SlideShare uma empresa Scribd logo

Hacking your Droid (Aditya Gupta)

ClubHack
ClubHack

This document provides an overview of malware on Android systems. It discusses the Android architecture and security model, how to analyze Android application packages (APKs), and techniques for reverse engineering and creating Android malware. Specific malware examples like Trojan-SMS.FakePlayer.a and Geinimi are described. The document also covers tools for mobile application penetration testing and discusses both legal and illegal ways that Android malware can generate money.

Tecnologia
1 de 63
Baixar para ler offline
MALWARES Aditya Gupta @adi1391
./whoami • College Student • Independent Security Researcher • Mobile Security Lover • White Hat
./whoami • Subho Halder • Application Developer • Hardcore coder. • Mobile Security Researcher
Agenda • Android OS Basics • Inside the APK • Android Security Model • Reversing the codes • Some case studies • Making our own malware • Malware = Money • Mobile App Pentesting
What is Android • Software Stack including OS, middleware and applications • Developed by Google and OHA(Open Handset Alliance) • Largest Market Share in Q2 2011, more than Symbian and IOS. (Source : Gartner)
Why Android • Everywhere! (TV, phones, tablets) • Easy to expl0it + Open Source • Runs on Linux 2.6.x kernel • Uses SQLite database • Huge community base • Official market containing over 4,00,000 apps
ANDROID ARCHITECTURE
Android Applications • .apk (Android Package) format • Nothing more than a zip file. • Written exclusively in Java, with native libraries in C/C++. • Composed of components such as Activities, Services, Broadcast Recievers, etc.
Android Applications APK META-INF res AndroidManifest.xml Classes.dex resources.arsc
ACTIVITY • Screen to let users interact • Consists of views ( Buttons, TextView, ImageView, Table view, List view etc) • “main” activity presented on start • Lifecycle is “LIFO”
ACTIVITY
SERVICE • Performs the work in the background • Doesn’t comes with a UI • Can be either stated or bound(or both) • Example – playing music in the bg, network activities, file i/o operations etc.
Other Components • Broadcast Reciever receives and responds to broadcast announcements Incoming SMS , Screen Off etc. • Intents Binds individual components at runtime • Content Providers Stores and retrieves the application data Data stored in an SQLite database
BROADCAST RECEIVERS WAIT FOR IT
• Preinstalled on most of Android devices • Contains over 4 billion apps • No CA • $25 signup • Anonymous sign up possible
Permissions.. WTF? • Declared in AndroidManifest.xml • XML file containing all the components and permissions • Can only use the declared permissions
AndroidManifest.xml
Permissions.. WTF? • ACCESS_COARSE_LOCATION • READ_SMS • ACCESS_FINE_LOCATION • RECEIVE_SMS • BRICK • SEND_SMS • CALL_PHONE • INTERNET • USE_CREDENTIALS • GET_ACCOUNTS • WRITE_OWNER_DATA • PROCESS_OUTGOING_CALLS • RECORD_AUDIO • READ_OWNER_DATA
Android Security Model • Each application is run within a Dalvik Virtual Machine • With unique UID:GID • By default no permission is granted • Permissions required by an application have to be approved by the user. • Apk files must be signed with a certificate.
Android Security Model Application 1 Application 2 Application 3 UID : 1000 UID : 1001 UID : 1003 Dalvik VM Dalvik VM Dalvik VM Application 4 Application 5 UID : 1004 UID : 1005 Dalvik VM Dalvik VM SYSTEM PROCESS ( UID : SYSTEM) LINUX KERNEL
DALVIK VIRTUAL MACHINE(DVM)
Created by Dan Bornstein DVM vs JVM Virtual System to run the android apps Register based instead of stack based Runs the dex(Dalvik Executable) files
REVERSE ENGINEERING BREAKING THE CODES
Making of the APK Using dx(dexer) of Android SDK .class .java .dex .apk apkbuilder
Making the APK
Making the APK aapt package -f -M ${manifest.file} -F ${packaged.resource.file} -I ${path.to.android- jar.library} -S ${android-resource-directory} [-m -J ${folder.to.output.the.R.java}] use javac dx.bat –dex –output=${output.dex.file} ${compiled.classes.directory} ${jar files..} apkbuilder ${output.apk.file} -u -z ${packagedresource.file} -f ${dex.file} - rf ${source.dir} -rj ${libraries.dir} use keytool jarsigner -keystore ${keystore} -storepass ${keystore.password} -keypass ${keypass} - signedjar ${signed.apkfile} ${unsigned.apkfile} ${keyalias} adb -d install -r ${signed.apk}
REVERSING THE APK .class .java .dex .apk
REVERSING THE APK Tools of the trade Dedexer Baksmali Undx JD-GUI Dex2JAR DexDump APKTool
GETTING OUR HANDS DIRTY DEMO TIME
ANDROID MALWARES Special thanks to Mila for his awesome website http://contagiodump.blogspot.com
Memories of the Past Some famous Android Malwares • Trojan-SMS.AndroidOS.FakePlayer.a • Geinimi • Snake • DreamDroid • GGTracker
Trojan-SMS.FakePlayer.a • Simplest malware till date. • Sends SMS to a premium rated number • $6-10/sms • Mainly distributed through porn/media apps • Stop watching porn? :O
GEINIMI : THE HOTTEST MALWARE
GEINIMI • Most sophisticated malware till date. • Botnet like capabilities • Multiple variants created on the same device • Obfuscated code • Strings decrypted at runtime • All network data encrypted ( DES with a key - 012345678)
