Windows Mobile Application Security – Part II

Jul 31, 2021 3 min read

Now Next Step is accessing an application internal storage

Accessing Internal Storage of application using reg editor

Windows do not allow access to the internal storage of its application even when the “mass storage” mode is enabled.

Not Able to Access Internal Storage of Application

Failed To Access Internal Storage of Application Windows

To get an access to the internal storage we need to perform an “Interop Unlock”.
For an Interop Unlock there are various procedures mentioned in the “xda-developers” forum.
I have used simple techniques which allows an Interop unlock on windows Lumia 920 without using SD Card.

Below are the steps for the same (SD Card is not required):

Deploy the Application “vcREG_1_2_BOOTSTRAP.xap” using Application Deployment Tool found on location “C:\Program Files (x86) \Microsoft SDKs\Windows Phone\v8.1\Tools\AppDeploy”
Go to “settings” menu in the windows device, scroll download and select the highlighted application as shown in below screenshot. It will launch Lumia Registry Editor, now go to “template” menu

Go to Templates Setting on Windows Phone

Now reconnect the device with USB J
Now you can access the internal storage of the application that is being mounted on your system.
Internal Applications Storage Location: Phone\Data\PROGRAMS\{GUID}

Performing Static Analysis of XAP File

XAP is the file format used to distribute and install application software and middleware onto Microsoft’s Windows Phone 7/8/8.1/10 operating system
(Note: XAP can be installed on mobile device with the help of Application Deployment tool provided by Microsoft.)
STATIC ANALYSIS IF THE XAP FILE IS PROVIDED

Extracting XAP file is similar to APK extraction method.
Rename XAP extension with Zip and Extract the file

Static Analysis of the Store Application

Microsoft Store do not provide any XAP file to download to check its content.
We need to perform below activities for extracting internal content of the application:

Install the application using Microsoft Store and traverse to the location
” Phone\Data\PROGRAMS\{GUID}”
Note: GUID is application identifier.
Now we can see the application file including DLL file.

Accessing Internal Storage of Application to Extract XAP Content

DE-COMPILE DLL File

Most of XAP files contains DLL file and other resources.
DLL file can be decompiled using the various available tool.
I have used ILSpy_Master portable tool for decompiling DLL file.

Verify the Application Permission (Review WMAppManifest)

In Windows Phone, capabilities notify the end user of the security or privacy critical functionality required by the application. Capabilities are also used to provide the security of the least privilege chamber (LPC) and reduce the attack surface by only provisioning ACLs for what the application requires. The capabilities are configured based on the application requirement. Based on this capabilities must be reviewed. Application should only be assigned capabilities which are required to perform their functionality and any unused capabilities should be removed.

Note: You must mark the appropriate capabilities in the manifest file so that the user is correctly notified of the functionality that application uses. If you don’t mark the correct capabilities, your app may exit unexpectedly when it is being installed on a user phone.

Capabilities
https://msdn.microsoft.com/en-us/library/windows/apps/jj206936(v=vs.105).aspx