:::: MENU ::::

Dawit's Tech Blog

My name is Dawit and I write about Technology stuffs.

Posts Categorized / Social Media

  • Jan 28 / 2017
  • 0
InfoSec, Security, Social Media, Traffic Analysis

WeChat Android Application Traffic Analysis and Pattern/Signature Extraction

Nowadays, many media-rich entertainment and Communication applications have emerged on the Internet, which often use obfuscation techniques such as encrypted data transmission, random/changing ports, or proprietary communication protocols to prevent detection or filtering by network or content owners who believe the traffic is threatening their (infrastructural, service availability or intellectual) property and as a norm many of the application adopt Open Source based application development i.e. the protocols, libraries, databases and platforms they use are almost similar, widely used and few features proprietary. For example, WeChat they have tried to use standard ports (TCP & UDP) but the packet structure is different from the actual HTTP and HTTPS, and Random Ports.

Instant messaging (IM) has become one of the main applications of mobile phones, with plenty of “apps” available and literally billions of messages exchanged every day. With the widespread diffusion of mobile Internet traffic plans, IM and VoIP applications are rapidly replacing other forms of mobile communication, such as text messages, voice data/calls and, in some situations, even e-mails. As conversations are rapidly converging to IM applications, it is natural to start asking how secure this communication channel actually is, and if users can really trust IM apps and their back-end infrastructure. I decided to pick one of these applications and look “under the hood”, in order to see how the developers tried to ensure the confidentiality of in-transit communications.

WeChat is a feature-rich and sophisticated mobile application, which allows users to communicate via text messages, video and voice calls, to share photos and attach recorded voice/videos Msgs, and much more. The app is available for several mobile platforms. Why WeChat? According to Google Play Store as of Sept 2016, WeChat for Android alone has more than 500 million downloads. and it has been advertised on International TV Channels (DStv and others).

WeChat Version 6.3.22 (Latest Version)

  • Signaling VoIP
    • Udp port == 8080, 80
      • Offset[0] ==0xa1
      • Offset[1] ==0x08
      • Offset[7] ==0x10
      • Offset[9] ==0x18
      • Offset[10] ==0x28
      • Offset[11] ==0x22
      • Offset[12] ==0x28
    • Udp port == 32780, 34003, 40768, 42410, 40049
      • Offset[0] ==0xa3
      • Offset[5] ==0x08
      • Offset[11] ==0x10
      • Offset[13] ==0x18
      • Offset[14] ==0x28
      • Offset[15] ==0x22
      • Offset[16] ==0x28

Continue Reading

  • Oct 17 / 2016
  • 3
InfoSec, Security, Social Media, Traffic Analysis

WeChat Android Application Traffic Analysis and Pattern/Signature Extraction

Nowadays, many media-rich entertainment and Communication applications have emerged on the Internet, which often use obfuscation techniques such as encrypted data transmission, random/changing ports, or proprietary communication protocols to prevent detection or filtering by network or content owners who believe the traffic is threatening their (infrastructural, service availability or intellectual) property and as a norm many of the application adopt Open Source based application development i.e. the protocols, libraries, databases and platforms they use are almost similar, widely used and few features proprietary.For example, wechat they have tried to use standard ports (TCP & UDP) and Random Ports but the packet structure is different from the actual HTTP and HTTPS.

Instant messaging (IM) has become one of the main applications of mobile phones, with plenty of “apps” available and literally billions of messages exchanged every day. With the widespread diffusion of mobile Internet traffic plans, IM and VoIP applications are rapidly replacing other forms of mobile communication, such as text messages, voice data/calls and, in some situations, even e-mails. As conversations are rapidly converging to IM applications, it is natural to start asking how secure this communication channel actually is, and if users can really trust IM apps and their back-end infrastructure. I decided to pick one of these applications and look “under the hood”, in order to see how the developers tried to ensure the confidentiality of in-transit communications.

WeChat is a feature-rich and sophisticated mobile application, which allows users to communicate via text messages, video and voice calls, to share photos and attach recorded voice/videos Msgs, and much more. The app is available for several mobile platforms. According to Google Play Store as of Sept 2016, WeChat for Android alone has more than 500 million downloads. and it has been advertised on International TV Channels (DStv and others).

WeChat Version 6.3.22 (Latest Version)

  • Signaling VoIP
    • Udp port == 8080, 80
      • Offset[0] ==0xa1
      • Offset[1] ==0x08
      • Offset[7] ==0x10
      • Offset[9] ==0x18
      • Offset[10] ==0x28
      • Offset[11] ==0x22
      • Offset[12] ==0x28
    • Udp port == 32780, 34003, 40768, 42410, 40049
      • Offset[0] ==0xa3
      • Offset[5] ==0x08
      • Offset[11] ==0x10
      • Offset[13] ==0x18
      • Offset[14] ==0x28
      • Offset[15] ==0x22
      • Offset[16] ==0x28

Continue Reading