GEINIMI • Three ways of starting (Using service or Broadcast Receivers • Makes a connection with C&C server • Identifies each device with unique IMEI & IMSI • Can be in 5 states (Start, download, parse, transact, idle) • Info Stealer • Infected legitimate apps ( Sex Positions, MonkeyJump2 etc. ) (Another reason for not watching porn on mobile! )
GEINIMI(continued) • Botnet Command Capabilities : o call – Call a number o Email – Send a email o Smsrecord – Sends all the sms’es to the server o Install – install an app o Shell – get a shell o Contactlist - get the contact list of the victim o Wallpaper – change the wallpaper etc.
DREAMDROID • Infected legitimate software • Hosted at “Android Market” • Came with exploits namely Exploid ( CVE-2009-1185 ) and rageagainstthecage(CVE-2010-EASY) • Multi Staged Payload • XOR Encrypted data • Another malware with Botnet capabilities
Creating our own Android Malware
What all we need • IMEI and IMSI number • Contacts • Sending text messages • Getting Inbox • Web History • Creating Web Bookmarks • Recording Phone Conversations • Stored passwords and other info • Opening URL’s for SEO • Getting r00t.
Agenda Taking a legitimate app (apk) Decompile it Insert our own codes Repackaging to get a infected APK PROFIT?
OR
#CODE FROM SCRATCH#
TRIGERRING THE MAL • Using Broadcast Receivers • ACTION_BOOT_COMPLETED • SMS_RECIEVE • ACTION_POWER_CONNECTED • ACTION_TIME_CHANGED
Setting up our server
CREATING ‘THE’ MALWARE Expected Time to be taken < 10 mins
Vulnerable Applications • GMail App(in <Android v2.1 vuln to XSS :O From field: “ onload=window.location=‘http:// google.com’ “@yahoo.com” (Found by supernothing of spareclockcycles.org) • Use this to launch more exploits such as the Data Stealing Bug(by Thomas Cannon) or Free Webkit Exploit(MJ Keith) • Steal Emails & SD Card Files
Stored Passwords • Browser passwords stored in database called webview.db • Got r00t? #adb pull /data/data/com.android.browser/databases/webview.db #sqlite webview.db > SELECT * FROM password;
Insecure Data Storage # cd /data/data/com.evernote # ls cache databases shared_prefs lib # cd shared_prefs # ls com.evernote_preferences.xml # cat com.evernote_preferences.xml <?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <string name="serviceHost"><string name="username">myusername</string> <boolean name="ACCOUNT_CHECKED" value="true" /> <string name="password">youcanthackme</string> <int name="servicePort" value="0" /> <boolean name="NotifyUploadStatus" value="true" /> </map> #
Is that all? Webkit and platform vulnerabilities Android 2.0 ,2.1, 2.1.1 WebKit Use-After-Free Exploit Android 2.0/2.1 Use-After-Free Remote Code Execution on Webkit Vulnerabilities in Apps, SQLi, XSS, etc. Use platform vulns to get root & shell SD card information leakage XSSF Framework ROOTSTRAP Sniffing the network : ) Try MoshZuk & ANTI
Is that all? Get the Android version Run Profit matching exploits Install Spread malicious app
[$]Where is the money?[$] [$$$]100% Illegal Ways to get rich! [$$$] •Mobile App moolah by Jimmy Shah Your phone has been hacked! •Premium Rates SMSes Transfer $1000 to my account Or else……. •Make malwares for sale Acc No : xxxxxxxxxxxxxxxxxxxx •Click Fraud, BlackHat SEO, Traffic generation, PPC Ads •Steal Accounts/CCs and sell them •Get personal information and blackmail the owner •Sign up to many services with your referral id •Make a bank phishing app
[$$]Spread Yourself![$$] • Forums • P2P • Send SMS’es/chat with your download link from the infected user’s phone • Make a blog of cracked full version of famous android apps! • Social Network viral scripts • Android Market • Amazon App Store
Outlaws vs Angels
The game is over! • Malware scanners developed for Android platform. • Lookout(one of the best security solutions), AVG, Quick Heal, Kaspersky have come up with their security solutions. • Can detect most of the “known” malwares of this platform.
The game is over! The game is not over yet! • Can create a malware not detected by the scanners • Most of them signature based, so, can easily be bypassed. • Obfuscating code can bypass most of them. • Disable the AV • Encryption for network data. • Use your own “blackhat” creativity!
MobileApp Pentesting FTW!
MobileApp Pentesting FTW! • Decompile the apk after pulling it from the phone. adb pull /data/app(or app-private)/hello.apk unzip hello.apk dex2jar classes.dex jdgui classes2jar.jar or convert to smali and then analyse the code adb pull /data/app/hello.apk unzip hello.apk java –jar baksmali.jar –o C:pentestapp classes.dex OR apktool d hello.apk
MobileApp Pentesting FTW! • Start Emulator with Proxy Emulator –avd MYAVD –http-proxy http://127.0.0.1:5001 • Install the app in the emulator avd install apptotest.apk • Use Wireshark, Fiddler & Burp Suite to monitor traffic • Run the app and check logcat • WhisperMonitor – Android App to monitor outgoing traffic
MobileApp Pentesting FTW! Check the security mechanism and encryption used in a banking or payment app for network data Manifest Explorer Strace for debugging system calls and signals Check the location where the app stores the login credentials.
QUESTIONS??
THANKS TO: THE CLUBHACK TEAM ELAD SHAPRIA ANNAT SRIVASTAVA DEV KAR
THANK YOU!

