Penetration testing

Sideloading

Srinivas
November 11, 2016 by
Srinivas

Introduction and Background:

In the First article of the series, we have covered the introduction and background required to start learning Windows Mobile Application Penetration Testing. We have also seen the requirements for setting up Windows Phone 8.1 emulators as well as Windows 10 mobile emulators. In the previous article, we have discussed how Windows Phone 8.1 apps and UWP apps are built, and we have also explored the appx files. In this article, we will discuss techniques available for installing developer provided apps on Windows 8.1 as well as Windows 10.

Traditionally, users have to download their apps from the Windows Store to install them on their devices. This is the most common way of downloading apps on to the devices though there are other official ways provided by Microsoft such as Company App Distribution wherein users can get and install apps from their organization. But, as mentioned in the previous article, Apps downloaded from the Windows Store are DRM protected, and we need to be able to install apps given by developers. This is where Developer Sideloading comes into the picture.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Developer Sideloading is a way, where users can install apps packaged by the developers on to their devices without going through the store signing process. The process of installing apps onto the Windows 10 mobile is different from Windows Phone 8.1. It also changes, when it comes to Windows Phone 8.1 emulators, as it doesn't require any additional steps. Let us discuss how one can install apps in all these cases.

Developer Sideloading in Windows Phone 8.1:

Assuming that you have a Windows Phone 8.1 application to be tested, you now need to know where to install it and how to install it. The two obvious options are a real device and an emulator.

Let us begin with a real device.

By default, we cannot install third party apps on Windows Phone 8.1. You need to carry out developer unlocking process to be able to install apps onto the device. This feature is required for developers to be able to test their apps on a real device before submitting them to the Windows Store. So, Let us see how to do it.

Developer unlocking your Phone running Windows 8.1:

1. Connect your Phone running Windows 8.1 to your PC and launch PhoneReg tool that comes pre-installed with Windows 8.1 SDK. Usually, this is found in the following directory:

"C:Program Files (x86)Microsoft SDKsWindows Phonev8.1ToolsPhone Registration"

This looks as shown in the figure below.


2. As you can see in the above figure, it is shown that the status is "Identified Windows Phone device." So everything is fine so far. Click Register button.

This will bring a Sign In window as shown in the following figure.


If you have an existing account with Microsoft, Sign In using it. If not, create a new one and Sign In using it. You may need to activate the account using the email id provided during the account creation process. So, make sure that you have access to the email you are providing.

3. If everything goes fine, you should see the following message saying "Congratulations! You have successfully unlocked your Windows Phone".

4. Nice!. We now have a developer unlocked device. We can deploy the packages and run them on the device. The packages being deployed do not need to be signed. Just create a package from Visual Studio and deploy it on to the device using AppDeploy.exe tool that comes with Windows Phone 8.1 SDK.

Sideloading apps on Windows Phone 8.1:

We have an unlocked device now. Let us see how one can install apps using the AppDeploy.exe utility, which can be found at the following location.

"C:Program Files (x86)Microsoft SDKsWindows Phonev8.1ToolsAppDeploy"

Connect your unlocked phone to the PC via USB and launch AppDeploy.exe. This looks as shown in the figure below.

Choose Target as "Device" and select the application to be installed. Next, click Deploy. You should see the following window saying "app deployment complete."

You may see an error "Error – The specified module could not be found." if you are trying this immediately after unlocking your device.

If you see this error, leave your phone for some time connected to the Internet and try again later. It should work!

Check your Phone for HelloWorldinfosec8.1 app and launch it. You will see the following screen on your Phone.

Sideloading apps on Windows Phone 8.1 emulator:

Installing apps on an emulator only requires the second step we discussed previously i.e. application deployment. Simply launch AppDeploy.exe tool and select the emulator running with Windows 8.1 and choose the app to be deployed. Finally, click Deploy. The app will be deployed. This looks as shown in the figure below.

Developer Sideloading UWP apps:

Windows mobile platform is known to be a closed environment compared to Android & iOS. Surprisingly, Windows 10 has introduced lots of new features to provide hassle free experience to developers. Some of them include,

1. Developer unlocking process is removed, and it is not required on your Windows 10 mobiles anymore.

2. You can sideload UWP apps on any Windows 10 device just by turning developer mode on.

3. Web Interface for deploying/uninstalling apps, monitoring performance, exploring app specific data on the device, etc. – USB, Localhost, local network J

The only requirement for the apps to run on any device is to package the apps and get Developer mode turned on before installing them.

