mirror of
https://sharelatex.tu-darmstadt.de/git/681e0e7a3a9c7c9c6b8bb298
synced 2025-12-07 13:18:00 +00:00
Update on Overleaf.
This commit is contained in:
nb72soza Bittner
@@ -111,16 +111,63 @@
|
||||
|
||||
% apdu fuzzing
|
||||
|
||||
% optimizing for coverage
|
||||
% problem: aggressiv mutating in the beginning prevents gaining coverage when succeeding in a mutation, mutation succeeded but failed immediatly afterwards due to more mutations beeing applied
|
||||
% solution: as soon as mutation succeed do not use any more mutation in the initial run directly after the successful mutation i.e. first try to finish the run the test out further mutations
|
||||
|
||||
% differences in execution time
|
||||
|
||||
%
|
||||
|
||||
% error messages thrown by failed traces
|
||||
% Encountered Errors
|
||||
|
||||
% SCP03TSecurityError
|
||||
% refers to an error when working with the Secure Channel Protocol 3 -> security protocol
|
||||
% suffix T in SCP03T refers to Terminal side of application as opposed to SCP03C (Card) or SCP03S (Server)
|
||||
% cause can have many origins but mostly happens during session establishment or secure messaging
|
||||
% in our case its thrown during the LoadBoundProfile step specificially when sending sequenceOf86, sequenceOf88, and firstSequenceOf87
|
||||
|
||||
% ApduException
|
||||
% caused by malformed asn1 structure
|
||||
|
||||
% InvalidCertificate
|
||||
% occured during execution of AuthenticateServer and PrepareDownload
|
||||
% certificate validation failed
|
||||
|
||||
% InvalidSignature
|
||||
% initialiseSecureChannelRequest was the only function that caused this during
|
||||
% signature verification to establish secure channel failed during initialiseSecureChannelRequest
|
||||
|
||||
% UnsupportedRemoteOpType
|
||||
% only thrown during initialiseSecureChannelRequest
|
||||
% is always set to installBoundProfilePackage (1)
|
||||
% mutation ZERO_BLOCK sets the value to zero and truncate removes it entirely
|
||||
|
||||
% UnsupportedCurve
|
||||
% bitflip caused certificate curve value to be not supported by the euicc
|
||||
% InvalidTransactionID
|
||||
|
||||
% UndefinedError
|
||||
% thrown during the authenticate_server and firstSequenceOf87 function
|
||||
% indicates that the euicc does not know how to handle this error
|
||||
|
||||
% DecodeTagError
|
||||
% thrown by the python asn1tools parser -> happend on lpa side
|
||||
% function was authenticate_server
|
||||
% Complete Error message: AuthenticateServerResponse.authenticateResponseOk.euiccSignature1: Expected OCTET STRING(euiccSignature1) with tag '5f37', but got '2474'. (At offset: 271)
|
||||
% indicates that euiccSigned1 is shorter then indicated by the ber encoding tag
|
||||
% 5f37 appears at offset 261
|
||||
% adjusting the specific tags to make it decodable shows that there is now differenence to a successfully decoded AuthenticateServerResponse apdu apart from the euiccSignature1, serverChallenge and transactionId. All of which are supposed to be different
|
||||
% still interisting that the response data was malformed
|
||||
|
||||
|
||||
|
||||
% successful mutations
|
||||
|
||||
% get_euicc_info_1 truncation
|
||||
% truncation with the deterministic engine always cuts of the last 75% of the apdu
|
||||
% bf2000 -> bf20
|
||||
% nothing to be interisting
|
||||
|
||||
|
||||
% analyzing recorded apdu fuzzing
|
||||
@@ -189,13 +236,24 @@
|
||||
% a0 -> a1
|
||||
% indicates another channel was used
|
||||
|
||||
|
||||
% authenticate_server was truncated but still successful
|
||||
% last 75% of authenticate_server apdu are truncated
|
||||
% only able to trigger 1 time -> problem: next mutation type selection was based on enum order
|
||||
% solution: check if mutation in trace history was successful, if so: do not mutate anything and return MutationType.NONE; if no mutation happend: return a random mutation that was not yet used
|
||||
% from triggering it only once -> triggering it every run
|
||||
% TODO: go into detail on what is happening exactly
|
||||
% significant portion of the authenticate server request is missing -> 210 bytes missing
|
||||
% -> investigate what is missing
|
||||
% trying to decode the mutated apdu leads to failure due to wrong length indicators in asn1 encoding -> manually fixing them
|
||||
% missing parts in AuthenticateServerRequest: ctxParams1; signature, signature algorithm of serverCertificate, certificate extensions (2.5.29.14, 2.5.29.17, 2.5.29.35)
|
||||
|
||||
% further analyzation
|
||||
% specs: root of trust is always GSMA -> trust anchor, chain validation is important
|
||||
% "The server certificate shall be verified against the Root of Trust of the eUICC, and the digital signature of the AuthenticateServerRequest shall be verified." - SGP.22
|
||||
% certificate is CERT.DPauth.ECDSA (SGP.22 naming)
|
||||
% bug cannot be triggered directly by truncating the AuthenticateServerRequest -> only able to be trigger when performing other failed mutation requests beforehand
|
||||
% to trigger bug:
|
||||
% - perform one authenticate_server request with for example a bitflip -> authenticate_server request fails
|
||||
% - perform full profile_provisioning with truncated server certificate
|
||||
% when triggerign directly: euicc returns UndefinedError error
|
||||
% first theory: has to be some issue in the euicc state machine for the rsp process
|
||||
|
||||
% only happening on Eastcompeace euiccs
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user