<--

Weak Randomness in Android's DNS Resolver

Aleph Research Advisory

Identifier

Severity

High

Product

Android

Technical Details

The code that is in charge of the DNS resolution can be found under Android’s libc implementation (aka ‘bionic’). Android provides source port and TXID randomization by calling the function res_randomid, which returns a 16bit integer:

u_int
res_randomid(void) {
    struct timeval now;
    gettimeofday(&now, NULL);
    return (0xffff & (now.tv_sec ^ now.tv_usec ^ getpid()));
}

It can be seen that the returned value is a XOR operation of the fraction of the current time in microseconds, the current time in seconds and the process ID:

\(random_{id}=WORD(time_{\mu sec} \oplus time_{sec} \oplus pid)\).

Both the TXID and source port values are generated by this PRNG. Since both calls to the PRNG function occur successively, the returned values are very much correlated to each other. This yields a feasible attack expected time as shown in the paper.

Timeline

Credit

External References