SlideShare uma empresa Scribd logo

Android Hacking

A
antitree

Slides from a presentation at the Rochester Security Summit.

Tecnologia
1 de 40
Tools and Techniques Related To 1
 RIT Alum  Intrepidus Group  Interlock Rochester  Rochester 2600  TOOOL  BSidesROC @antitree antitree.com 2
 Android Introduction  Tools For Hackers  Analysis Techniques  Examples  How to be “secure” 3
Other, Honeycomb Cupcake 1% Donut 6% 1% 2% Blackberry, 9% Eclair 15% Gingerbread 25% iOS, 28% Android, 56% Froyo 56% 4
 Linux 2.6  Dalvik Virtual Machine – new instance for each app  DEX – Dalvik byte code  APK - zip  AndroidManifest.xml Dalvik Java APK Byte Code 6
Linux Angry Birds app_42 Dalvik VM Instances
 Intents – inter process communication  Activities - screen  Content Providers – sqlite3 database  Services – background processes  Broadcasts – send and receive info to other apps 8
• Dynamic Network Analysis • Static Code Review • File System Auditing 9
 Android SDK  ADB  DDMS  Emulator  Apktool  Smali/Baksmali  Dex2jar  Java Decompiler (e.g. JAD or JD-GUI)  Mallory  Burpsuite  Wireshark 10
 Java source code vs Smali files vs DEX vs jar vs pseudocode  Android development  Java  Linux 11
12
 Watch Traffic flow through a MITM  Things to look for:  Information being passed in the clear  SSL usage and whether it’s done correctly  Results of modifying requests and responses  Authentication process 13
Wireless Router Emulator PPTP server DDWRT/TOMATOE Android SDK PPTPD Usually need a clunky device Sometimes doesn’t act the Dedicated server way you want it 14
#!/bin/bash # firewall script to intercept all traffic from ppp0 and redirect to local port # all credit to the great algorythm echo 1 > /proc/sys/net/ipv4/ip_forward iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t nat -A PREROUTING -j REDIRECT -i ppp0 -p tcp --dport 80 -m tcp --to-ports 8080 iptables -t nat -A PREROUTING -j REDIRECT -i ppp0 -p tcp --dport 443 -m tcp --to- ports 8080 15
 Wireshark  Initial traffic fingerprinting  Burpsuite  Great for HTTP/S traffic  Mallory  Great for nonspecific protocols 16
17
 Audit how data is stored  Things to look for:  Incorrect permissions  Storage location (data, sdcard, asec)  Tools  Adb shell  Standard linux commands  [Root exploit and busybox] 18
19
20
 See how the app works through pseudocode  Things to look for:  Overall understanding of the app  Cryptographic functions  Debug/Testing functions  Client side authentication 21
 Tools:  Apktool d com.antitree.app  Smali path/to/smali/files/  Dex2jar out.dex  Jd-gui out_dex2jar.jar APK DEX Jar Pseudocode Smali 22
Reverse engineering is neat
24
25
But what does it mean? 26
 Skype: 4/11  Permissions error allowed a malicious app to access contacts and personal information  Google: 6/11  Session information passed in the clear made it susceptible to hijacking  Dropbox: 8/11  An attempt to share data granted any app to the ability to make file public 27
 HTC: 10/11  Spyware Logging app found to be accessible to any app with the network connection permission ▪ GPS coordinates ▪ MEID, MDN ▪ phone logs ▪ MUCH more  *#*#HTCLOG#*#* 28
100,000 installations 29
 File System Permissions Set to 777  Access saved sessions  Modify included binaries  Why: Lazy permissions  How discovered: file system permission review 30
SSHUNTUNNEL
 Shares information  Controls permissions  Tool: Android Manifest Auditor Code Name: The Jaku 32
33
1. Insecure Data Storage 2. Weak Server Side Controls 3. Insufficient Transport Layer Protection 4. Client Side Injection 5. Poor Authorization and Authentication 6. Improper Session Handling 7. Security Decisions Via Untrusted Inputs 8. Side Channel Data Leakage 9. Broken Cryptography 10. Sensitive Information Disclosure 34
 Deploy mobile device management solution  Zenprise, MobileIron, (Google?)  Train your users – don’t give in  Audit your devices  Are users following best practices?  What apps are installed?  Require mobile security solution  Lookout, WaveSecure, NetQin 35
 Audit your apps!  Check permissions  Check source code  Analyze your traffic  Think before you Root  Security Software  Remote wipe  Malware detection 36
Coincidence? 37
Slides and app available at www.antitree.com 38
 http://www.intrepidusgroup.com/insight/  http://code.google.com/p/android-apktool/  http://code.google.com/p/smali/  http://code.google.com/p/dex2jar/  http://java.decompiler.free.fr/?q=jdgui  http://developer.android.com/sdk 39
40

