Enhancement #22195: [CSMS 15993 ][iOS][Device Binding Pentest] Device Binding Login Bypass - BIBD 3.9.14 - S-MADP Customer Support & Information Center

Enhancement #22195

[CSMS 15993 ][iOS][Device Binding Pentest] Device Binding Login Bypass

Added by Feerman Yusoff about 2 months ago. Updated about 1 month ago.

Status:

Closed

Start date:

11 June 2025

Priority:

High

Due date:

Assignee:

Feerman Yusoff

% Done:

100%

Category:

Spent time:

3.00 hours

Target version:

Description

Device Binding Updated flow:
1. Backend generates an RSA key pair (public/private) and pass the public key value to FE through loginInternetPin API response
new tag param eg: alias.
2. Frontend retrieves the public key from the backend from loginInternetPin API response.
3. Frontend generates a random AES key (for that session or request).
4. Frontend encrypt device ID|transactionDate (or any other unique values) using AES key.
5. Frontend encrypt AES key using RSA public key.
6. Frontend send encrypted device ID and encrypted AES key to backend.
7. Backend decrypt AES key using RSA private key.
8. Backend decrypt device ID using the decrypted AES key and omit the symbol | and transactionDate values.
9. Backend compare the decrypted and omitted value with MIB DB.

History

#1 Updated by Yeow Yui Chuang about 2 months ago

Assignee changed from Yeow Yui Chuang to Feerman Yusoff
% Done changed from 0 to 100

r237763 | yeowyc | 2025-06-13 09:15:47 +0000 | 1 line
Changed paths:
A /BIBD/BIBDFrontEnd/iOS/BIBD (old)/branches/3.9.14.2_CSMS_15993/BIBD Components/CryptoHelper
A /BIBD/BIBDFrontEnd/iOS/BIBD (old)/branches/3.9.14.2_CSMS_15993/BIBD Components/CryptoHelper/CryptoHelper.h
A /BIBD/BIBDFrontEnd/iOS/BIBD (old)/branches/3.9.14.2_CSMS_15993/BIBD Components/CryptoHelper/CryptoHelper.m
A /BIBD/BIBDFrontEnd/iOS/BIBD (old)/branches/3.9.14.2_CSMS_15993/BIBD Components/CryptoKitWrapper.swift
M /BIBD/BIBDFrontEnd/iOS/BIBD (old)/branches/3.9.14.2_CSMS_15993/PasswordScreenController.m
M /BIBD/BIBDFrontEnd/iOS/BIBD (old)/branches/3.9.14.2_CSMS_15993/TabBarApp.xcodeproj/project.pbxproj
M /BIBD/BIBDFrontEnd/iOS/BIBD (old)/branches/3.9.14.2_CSMS_15993/TabBarApp/LoginViewController.m
M /BIBD/BIBDFrontEnd/iOS/BIBD (old)/branches/3.9.14.2_CSMS_15993/TabBarApp/RegistrationCreatePassword.m
M /BIBD/BIBDFrontEnd/iOS/BIBD (old)/branches/3.9.14.2_CSMS_15993/TabBarApp/TabBarAppAppDelegate.h
M /BIBD/BIBDFrontEnd/iOS/BIBD (old)/branches/3.9.14.2_CSMS_15993/TabBarApp/TabBarAppAppDelegate.m
M /BIBD/BIBDFrontEnd/iOS/BIBD (old)/branches/3.9.14.2_CSMS_15993/TabBarApp/TokenScreenController.m

Enhancement #22195 Device Binding Login Bypass

#2 Updated by Feerman Yusoff about 1 month ago

Status changed from New to Closed

Tested good for BAU device binding, UAT provided

Also available in: Atom PDF

BIBD (Bank Islam Brunei Darussalam) » BIBD Mobile » BIBD 3.9.14

Issues

Custom queries