Recomendados

Iphone Presentation for MuMe09
Iphone Presentation for MuMe09Iphone Presentation for MuMe09
Iphone Presentation for MuMe09Gonzalo Parra
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 
DEF CON 23: Internet of Things: Hacking 14 Devices
DEF CON 23: Internet of Things: Hacking 14 DevicesDEF CON 23: Internet of Things: Hacking 14 Devices
DEF CON 23: Internet of Things: Hacking 14 DevicesSynack
 
Обмен учетными данными между iOS 8 приложениями и вебом, Константин Чернухо, ...
Обмен учетными данными между iOS 8 приложениями и вебом, Константин Чернухо, ...Обмен учетными данными между iOS 8 приложениями и вебом, Константин Чернухо, ...
Обмен учетными данными между iOS 8 приложениями и вебом, Константин Чернухо, ...Yandex
 
Dark Side of iOS [SmartDevCon 2013]
Dark Side of iOS [SmartDevCon 2013]Dark Side of iOS [SmartDevCon 2013]
Dark Side of iOS [SmartDevCon 2013]Kuba Břečka
 
Shellcoding in linux
Shellcoding in linuxShellcoding in linux
Shellcoding in linuxAjin Abraham
 
DEF CON 23: Stick That In Your (root)Pipe & Smoke It
DEF CON 23: Stick That In Your (root)Pipe & Smoke ItDEF CON 23: Stick That In Your (root)Pipe & Smoke It
DEF CON 23: Stick That In Your (root)Pipe & Smoke ItSynack
 
Poc2015 os x_kernel_is_as_strong_as_its_weakest_part_liang_shuaitian
Poc2015 os x_kernel_is_as_strong_as_its_weakest_part_liang_shuaitianPoc2015 os x_kernel_is_as_strong_as_its_weakest_part_liang_shuaitian
Poc2015 os x_kernel_is_as_strong_as_its_weakest_part_liang_shuaitianLiang Chen
 

Recomendados

Iphone Presentation for MuMe09
Iphone Presentation for MuMe09Iphone Presentation for MuMe09
Iphone Presentation for MuMe09Gonzalo Parra
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 
DEF CON 23: Internet of Things: Hacking 14 Devices
DEF CON 23: Internet of Things: Hacking 14 DevicesDEF CON 23: Internet of Things: Hacking 14 Devices
DEF CON 23: Internet of Things: Hacking 14 DevicesSynack
 
Обмен учетными данными между iOS 8 приложениями и вебом, Константин Чернухо, ...
Обмен учетными данными между iOS 8 приложениями и вебом, Константин Чернухо, ...Обмен учетными данными между iOS 8 приложениями и вебом, Константин Чернухо, ...
Обмен учетными данными между iOS 8 приложениями и вебом, Константин Чернухо, ...Yandex
 
Dark Side of iOS [SmartDevCon 2013]
Dark Side of iOS [SmartDevCon 2013]Dark Side of iOS [SmartDevCon 2013]
Dark Side of iOS [SmartDevCon 2013]Kuba Břečka
 
Shellcoding in linux
Shellcoding in linuxShellcoding in linux
Shellcoding in linuxAjin Abraham
 
DEF CON 23: Stick That In Your (root)Pipe & Smoke It
DEF CON 23: Stick That In Your (root)Pipe & Smoke ItDEF CON 23: Stick That In Your (root)Pipe & Smoke It
DEF CON 23: Stick That In Your (root)Pipe & Smoke ItSynack
 
Poc2015 os x_kernel_is_as_strong_as_its_weakest_part_liang_shuaitian
Poc2015 os x_kernel_is_as_strong_as_its_weakest_part_liang_shuaitianPoc2015 os x_kernel_is_as_strong_as_its_weakest_part_liang_shuaitian
Poc2015 os x_kernel_is_as_strong_as_its_weakest_part_liang_shuaitianLiang Chen
 
Virus Bulletin 2015: Exposing Gatekeeper
Virus Bulletin 2015: Exposing GatekeeperVirus Bulletin 2015: Exposing Gatekeeper
Virus Bulletin 2015: Exposing GatekeeperSynack
 