Recomendados

Mobile security
Mobile securityMobile security
Mobile security
dilipdubey5
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
Nemwos
 
Mobile security
Mobile securityMobile security
Mobile security
priyanka pandey
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
Lookout
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Akash Dhiman
 
Computer Security 101
Computer Security 101Computer Security 101
Computer Security 101
Progressive Integrations
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
MarketingArrowECS_CZ
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
Ishan Girdhar
 

Recomendados

Mobile security
Mobile securityMobile security
Mobile security
dilipdubey5
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
Nemwos
 
Mobile security
Mobile securityMobile security
Mobile security
priyanka pandey
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
Lookout
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Akash Dhiman
 
Computer Security 101
Computer Security 101Computer Security 101
Computer Security 101
Progressive Integrations
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
MarketingArrowECS_CZ
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
Ishan Girdhar
 
Mobile security
Mobile securityMobile security
Mobile security
Mphasis
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
NowSecure
 
Mobile security
Mobile securityMobile security
Mobile security
Tapan Khilar
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
Subho Halder
 
Hacking Android OS
Hacking Android OSHacking Android OS
Hacking Android OS
Jimmy Software
 
Cyber security
Cyber securityCyber security
Cyber security
Debaroy1995
 
Mobile protection
Mobile protection Mobile protection
Mobile protection
preetpatel72
 
Mobile phone Data Hacking
Mobile phone Data HackingMobile phone Data Hacking
Mobile phone Data Hacking
Md Abu Syeem Dipu
 
Pegasus, A spyware
Pegasus, A spywarePegasus, A spyware
Pegasus, A spyware
Manash Kumar Mondal
 
MOBILE PHONE SECURITY./ MOBILE SECURITY
MOBILE PHONE SECURITY./ MOBILE SECURITYMOBILE PHONE SECURITY./ MOBILE SECURITY
MOBILE PHONE SECURITY./ MOBILE SECURITY
JASHU JASWANTH
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile security
Pushkar Pashupat
 
Android Device Hardening
Android Device HardeningAndroid Device Hardening
Android Device Hardening
anupriti
 
Mobile security
Mobile securityMobile security
Mobile security
Naveen Kumar
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
Shivam Lohiya
 
Android security
Android securityAndroid security
Android security
Midhun P Gopi
 
Cybersecurity PowerPoint Presentation
Cybersecurity PowerPoint PresentationCybersecurity PowerPoint Presentation
Cybersecurity PowerPoint Presentation
Ritik Kumar
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Vivek Agarwal
 
Cyber safe girl e book
Cyber safe girl e bookCyber safe girl e book
Cyber safe girl e book
Mukarram Dhorajiwala
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
Cláudio André
 
Cyber warfare
Cyber warfareCyber warfare
Cyber warfare
VedangiBrahmbhatt
 
Mobile Hacking
Mobile HackingMobile Hacking
Mobile Hacking
Novizul Evendi
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
giridhar_sadasivuni
 

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Mobile security
Mobile securityMobile security
Mobile security
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
 
Mobile security
Mobile securityMobile security
Mobile security
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
 
Hacking Android OS
Hacking Android OSHacking Android OS
Hacking Android OS
 
Cyber security
Cyber securityCyber security
Cyber security
 
Mobile protection
Mobile protection Mobile protection
Mobile protection
 
Mobile phone Data Hacking
Mobile phone Data HackingMobile phone Data Hacking
Mobile phone Data Hacking
 
