intermediate Language (IL)
•   
• Widely Available Tools
• ILASM/ILDASM
• Reflector
• ReflexIL
•  
• Signing/Tamper detection
• Obfuscation (Protect IP)

8
Demos
9
Demo 1 Summary

• Problems
• Code not obfuscated
• Tamper-able Assembly
• Client side Business logic

• Solutions
• Use code obfuscation
• Assembly Signing
• Server Side Business

10
Demo 2 Summary

• Starting conditions
• Code was obfuscated
• Tamper resistant
• IP / Business logic on server side 

• Run-time hacking
• Bypass tamper detection
• Bypass server business logic

11
Recommendations

• Web security - XSS, data encryption
• CLR - Obfuscation, signing
• Domain-specific - e.g. banking application
• Legal

12
QA

•   

13
References

• Silverlight Security Overview - MSDN
• Silverlight Architecture - MSDN
• SOS command reference - MSDN
• CLR Inside Out - MSDN
• http//www.windowsdebugging.com

kamran_at_windowsdebugging.com angelo_at_windowsdebuggin
g.com
14