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?Aditya K Sood
 
Gatekeeper Exposed
Gatekeeper ExposedGatekeeper Exposed
Gatekeeper ExposedSynack
 
eXploitable Markup Language
eXploitable Markup LanguageeXploitable Markup Language
eXploitable Markup Languagesghctoma
 
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilitiesVorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilitiesDefconRussia
 
Scratching Your Brain into Dark Web by Arpit Maheshwari
Scratching Your Brain into Dark Web by Arpit MaheshwariScratching Your Brain into Dark Web by Arpit Maheshwari
Scratching Your Brain into Dark Web by Arpit MaheshwariOWASP Delhi
 
Горизонтальные перемещения в инфраструктуре Windows
Горизонтальные перемещения в инфраструктуре WindowsГоризонтальные перемещения в инфраструктуре Windows
Горизонтальные перемещения в инфраструктуре WindowsPositive Hack Days
 
ZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanningZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanningMikhail Sosonkin
 
WMI for Penetration Testers - Arcticcon 2017
WMI for Penetration Testers - Arcticcon 2017WMI for Penetration Testers - Arcticcon 2017
WMI for Penetration Testers - Arcticcon 2017Alexander Polce Leary
 
History of Android Security – from linux to jelly bean
History of Android Security – from linux to jelly beanHistory of Android Security – from linux to jelly bean
History of Android Security – from linux to jelly beanJung Pil (J.P.) Choi
 
Think Like a Hacker - Database Attack Vectors
Think Like a Hacker - Database Attack VectorsThink Like a Hacker - Database Attack Vectors
Think Like a Hacker - Database Attack VectorsMark Ginnebaugh
 
Synack at AppSec California with Patrick Wardle
Synack at AppSec California with Patrick WardleSynack at AppSec California with Patrick Wardle
Synack at AppSec California with Patrick WardleSynack
 
Smali语法
Smali语法Smali语法
Smali语法xiaoshan8743
 
Reverse engineering android apps
Reverse engineering android appsReverse engineering android apps
Reverse engineering android appsPranay Airan
 
Toward Reverse Engineering of VBA Based Excel Spreadsheets Applications
Toward Reverse Engineering of VBA Based Excel Spreadsheets ApplicationsToward Reverse Engineering of VBA Based Excel Spreadsheets Applications
Toward Reverse Engineering of VBA Based Excel Spreadsheets ApplicationsREvERSE University of Naples Federico II
 
Let's talk about jni
Let's talk about jniLet's talk about jni
Let's talk about jniYongqiang Li
 
LinkedIn - Disassembling Dalvik Bytecode
LinkedIn - Disassembling Dalvik BytecodeLinkedIn - Disassembling Dalvik Bytecode
LinkedIn - Disassembling Dalvik BytecodeAlain Leon
 
Reverse Engineering Android Application
Reverse Engineering Android ApplicationReverse Engineering Android Application
Reverse Engineering Android Applicationn|u - The Open Security Community
 
Reverse Engineering .NET and Java
Reverse Engineering .NET and JavaReverse Engineering .NET and Java
Reverse Engineering .NET and JavaJoe Kuemerle
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeMário Almeida
 
How to reverse engineer Android applications—using a popular word game as an ...
How to reverse engineer Android applications—using a popular word game as an ...How to reverse engineer Android applications—using a popular word game as an ...
How to reverse engineer Android applications—using a popular word game as an ...Christoph Matthies
 
Android internals 05 - Dalvik VM (rev_1.1)
Android internals 05 - Dalvik VM (rev_1.1)Android internals 05 - Dalvik VM (rev_1.1)
Android internals 05 - Dalvik VM (rev_1.1)Egor Elizarov
 

Mais conteúdo relacionado

Mais procurados

Virus Bulletin 2015: Exposing Gatekeeper
Virus Bulletin 2015: Exposing GatekeeperVirus Bulletin 2015: Exposing Gatekeeper
Virus Bulletin 2015: Exposing GatekeeperSynack
 
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?Aditya K Sood
 
Gatekeeper Exposed
Gatekeeper ExposedGatekeeper Exposed
Gatekeeper ExposedSynack
 
eXploitable Markup Language
eXploitable Markup LanguageeXploitable Markup Language
eXploitable Markup Languagesghctoma
 
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilitiesVorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilitiesDefconRussia
 
Scratching Your Brain into Dark Web by Arpit Maheshwari
Scratching Your Brain into Dark Web by Arpit MaheshwariScratching Your Brain into Dark Web by Arpit Maheshwari
Scratching Your Brain into Dark Web by Arpit MaheshwariOWASP Delhi
 
Горизонтальные перемещения в инфраструктуре Windows
Горизонтальные перемещения в инфраструктуре WindowsГоризонтальные перемещения в инфраструктуре Windows
Горизонтальные перемещения в инфраструктуре WindowsPositive Hack Days
 
ZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanningZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanningMikhail Sosonkin
 
WMI for Penetration Testers - Arcticcon 2017
WMI for Penetration Testers - Arcticcon 2017WMI for Penetration Testers - Arcticcon 2017
WMI for Penetration Testers - Arcticcon 2017Alexander Polce Leary
 