Pegasus, A spyware
Pegasus, A spywarePegasus, A spyware
Pegasus, A spyware
 
MOBILE PHONE SECURITY./ MOBILE SECURITY
MOBILE PHONE SECURITY./ MOBILE SECURITYMOBILE PHONE SECURITY./ MOBILE SECURITY
MOBILE PHONE SECURITY./ MOBILE SECURITY
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile security
 
Android Device Hardening
Android Device HardeningAndroid Device Hardening
Android Device Hardening
 
Mobile security
Mobile securityMobile security
Mobile security
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Android security
Android securityAndroid security
Android security
 
Cybersecurity PowerPoint Presentation
Cybersecurity PowerPoint PresentationCybersecurity PowerPoint Presentation
Cybersecurity PowerPoint Presentation
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber safe girl e book
Cyber safe girl e bookCyber safe girl e book
Cyber safe girl e book
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 
Cyber warfare
Cyber warfareCyber warfare
Cyber warfare
 

Destaque

Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testing
Santhosh Kumar
 
Android Forensics: Exploring Android Internals and Android Apps
Android Forensics: Exploring Android Internals and Android AppsAndroid Forensics: Exploring Android Internals and Android Apps
Android Forensics: Exploring Android Internals and Android Apps
Moe Tanabian
 

Destaque (20)

Mobile Hacking
Mobile HackingMobile Hacking
Mobile Hacking
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Growth Hacking For Mobile - Hack 2 Validate & Hack 2 Grow
Growth Hacking For Mobile - Hack 2 Validate & Hack 2 GrowGrowth Hacking For Mobile - Hack 2 Validate & Hack 2 Grow
Growth Hacking For Mobile - Hack 2 Validate & Hack 2 Grow
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting
 
Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testing
 
The art of android hacking
The art of android hackingThe art of android hacking
The art of android hacking
 
Android Forensics: Exploring Android Internals and Android Apps
Android Forensics: Exploring Android Internals and Android AppsAndroid Forensics: Exploring Android Internals and Android Apps
Android Forensics: Exploring Android Internals and Android Apps
 
Stealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker wayStealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker way
 
WhatsApp Forensic
WhatsApp ForensicWhatsApp Forensic
WhatsApp Forensic
 
Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile Apps
 
Learning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorialLearning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorial
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern times
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Booting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot imagesBooting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot images
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its types
 
ZaCon 4 (2012) - Game Hacking
ZaCon 4 (2012) - Game HackingZaCon 4 (2012) - Game Hacking
ZaCon 4 (2012) - Game Hacking
 
Viruses
VirusesViruses
Viruses
 
Android Attacks
Android AttacksAndroid Attacks
Android Attacks
 
0x20 hack
0x20 hack0x20 hack
0x20 hack
 

Semelhante a Android Hacking

Luiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchLuiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitch
Yury Chemerkin
 
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
EC-Council
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
Marakana Inc.
 
PRO TALK - Kubernetes Security Workshop.pdf
PRO TALK - Kubernetes Security Workshop.pdfPRO TALK - Kubernetes Security Workshop.pdf
PRO TALK - Kubernetes Security Workshop.pdf
AvinashDesireddy
 

Semelhante a Android Hacking (20)

DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerDEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
 
Droidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensicsDroidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensics
 
SecTor '09 - When Web 2.0 Attacks!
SecTor '09 - When Web 2.0 Attacks!SecTor '09 - When Web 2.0 Attacks!
SecTor '09 - When Web 2.0 Attacks!
 
Luiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchLuiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitch
 
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
 
Android malware presentation
Android malware presentationAndroid malware presentation
Android malware presentation
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
 
Android : How Do I Code Thee?
Android : How Do I Code Thee?Android : How Do I Code Thee?
Android : How Do I Code Thee?
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
PRO TALK - Kubernetes Security Workshop.pdf
PRO TALK - Kubernetes Security Workshop.pdfPRO TALK - Kubernetes Security Workshop.pdf
PRO TALK - Kubernetes Security Workshop.pdf
 
Kubernetes Security Workshop
Kubernetes Security WorkshopKubernetes Security Workshop
Kubernetes Security Workshop
 
2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?
 