So, We need to enable developer mode before installing an application.

Enabling Developer Mode in Windows 10 Desktop:

Developer mode can be enabled by doing the following steps.

Navigate to Windows Start Button | Settings (icon) | Update & Security.

Now, you should see the following screen.


Choose Developer mode, and you will be shown with the following warning.

Click Yes, and that's all.

As shown in the above figure, your developer mode has been enabled. Your PC is now ready to run the apps.

Enabling Developer Mode in Windows 10 mobile:

Now, let us see how to enable developer mode in Windows 10 mobile. The process is similar to how we enabled it previously on the PC.

First, launch Settings App and then choose Update & security. This will bring the following screen up.

Tap For developers and you will be on the following screen, where you can choose Developer mode.

Nice, now we know how to get our devices ready for testing the applications. Let us see how to install the applications in all of these platforms (Desktop, real mobile device, and mobile emulators).

Deploying apps on Windows 10 Desktop:

Only one step. Identify the appx file in your package and give a double click on it. You should be able to run it. A successful installation of a developer provided app after enabling developer mode should look as shown in the figure below.

Deploying apps on Windows 10 Mobile emulators and real devices:

In Windows 10 mobile device family, it is possible to turn on device portal after enabling developer mode. When device portal is enabled, it will allow users to access it through the browser. We will see the steps to install an app in the emulator running Windows 10 here. The same process goes to a real device.

If you are trying to install a Windows Phone 8.1 app in Windows 10 mobile emulator, you can use AppDeploy.exe with the same steps as shown earlier. The process is slightly different with UWP apps.

To install the apps on Windows 10 mobile devices/emulators, you may follow the steps shown here.

Turn developer mode on as shown in the previous section.

Navigate to Settings | Update & security | For developers and turn Device discovery on as shown in the figure below.

Within the same screen, scroll down and turn Device Portal on and also make sure that authentication is turned on. This feature can be dangerous if you are in a public network such as coffee shop, so it is recommended to have Authentication option turned on. You can also choose not to have authentication if you wish.

As you can see in the above figure, the device portal is now available at https://172.16.80.2. This will also be accessible over USB (http://127.0.0.1:10080 - access it on the PC) and localhost (http://127.0.0.1 - access it on the device.)

Launch a browser on your PC and access the IP address was shown. The application will now be accessible, but it requires the PIN to log in as shown in the figure below.

You can go back to your device and click Pair under Device discovery to get the PIN for pairing. This looks as shown in the following figure.

After entering the PIN, you should be able to log in, and the following page will greet you.

Though there are multiple utilities available on this portal, we will only focus on Apps in this article. We will discuss others later.

After the pairing is done, your device will also show you the number of devices it is paired with. You can always disable the Device discovery if you notice anything suspicious on your device while it is turned on.

Let us go back to the portal and click Apps, and you should see the following page.

As you can see in the above figure, we have the option to install apps here. So, let us choose the main appx package under App package section and add the dependencies below it as shown in the figure below. The dependencies can be found inside Dependences directory of your app package.

Click Go, and you should see the following screen if the installation is successful.

Let us go back to the device and check if the app is installed.

Nice! The app has been installed.

We can also use WinAppDeployCmd.exe tool to sideload the apps on Windows 10 mobile. You may go through the following link for more information about it.

https://blogs.windows.com/buildingapps/2015/07/09/just-released-windows-10-application-deployment-tool/#5mEoUzAmHf4qAQEz.97

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Conclusion:

In this article, we have discussed Sideloading concepts associated with Windows Phone 8.1 apps and UWP apps. To summarize the discussion,

  • Windows 8.1 Phones have to be developer unlocked for Sideloading the apps.
  • Windows 8.1 emulators do not require additional steps for Sideloading the apps.
  • Windows Phone 8.1 apps can be installed on Windows 10 mobile emulators using the same steps used for Windows 8.1 emulators (I did not test it on real devices running Windows 10).
  • Windows 10 mobile/emulator require being paired with the PC after developer mode is turned to sideload the apps (WinAppDeploycmd.exe can also be used).
  • Windows 10 Desktop requires developer mode to be enabled to sideload the apps.
Srinivas
Srinivas

Srinivas is an Information Security professional with 4 years of industry experience in Web, Mobile and Infrastructure Penetration Testing. He is currently a security researcher at Infosec Institute Inc. He holds Offensive Security Certified Professional(OSCP) Certification. He blogs atwww.androidpentesting.com. Email: srini0x00@gmail.com