History of Android Security – from linux to jelly bean
History of Android Security – from linux to jelly beanHistory of Android Security – from linux to jelly bean
History of Android Security – from linux to jelly beanJung Pil (J.P.) Choi
 
Think Like a Hacker - Database Attack Vectors
Think Like a Hacker - Database Attack VectorsThink Like a Hacker - Database Attack Vectors
Think Like a Hacker - Database Attack VectorsMark Ginnebaugh
 
Synack at AppSec California with Patrick Wardle
Synack at AppSec California with Patrick WardleSynack at AppSec California with Patrick Wardle
Synack at AppSec California with Patrick WardleSynack
 

Mais procurados (12)

Virus Bulletin 2015: Exposing Gatekeeper
Virus Bulletin 2015: Exposing GatekeeperVirus Bulletin 2015: Exposing Gatekeeper
Virus Bulletin 2015: Exposing Gatekeeper
 
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
 
Gatekeeper Exposed
Gatekeeper ExposedGatekeeper Exposed
Gatekeeper Exposed
 
eXploitable Markup Language
eXploitable Markup LanguageeXploitable Markup Language
eXploitable Markup Language
 
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilitiesVorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
 
Scratching Your Brain into Dark Web by Arpit Maheshwari
Scratching Your Brain into Dark Web by Arpit MaheshwariScratching Your Brain into Dark Web by Arpit Maheshwari
Scratching Your Brain into Dark Web by Arpit Maheshwari
 
Горизонтальные перемещения в инфраструктуре Windows
Горизонтальные перемещения в инфраструктуре WindowsГоризонтальные перемещения в инфраструктуре Windows
Горизонтальные перемещения в инфраструктуре Windows
 
ZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanningZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanning
 
WMI for Penetration Testers - Arcticcon 2017
WMI for Penetration Testers - Arcticcon 2017WMI for Penetration Testers - Arcticcon 2017
WMI for Penetration Testers - Arcticcon 2017
 
History of Android Security – from linux to jelly bean
History of Android Security – from linux to jelly beanHistory of Android Security – from linux to jelly bean
History of Android Security – from linux to jelly bean
 
Think Like a Hacker - Database Attack Vectors
Think Like a Hacker - Database Attack VectorsThink Like a Hacker - Database Attack Vectors
Think Like a Hacker - Database Attack Vectors
 
Synack at AppSec California with Patrick Wardle
Synack at AppSec California with Patrick WardleSynack at AppSec California with Patrick Wardle
Synack at AppSec California with Patrick Wardle
 

Destaque

Reverse engineering android apps
Reverse engineering android appsReverse engineering android apps
Reverse engineering android appsPranay Airan
 
Let's talk about jni
Let's talk about jniLet's talk about jni
Let's talk about jniYongqiang Li
 
LinkedIn - Disassembling Dalvik Bytecode
LinkedIn - Disassembling Dalvik BytecodeLinkedIn - Disassembling Dalvik Bytecode
LinkedIn - Disassembling Dalvik BytecodeAlain Leon
 
Reverse Engineering .NET and Java
Reverse Engineering .NET and JavaReverse Engineering .NET and Java
Reverse Engineering .NET and JavaJoe Kuemerle
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeMário Almeida
 
How to reverse engineer Android applications—using a popular word game as an ...
How to reverse engineer Android applications—using a popular word game as an ...How to reverse engineer Android applications—using a popular word game as an ...
How to reverse engineer Android applications—using a popular word game as an ...Christoph Matthies
 
Android internals 05 - Dalvik VM (rev_1.1)
Android internals 05 - Dalvik VM (rev_1.1)Android internals 05 - Dalvik VM (rev_1.1)
Android internals 05 - Dalvik VM (rev_1.1)Egor Elizarov
 
Understanding the Dalvik bytecode with the Dedexer tool
Understanding the Dalvik bytecode with the Dedexer toolUnderstanding the Dalvik bytecode with the Dedexer tool
Understanding the Dalvik bytecode with the Dedexer toolGabor Paller
 
Learning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorialLearning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorialLandice Fu
 
IEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationIEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationRufatet Babakishiyev
 

Destaque (16)

Smali语法
Smali语法Smali语法
Smali语法
 
Reverse engineering android apps
Reverse engineering android appsReverse engineering android apps
Reverse engineering android apps
 
Toward Reverse Engineering of VBA Based Excel Spreadsheets Applications
Toward Reverse Engineering of VBA Based Excel Spreadsheets ApplicationsToward Reverse Engineering of VBA Based Excel Spreadsheets Applications
Toward Reverse Engineering of VBA Based Excel Spreadsheets Applications
 
Let's talk about jni
Let's talk about jniLet's talk about jni
Let's talk about jni
 
LinkedIn - Disassembling Dalvik Bytecode
LinkedIn - Disassembling Dalvik BytecodeLinkedIn - Disassembling Dalvik Bytecode
LinkedIn - Disassembling Dalvik Bytecode
 
Reverse Engineering Android Application
Reverse Engineering Android ApplicationReverse Engineering Android Application
Reverse Engineering Android Application
 
Reverse Engineering .NET and Java
Reverse Engineering .NET and JavaReverse Engineering .NET and Java
Reverse Engineering .NET and Java
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skype
 
How to reverse engineer Android applications—using a popular word game as an ...
How to reverse engineer Android applications—using a popular word game as an ...How to reverse engineer Android applications—using a popular word game as an ...
How to reverse engineer Android applications—using a popular word game as an ...
 