Toward a Mobile Data Commons
Toward a Mobile Data CommonsToward a Mobile Data Commons
Toward a Mobile Data Commons
 
Insider Threat Visualization - HITB 2007, Kuala Lumpur
Insider Threat Visualization - HITB 2007, Kuala LumpurInsider Threat Visualization - HITB 2007, Kuala Lumpur
Insider Threat Visualization - HITB 2007, Kuala Lumpur
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
 
Insider Threat Visualization - HackInTheBox 2007
Insider Threat Visualization - HackInTheBox 2007Insider Threat Visualization - HackInTheBox 2007
Insider Threat Visualization - HackInTheBox 2007
 
Mobile security
Mobile securityMobile security
Mobile security
 
Pennington - Defending Against Targeted Ransomware with MITRE ATT&CK
Pennington - Defending Against Targeted Ransomware with MITRE ATT&CKPennington - Defending Against Targeted Ransomware with MITRE ATT&CK
Pennington - Defending Against Targeted Ransomware with MITRE ATT&CK
 
Securely Deploying Android Device - ISSA (Ireland)
Securely Deploying Android Device - ISSA (Ireland) Securely Deploying Android Device - ISSA (Ireland)
Securely Deploying Android Device - ISSA (Ireland)
 

Mais de antitree

Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3
antitree
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embedded
antitree
 
28c3 in 15
28c3 in 1528c3 in 15
28c3 in 15
antitree
 

Mais de antitree (20)

Hardening ssh configurations
Hardening ssh configurationsHardening ssh configurations
Hardening ssh configurations
 
State of wifi_2016
State of wifi_2016State of wifi_2016
State of wifi_2016
 
Just Mouse Jack Init
Just Mouse Jack InitJust Mouse Jack Init
Just Mouse Jack Init
 
Introduction to ethereum_public
Introduction to ethereum_publicIntroduction to ethereum_public
Introduction to ethereum_public
 
Docker Security
Docker SecurityDocker Security
Docker Security
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon email
 
Laverna vs etherpad
Laverna vs etherpadLaverna vs etherpad
Laverna vs etherpad
 
Meek and domain fronting public
Meek and domain fronting publicMeek and domain fronting public
Meek and domain fronting public
 
Nsa and vpn
Nsa and vpnNsa and vpn
Nsa and vpn
 
Salander v bond 2600
Salander v bond 2600Salander v bond 2600
Salander v bond 2600
 
Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embedded
 
Tor
TorTor
Tor
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence community
 
28c3 in 15
28c3 in 1528c3 in 15
28c3 in 15
 
Lock picking barcamp
Lock picking barcampLock picking barcamp
Lock picking barcamp
 
Lock picking 2600
Lock picking 2600Lock picking 2600
Lock picking 2600
 
Anti tree firesheep
Anti tree firesheepAnti tree firesheep
Anti tree firesheep
 
Image based automation
Image based automationImage based automation
Image based automation
 
How [not] to throw a b sides
How [not] to throw a b sidesHow [not] to throw a b sides
How [not] to throw a b sides
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Último (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

