O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

CNIT 128 6. Analyzing Android Applications (Part 3)

89 visualizações

Publicada em

For a college class: Hacking Mobile Devices at CCSF

Instructor: Sam Bowne
More info: https://samsclass.info/128/128_S19.shtml

Publicada em: Educação
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

CNIT 128 6. Analyzing Android Applications (Part 3)

  1. 1. CNIT 128 Hacking Mobile Devices 6. Analyzing Android Applications Part 3
  2. 2. Topics • Part 1 • Creating Your First Android Environment • Understanding Android Applications • Part 2 • Understanding the Security Model: p 205-222 • Part 3 • Understanding the Security Model: p 222ff • Reverse-Engineering Applications
  3. 3. Topics in Part 3 • Generic Exploit Mitigation Protections • Rooting Explained • Reverse-Engineering Applications
  4. 4. Generic Exploit Mitigation Protections
  5. 5. Exploit Mitigations • Make the underlying OS more secure • So even unpatched legacy code is safer • Many of these mitigations are inherited from Linux
  6. 6. Kernel Protections
  7. 7. Rooting Explained
  8. 8. Root Access • By default Android doesn't allow users to use root • Rooting typically adds a su binary • Allows elevation to root • So su itself must run as root
  9. 9. SUID Permissions • Runs with owner's permissions • Even when launched by someone else
  10. 10. Security of su • On Linux, it asks for a password to allow elevation • On Android, it pops up a box like this
  11. 11. Rooting Methods • Using an exploit • Using an unlocked bootloader
  12. 12. Exploits • Gingerbreak • Exploited vold to write to the Global Offset Table (GOT) in Android 2.2 and 3.0 • Bug in Google's original Android • Exynos abuse • Bug in driver for exynos processors, used by Samsung • Only affected some devices
  13. 13. • Samsung Admire • Exploited dump files and logs to change pemissions on adb • Worked only on specific device • Ace Iconia • Pre-installed SUID binary with code injection vulnerabiliti Exploits
  14. 14. • Master Key • Make a modified system app • Re-install it with the same signature • Works on most Android versions prior to 4.2 • Towelroot • Exploits locks used when threading • Rooted many devices Exploits
  15. 15. • Flash new firmware onto device • A new recovery image, or • A rooted kernel image containing su • May void warranty or brick your phone Unlocked Bootloader
  16. 16. Cyagenmod • Link Ch 6h
  17. 17. • Link Ch 6i
  18. 18. Reverse-Engineering Applications
  19. 19. In the Projects • Pulling an APK from the phone with adb • Disassemble with apktool
  20. 20. Vulnerability Scanning • Qark and AndroBugs
  21. 21. Jadx
  22. 22. Code Modification
  23. 23. Repacking and Signing

×