Android internals 05 - Dalvik VM (rev_1.1)
Android internals 05 - Dalvik VM (rev_1.1)Android internals 05 - Dalvik VM (rev_1.1)
Android internals 05 - Dalvik VM (rev_1.1)
 
Understanding the Dalvik bytecode with the Dedexer tool
Understanding the Dalvik bytecode with the Dedexer toolUnderstanding the Dalvik bytecode with the Dedexer tool
Understanding the Dalvik bytecode with the Dedexer tool
 
Practice of Android Reverse Engineering
Practice of Android Reverse EngineeringPractice of Android Reverse Engineering
Practice of Android Reverse Engineering
 
Learning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorialLearning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorial
 
Dancing with dalvik
Dancing with dalvikDancing with dalvik
Dancing with dalvik
 
Understanding the Dalvik Virtual Machine
Understanding the Dalvik Virtual MachineUnderstanding the Dalvik Virtual Machine
Understanding the Dalvik Virtual Machine
 
IEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationIEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android Application
 

Semelhante a Hacking your Droid (Aditya Gupta)

Hacking your Android (slides)
Hacking your Android (slides)Hacking your Android (slides)
Hacking your Android (slides)Justin Hoang
 
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...Area41
 
Outsmarting SmartPhones
Outsmarting SmartPhonesOutsmarting SmartPhones
Outsmarting SmartPhonessaurabhharit
 
I haz you and pwn your maal
I haz you and pwn your maalI haz you and pwn your maal
I haz you and pwn your maalHarsimran Walia
 
Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...
Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...
Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...Jason Conger
 
Hacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSHacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSEC-Council
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Stephan Chenette
 
Mobile platform security models
Mobile platform security modelsMobile platform security models
Mobile platform security modelsG Prachi
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android SecurityMarakana Inc.
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)ClubHack
 
Outsmarting smartphones
Outsmarting smartphonesOutsmarting smartphones
Outsmarting smartphonesSensePost
 
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...Ajin Abraham
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2Mohammed Adam
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basicsOWASPKerala
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Blueinfy Solutions
 
Android malware analysis
Android malware analysisAndroid malware analysis
Android malware analysisJason Ross
 

Semelhante a Hacking your Droid (Aditya Gupta) (20)

Hacking your Android (slides)
Hacking your Android (slides)Hacking your Android (slides)
Hacking your Android (slides)
 
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
 
Outsmarting SmartPhones
Outsmarting SmartPhonesOutsmarting SmartPhones
Outsmarting SmartPhones
 
I haz you and pwn your maal
I haz you and pwn your maalI haz you and pwn your maal
I haz you and pwn your maal
 
Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...
Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...
Building your Own Mobile Enterprise Application: It’s Not as Hard as You Migh...
 
Hacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSHacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OS
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013
 
I haz you and pwn your maal
I haz you and pwn your maalI haz you and pwn your maal
I haz you and pwn your maal
 
Andriod Pentesting and Malware Analysis
Andriod Pentesting and Malware AnalysisAndriod Pentesting and Malware Analysis
Andriod Pentesting and Malware Analysis
 
Mobile platform security models
Mobile platform security modelsMobile platform security models
Mobile platform security models
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
 
Outsmarting smartphones
Outsmarting smartphonesOutsmarting smartphones
Outsmarting smartphones
 
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basics
 
Android - Anroid Pproject
Android - Anroid PprojectAndroid - Anroid Pproject
Android - Anroid Pproject
 
Securing Android
Securing AndroidSecuring Android
Securing Android
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
 
Android malware analysis
Android malware analysisAndroid malware analysis
Android malware analysis
 

Mais de ClubHack

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014ClubHack
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreClubHack
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber InsuranceClubHack
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatClubHack
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleClubHack
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...ClubHack
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodClubHack
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanClubHack
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaClubHack
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiClubHack
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012ClubHack
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack
 

Mais de ClubHack (20)

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
 

Último

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Último (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

Hacking your Droid (Aditya Gupta)