Android Hacking

  • 1. Tools and Techniques Related To 1
  • 2. RIT Alum  Intrepidus Group  Interlock Rochester  Rochester 2600  TOOOL  BSidesROC @antitree antitree.com 2
  • 3. Android Introduction  Tools For Hackers  Analysis Techniques  Examples  How to be “secure” 3
  • 4. Other, Honeycomb Cupcake 1% Donut 6% 1% 2% Blackberry, 9% Eclair 15% Gingerbread 25% iOS, 28% Android, 56% Froyo 56% 4
  • 5.
  • 6. Linux 2.6  Dalvik Virtual Machine – new instance for each app  DEX – Dalvik byte code  APK - zip  AndroidManifest.xml Dalvik Java APK Byte Code 6
  • 7. Linux Angry Birds app_42 Dalvik VM Instances
  • 8. Intents – inter process communication  Activities - screen  Content Providers – sqlite3 database  Services – background processes  Broadcasts – send and receive info to other apps 8
  • 9. Dynamic Network Analysis • Static Code Review • File System Auditing 9
  • 10. Android SDK  ADB  DDMS  Emulator  Apktool  Smali/Baksmali  Dex2jar  Java Decompiler (e.g. JAD or JD-GUI)  Mallory  Burpsuite  Wireshark 10
  • 11. Java source code vs Smali files vs DEX vs jar vs pseudocode  Android development  Java  Linux 11
  • 12. 12
  • 13. Watch Traffic flow through a MITM  Things to look for:  Information being passed in the clear  SSL usage and whether it’s done correctly  Results of modifying requests and responses  Authentication process 13
  • 14. Wireless Router Emulator PPTP server DDWRT/TOMATOE Android SDK PPTPD Usually need a clunky device Sometimes doesn’t act the Dedicated server way you want it 14
  • 15. #!/bin/bash # firewall script to intercept all traffic from ppp0 and redirect to local port # all credit to the great algorythm echo 1 > /proc/sys/net/ipv4/ip_forward iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t nat -A PREROUTING -j REDIRECT -i ppp0 -p tcp --dport 80 -m tcp --to-ports 8080 iptables -t nat -A PREROUTING -j REDIRECT -i ppp0 -p tcp --dport 443 -m tcp --to- ports 8080 15
  • 16. Wireshark  Initial traffic fingerprinting  Burpsuite  Great for HTTP/S traffic  Mallory  Great for nonspecific protocols 16
  • 17. 17
  • 18. Audit how data is stored  Things to look for:  Incorrect permissions  Storage location (data, sdcard, asec)  Tools  Adb shell  Standard linux commands  [Root exploit and busybox] 18
  • 19. 19
  • 20. 20
  • 21. See how the app works through pseudocode  Things to look for:  Overall understanding of the app  Cryptographic functions  Debug/Testing functions  Client side authentication 21
  • 22. Tools:  Apktool d com.antitree.app  Smali path/to/smali/files/  Dex2jar out.dex  Jd-gui out_dex2jar.jar APK DEX Jar Pseudocode Smali 22
  • 24. 24
  • 25. 25
  • 26. But what does it mean? 26
  • 27. Skype: 4/11  Permissions error allowed a malicious app to access contacts and personal information  Google: 6/11  Session information passed in the clear made it susceptible to hijacking  Dropbox: 8/11  An attempt to share data granted any app to the ability to make file public 27
  • 28. HTC: 10/11  Spyware Logging app found to be accessible to any app with the network connection permission ▪ GPS coordinates ▪ MEID, MDN ▪ phone logs ▪ MUCH more  *#*#HTCLOG#*#* 28
  • 30. File System Permissions Set to 777  Access saved sessions  Modify included binaries  Why: Lazy permissions  How discovered: file system permission review 30
  • 32. Shares information  Controls permissions  Tool: Android Manifest Auditor Code Name: The Jaku 32
  • 33. 33
  • 34. 1. Insecure Data Storage 2. Weak Server Side Controls 3. Insufficient Transport Layer Protection 4. Client Side Injection 5. Poor Authorization and Authentication 6. Improper Session Handling 7. Security Decisions Via Untrusted Inputs 8. Side Channel Data Leakage 9. Broken Cryptography 10. Sensitive Information Disclosure 34
  • 35. Deploy mobile device management solution  Zenprise, MobileIron, (Google?)  Train your users – don’t give in  Audit your devices  Are users following best practices?  What apps are installed?  Require mobile security solution  Lookout, WaveSecure, NetQin 35
  • 36. Audit your apps!  Check permissions  Check source code  Analyze your traffic  Think before you Root  Security Software  Remote wipe  Malware detection 36
  • 38. Slides and app available at www.antitree.com 38
  • 39. http://www.intrepidusgroup.com/insight/  http://code.google.com/p/android-apktool/  http://code.google.com/p/smali/  http://code.google.com/p/dex2jar/  http://java.decompiler.free.fr/?q=jdgui  http://developer.android.com/sdk 39
  • 40. 40