[guardian-dev] Fwd: Forensic Analysis of the ChatSecure Android

Hans-Christoph Steiner hans at guardianproject.info
Wed Oct 26 16:22:01 EDT 2016 

I get it now, this paper was published in "Digital Investigation", so
its basically a howto manual for getting the data from ChatSecure in a
forensically sound way.  So to us, it looks blatantly obvious, since we
work on that app.  Doesn't seem to say anything that we don't know
already, e.g. CacheWord can be defeated if the adversary has root on the
device.

Its an interesting read for the stuff about "data acquisition" using
devices like the Cellebrite UFED.  They have techniques to dump the RAM
of the device, then scan for the cached encryption key (LiME[1] and
Volatility).  Seems like that technique requires root.

"...we use LiME (504ENSICS Labs, 2016) to dump the contents of the
volatile memory of the AVDs used in the experiments, and Volatility
(Volatil-
ity Foundation, 2016) to analyze these dumps. We perform memory analysis
experiments only for the ARM architecture (row 1 of Table 1) since, at the
moment of this writing, LiME supports this architecture only.  Note that in
order to work, LiME requires the device to be rooted."

Perhaps this is news to us, though it was a goal of ours:

"the data stored in the databases cannot be recovered after having been
deleted, as a consequence of the secure deletion technique adopted by
SQLCipher."

[1] https://github.com/504ensicsLabs/LiME

.hc

Hans-Christoph Steiner:
> 
> Wait, what?  Did they really just include this sentence in their abstract:
> 
> "we devise a technique able to decrypt them when the secret passphrase,
> chosen by the user as the initial step of the encryption process, is
> known. "
> 
> Am I wrong in reading this as:
> "we can unlock chatsecure when we know the password"
> 
> .hc
> 
> Chris Ballinger:
>> This looks like a silly report, and would apply to any other app using
>> SQLCipher in a long running process, and in this case it's required to
>> receive messages in the background. From a quick read it looks like the
>> same passphrase is stored twice in memory for both the media and message
>> store which helps their recovery process, but once you have physical access
>> to a decrypted device in USB debugger mode there's all sorts of other ways
>> you can recover it.
>>
>>
>>> we devise
>>> a technique able to decrypt them when the secret passphrase, chosen by
>>> the user as the initial step of the encryption process, is known.
>>
>>
>> It's pretty obvious how you'd decrypt a SQLCipher database when the
>> passphrase is known.
>>
>> Furthermore, we show how this passphrase can be identified and extracted
>>> from the volatile memory of the device, where it persists for the entire
>>> execution of ChatSecure after having been entered by the user, thus
>>> allowing one to carry out decryption even if the passphrase is not
>>> revealed by the user.
>>
>>
>> This is how encrypted databases work and there's not really a way around
>> it. You can encrypt the key in memory, but then you gotta keep the key for
>> the key somewhere else in memory. Even on iOS where you can store keys in
>> the device keychain, when the database is active the key needs to be in
>> memory somewhere.
>>
>> Finally, we discuss how to analyze and correlate the data stored in the
>>> databases used by ChatSecure to identify the IM accounts used by the
>>> user and his/her buddies to communicate, as well as to reconstruct the
>>> chronology and contents of the messages and files that have been
>>> exchanged among them.
>>
>>
>> It's pretty easy to dump SQL tables..
>>
>>
>>
>>
>>
>>
>> On Wed, Oct 26, 2016 at 10:23 AM, Nathan of Guardian <
>> nathan at guardianproject.info> wrote:
>>
>>> A great publication that really looks into detail on how we use
>>> SQLCipher, IOCipher and CacheWord in ChatSecure Android, and many other
>>> apps.
>>>
>>> Any thoughts on possible improvements to key management, data
>>> reducation, etc, would be great to hear.
>>>
>>> ***
>>>
>>> Tweet: https://twitter.com/arxiv_org/status/790671148002398208
>>>
>>> and publication:
>>> https://arxiv.org/abs/1610.06721
>>>
>>> Forensic Analysis of the ChatSecure Instant Messaging Application on
>>> Android Smartphones
>>>
>>> Cosimo Anglano, Massimo Canonico, Marco Guazzone
>>> (Submitted on 21 Oct 2016)
>>> We present the forensic analysis of the artifacts generated on Android
>>> smartphones by ChatSecure, a secure Instant Messaging application that
>>> provides strong encryption for transmitted and locally-stored data to
>>> ensure the privacy of its users.
>>> We show that ChatSecure stores local copies of both exchanged messages
>>> and files into two distinct, AES-256 encrypted databases, and we devise
>>> a technique able to decrypt them when the secret passphrase, chosen by
>>> the user as the initial step of the encryption process, is known.
>>> Furthermore, we show how this passphrase can be identified and extracted
>>> from the volatile memory of the device, where it persists for the entire
>>> execution of ChatSecure after having been entered by the user, thus
>>> allowing one to carry out decryption even if the passphrase is not
>>> revealed by the user.
>>> Finally, we discuss how to analyze and correlate the data stored in the
>>> databases used by ChatSecure to identify the IM accounts used by the
>>> user and his/her buddies to communicate, as well as to reconstruct the
>>> chronology and contents of the messages and files that have been
>>> exchanged among them.
>>> For our study we devise and use an experimental methodology, based on
>>> the use of emulated devices, that provides a very high degree of
>>> reproducibility of the results, and we validate the results it yields
>>> against those obtained from real smartphones.
>>>
>>>
>>>
>>> --
>>>   Nathan of Guardian
>>>   nathan at guardianproject.info
>>> _______________________________________________
>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
>>>
>>
>>
>>
>> _______________________________________________
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
>>
> 

-- 
PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556

More information about the guardian-dev mailing list