  • 2. ./whoami • College Student • Independent Security Researcher • Mobile Security Lover • White Hat
  • 3. ./whoami • Subho Halder • Application Developer • Hardcore coder. • Mobile Security Researcher
  • 4. Agenda • Android OS Basics • Inside the APK • Android Security Model • Reversing the codes • Some case studies • Making our own malware • Malware = Money • Mobile App Pentesting
  • 5. What is Android • Software Stack including OS, middleware and applications • Developed by Google and OHA(Open Handset Alliance) • Largest Market Share in Q2 2011, more than Symbian and IOS. (Source : Gartner)
  • 6. Why Android • Everywhere! (TV, phones, tablets) • Easy to expl0it + Open Source • Runs on Linux 2.6.x kernel • Uses SQLite database • Huge community base • Official market containing over 4,00,000 apps
  • 8.
  • 9. Android Applications • .apk (Android Package) format • Nothing more than a zip file. • Written exclusively in Java, with native libraries in C/C++. • Composed of components such as Activities, Services, Broadcast Recievers, etc.
  • 10. Android Applications APK META-INF res AndroidManifest.xml Classes.dex resources.arsc
  • 11. ACTIVITY • Screen to let users interact • Consists of views ( Buttons, TextView, ImageView, Table view, List view etc) • “main” activity presented on start • Lifecycle is “LIFO”
  • 13. SERVICE • Performs the work in the background • Doesn’t comes with a UI • Can be either stated or bound(or both) • Example – playing music in the bg, network activities, file i/o operations etc.
  • 14. Other Components • Broadcast Reciever receives and responds to broadcast announcements Incoming SMS , Screen Off etc. • Intents Binds individual components at runtime • Content Providers Stores and retrieves the application data Data stored in an SQLite database
  • 15. BROADCAST RECEIVERS WAIT FOR IT
  • 16. • Preinstalled on most of Android devices • Contains over 4 billion apps • No CA • $25 signup • Anonymous sign up possible
  • 17. Permissions.. WTF? • Declared in AndroidManifest.xml • XML file containing all the components and permissions • Can only use the declared permissions
  • 19. Permissions.. WTF? • ACCESS_COARSE_LOCATION • READ_SMS • ACCESS_FINE_LOCATION • RECEIVE_SMS • BRICK • SEND_SMS • CALL_PHONE • INTERNET • USE_CREDENTIALS • GET_ACCOUNTS • WRITE_OWNER_DATA • PROCESS_OUTGOING_CALLS • RECORD_AUDIO • READ_OWNER_DATA
  • 20. Android Security Model • Each application is run within a Dalvik Virtual Machine • With unique UID:GID • By default no permission is granted • Permissions required by an application have to be approved by the user. • Apk files must be signed with a certificate.
  • 21. Android Security Model Application 1 Application 2 Application 3 UID : 1000 UID : 1001 UID : 1003 Dalvik VM Dalvik VM Dalvik VM Application 4 Application 5 UID : 1004 UID : 1005 Dalvik VM Dalvik VM SYSTEM PROCESS ( UID : SYSTEM) LINUX KERNEL
  • 23. Created by Dan Bornstein DVM vs JVM Virtual System to run the android apps Register based instead of stack based Runs the dex(Dalvik Executable) files
  • 24. REVERSE ENGINEERING BREAKING THE CODES
  • 25. Making of the APK Using dx(dexer) of Android SDK .class .java .dex .apk apkbuilder
  • 27. Making the APK aapt package -f -M ${manifest.file} -F ${packaged.resource.file} -I ${path.to.android- jar.library} -S ${android-resource-directory} [-m -J ${folder.to.output.the.R.java}] use javac dx.bat –dex –output=${output.dex.file} ${compiled.classes.directory} ${jar files..} apkbuilder ${output.apk.file} -u -z ${packagedresource.file} -f ${dex.file} - rf ${source.dir} -rj ${libraries.dir} use keytool jarsigner -keystore ${keystore} -storepass ${keystore.password} -keypass ${keypass} - signedjar ${signed.apkfile} ${unsigned.apkfile} ${keyalias} adb -d install -r ${signed.apk}
  • 28. REVERSING THE APK .class .java .dex .apk
  • 29. REVERSING THE APK Tools of the trade Dedexer Baksmali Undx JD-GUI Dex2JAR DexDump APKTool
  • 30. GETTING OUR HANDS DIRTY DEMO TIME
  • 31. ANDROID MALWARES Special thanks to Mila for his awesome website http://contagiodump.blogspot.com
  • 32. Memories of the Past Some famous Android Malwares • Trojan-SMS.AndroidOS.FakePlayer.a • Geinimi • Snake • DreamDroid • GGTracker
  • 33. Trojan-SMS.FakePlayer.a • Simplest malware till date. • Sends SMS to a premium rated number • $6-10/sms • Mainly distributed through porn/media apps • Stop watching porn? :O
  • 34. GEINIMI : THE HOTTEST MALWARE
  • 35. GEINIMI • Most sophisticated malware till date. • Botnet like capabilities • Multiple variants created on the same device • Obfuscated code • Strings decrypted at runtime • All network data encrypted ( DES with a key - 012345678)
  • 36. GEINIMI • Three ways of starting (Using service or Broadcast Receivers • Makes a connection with C&C server • Identifies each device with unique IMEI & IMSI • Can be in 5 states (Start, download, parse, transact, idle) • Info Stealer • Infected legitimate apps ( Sex Positions, MonkeyJump2 etc. ) (Another reason for not watching porn on mobile! )
