GitHunt
GR

gremwell/wp8pentesting

Windows Phone 8(.1) Pentesting Tools

mobile-securitypentestingwindows-phonewindows-phone-8-1

Windows Phone 8(.1) Pentesting Tools

Penetration testing Windows Phone 8(.1) devices and applications.

Installation

The script rely on appy module, you can install it using pip:

$ pip install -r requirements.txt

If you plan on using the decompile command, you'll need to install ILSpy.

Setup is more tricky on Linux because you need Mono to compile C# code. Should works like a charm if you follow these instructions:

  1. Install Mono following instructions
  2. Compile ILSpy for Mono by executing cd wp8pentesting/decompiler && make

Usage

Prior to executing any of those commands, you'll need to boot a jailbroken Huawei Ascend W1 device in storage mode (Power + Vol-) and mount the device on your test machine.

List all apps

List name and version of applications installed on device.

$ python wp.py /mnt/wp8 list
[-] @Resources/Title/AppResLib.dll,-101 (1.0.0.0)
[-] @Resources/Tilte/AppResLib.dll,-101 (1.0.0.0)
[-] @Resources/TitleResources/TitleResources.dll,-101 (1.0.0.0)
[-] Apps@Work (9.0.0.5)
[-] IE (1.0.0.3)
[-] OneDrive (3.5.0.0)
[-] @Resources\AppResLib.dll,-100 (2.0.1403.2)
[-] @Resources\AppResLib.dll,-100 (2.6.185.0)
[-] @Resources\AppResLib.dll,-100 (2.5.3995.0)

Backup application

Backup binaries and isolated storage to analysis/GUID/code and analysis/GUID/storage, respectively.

$ python wp.py /mnt/wp8 backup Apps@Work
Title: Apps@Work
Author: MobileIron
Publisher: MobileIron
Version: 9.0.0.5
Description:
Runtime: Silverlight
GUID: {F632C2FB-5C10-47ED-8F8A-0B95E029D7E1}
Capabilities
	- ID_CAP_NETWORKING
	- ID_CAP_IDENTITY_DEVICE
	- ID_CAP_PUSH_NOTIFICATION
Package: /mnt/wp8/PROGRAMS/{F632C2FB-5C10-47ED-8F8A-0B95E029D7E1}
Local storage: /mnt/wp8/Users/DefApps/APPDATA/{F632C2FB-5C10-47ED-8F8A-0B95E029D7E1}

Backing up 'Apps@Work' installation directory ...
Backing up 'Apps@Work' local storage directory ...

Decompile binaries

Decompile backed up binaries from analysis/GUID/code into analysis/GUID/decompiled using ILSpy decompiler

$ python wp.py /mnt/wp8 decompile Apps@Work
[+] Starting decompilation (this can take a while) ...

Languages

C#98.8%TeX1.0%HTML0.1%Smalltalk0.1%Python0.1%Batchfile0.0%Makefile0.0%

Contributors

QK
GNU General Public License v3.0
Created July 4, 2018
Updated August 12, 2024