  • 37. GEINIMI(continued) • Botnet Command Capabilities : o call – Call a number o Email – Send a email o Smsrecord – Sends all the sms’es to the server o Install – install an app o Shell – get a shell o Contactlist - get the contact list of the victim o Wallpaper – change the wallpaper etc.
  • 38. DREAMDROID • Infected legitimate software • Hosted at “Android Market” • Came with exploits namely Exploid ( CVE-2009-1185 ) and rageagainstthecage(CVE-2010-EASY) • Multi Staged Payload • XOR Encrypted data • Another malware with Botnet capabilities
  • 40. What all we need • IMEI and IMSI number • Contacts • Sending text messages • Getting Inbox • Web History • Creating Web Bookmarks • Recording Phone Conversations • Stored passwords and other info • Opening URL’s for SEO • Getting r00t.
  • 41. Agenda Taking a legitimate app (apk) Decompile it Insert our own codes Repackaging to get a infected APK PROFIT?
  • 42. OR
  • 44. TRIGERRING THE MAL • Using Broadcast Receivers • ACTION_BOOT_COMPLETED • SMS_RECIEVE • ACTION_POWER_CONNECTED • ACTION_TIME_CHANGED
  • 45. Setting up our server
  • 46. CREATING ‘THE’ MALWARE Expected Time to be taken < 10 mins
  • 47. Vulnerable Applications • GMail App(in <Android v2.1 vuln to XSS :O From field: “ onload=window.location=‘http:// google.com’ “@yahoo.com” (Found by supernothing of spareclockcycles.org) • Use this to launch more exploits such as the Data Stealing Bug(by Thomas Cannon) or Free Webkit Exploit(MJ Keith) • Steal Emails & SD Card Files
  • 48. Stored Passwords • Browser passwords stored in database called webview.db • Got r00t? #adb pull /data/data/com.android.browser/databases/webview.db #sqlite webview.db > SELECT * FROM password;
  • 49. Insecure Data Storage # cd /data/data/com.evernote # ls cache databases shared_prefs lib # cd shared_prefs # ls com.evernote_preferences.xml # cat com.evernote_preferences.xml <?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <string name="serviceHost"><string name="username">myusername</string> <boolean name="ACCOUNT_CHECKED" value="true" /> <string name="password">youcanthackme</string> <int name="servicePort" value="0" /> <boolean name="NotifyUploadStatus" value="true" /> </map> #
  • 50. Is that all? Webkit and platform vulnerabilities Android 2.0 ,2.1, 2.1.1 WebKit Use-After-Free Exploit Android 2.0/2.1 Use-After-Free Remote Code Execution on Webkit Vulnerabilities in Apps, SQLi, XSS, etc. Use platform vulns to get root & shell SD card information leakage XSSF Framework ROOTSTRAP Sniffing the network : ) Try MoshZuk & ANTI
  • 51. Is that all? Get the Android version Run Profit matching exploits Install Spread malicious app
  • 52. [$]Where is the money?[$] [$$$]100% Illegal Ways to get rich! [$$$] •Mobile App moolah by Jimmy Shah Your phone has been hacked! •Premium Rates SMSes Transfer $1000 to my account Or else……. •Make malwares for sale Acc No : xxxxxxxxxxxxxxxxxxxx •Click Fraud, BlackHat SEO, Traffic generation, PPC Ads •Steal Accounts/CCs and sell them •Get personal information and blackmail the owner •Sign up to many services with your referral id •Make a bank phishing app
  • 53. [$$]Spread Yourself![$$] • Forums • P2P • Send SMS’es/chat with your download link from the infected user’s phone • Make a blog of cracked full version of famous android apps! • Social Network viral scripts • Android Market • Amazon App Store
  • 55. The game is over! • Malware scanners developed for Android platform. • Lookout(one of the best security solutions), AVG, Quick Heal, Kaspersky have come up with their security solutions. • Can detect most of the “known” malwares of this platform.
  • 56. The game is over! The game is not over yet! • Can create a malware not detected by the scanners • Most of them signature based, so, can easily be bypassed. • Obfuscating code can bypass most of them. • Disable the AV • Encryption for network data. • Use your own “blackhat” creativity!
  • 58. MobileApp Pentesting FTW! • Decompile the apk after pulling it from the phone. adb pull /data/app(or app-private)/hello.apk unzip hello.apk dex2jar classes.dex jdgui classes2jar.jar or convert to smali and then analyse the code adb pull /data/app/hello.apk unzip hello.apk java –jar baksmali.jar –o C:pentestapp classes.dex OR apktool d hello.apk
  • 59. MobileApp Pentesting FTW! • Start Emulator with Proxy Emulator –avd MYAVD –http-proxy http://127.0.0.1:5001 • Install the app in the emulator avd install apptotest.apk • Use Wireshark, Fiddler & Burp Suite to monitor traffic • Run the app and check logcat • WhisperMonitor – Android App to monitor outgoing traffic
  • 60. MobileApp Pentesting FTW! Check the security mechanism and encryption used in a banking or payment app for network data Manifest Explorer Strace for debugging system calls and signals Check the location where the app stores the login credentials.
  • 62. THANKS TO: THE CLUBHACK TEAM ELAD SHAPRIA ANNAT SRIVASTAVA DEV KAR