Your SlideShare is downloading. ×
Android Hacking
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Android Hacking

4,214
views

Published on

Slides from a presentation at the Rochester Security Summit.

Slides from a presentation at the Rochester Security Summit.

Published in: Technology

2 Comments
10 Likes
Statistics
Notes
No Downloads
Views
Total Views
4,214
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
2
Likes
10
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Tools and Techniques Related To 1
  • 2.  RIT Alum Intrepidus Group Interlock Rochester Rochester 2600 TOOOL BSidesROC@antitreeantitree.com 2
  • 3.  Android Introduction Tools For Hackers Analysis Techniques Examples How to be “secure” 3
  • 4. Other, Honeycomb Cupcake 1% Donut 6% 1% 2% Blackberry, 9% Eclair 15% Gingerbread 25%iOS, 28% Android, 56% Froyo 56% 4
  • 5.  Linux 2.6 Dalvik Virtual Machine – new instance for each app DEX – Dalvik byte code APK - zip AndroidManifest.xml Dalvik Java APK Byte Code 6
  • 6. Linux Angry Birds app_42Dalvik VM Instances
  • 7.  Intents – inter process communication Activities - screen Content Providers – sqlite3 database Services – background processes Broadcasts – send and receive info to other apps 8
  • 8. • Dynamic Network Analysis• Static Code Review• File System Auditing 9
  • 9.  Android SDK  ADB  DDMS  Emulator Apktool Smali/Baksmali Dex2jar Java Decompiler (e.g. JAD or JD-GUI) Mallory Burpsuite Wireshark 10
  • 10.  Java source code vs Smali files vs DEX vs jar vs pseudocode Android development Java Linux 11
  • 11. 12
  • 12.  Watch Traffic flow through a MITM Things to look for:  Information being passed in the clear  SSL usage and whether it’s done correctly  Results of modifying requests and responses  Authentication process 13
  • 13. Wireless Router Emulator PPTP serverDDWRT/TOMATOE Android SDK PPTPDUsually need a clunky device Sometimes doesn’t act the Dedicated server way you want it 14
  • 14. #!/bin/bash# firewall script to intercept all traffic from ppp0 and redirect to local port# all credit to the great algorythmecho 1 > /proc/sys/net/ipv4/ip_forwardiptables -Fiptables -Xiptables -t nat -Fiptables -t nat -Xiptables -t mangle -Fiptables -t mangle -Xiptables -P INPUT ACCEPTiptables -P FORWARD ACCEPTiptables -P OUTPUT ACCEPTiptables -t nat -A POSTROUTING -o eth0 -j MASQUERADEiptables -t nat -A PREROUTING -j REDIRECT -i ppp0 -p tcp --dport 80 -m tcp --to-ports8080iptables -t nat -A PREROUTING -j REDIRECT -i ppp0 -p tcp --dport 443 -m tcp --to-ports 8080 15
  • 15.  Wireshark  Initial traffic fingerprinting Burpsuite  Great for HTTP/S traffic Mallory  Great for nonspecific protocols 16
  • 16. 17
  • 17.  Audit how data is stored Things to look for:  Incorrect permissions  Storage location (data, sdcard, asec) Tools  Adb shell  Standard linux commands  [Root exploit and busybox] 18
  • 18. 19
  • 19. 20
  • 20.  See how the app works through pseudocode Things to look for:  Overall understanding of the app  Cryptographic functions  Debug/Testing functions  Client side authentication 21
  • 21.  Tools:  Apktool d com.antitree.app  Smali path/to/smali/files/  Dex2jar out.dex  Jd-gui out_dex2jar.jar APK DEX Jar Pseudocode Smali 22
  • 22. Reverse engineering is neat
  • 23. 24
  • 24. 25
  • 25. But what does it mean? 26
  • 26.  Skype: 4/11  Permissions error allowed a malicious app to access contacts and personal information Google: 6/11  Session information passed in the clear made it susceptible to hijacking Dropbox: 8/11  An attempt to share data granted any app to the ability to make file public 27
  • 27.  HTC: 10/11  Spyware Logging app found to be accessible to any app with the network connection permission ▪ GPS coordinates ▪ MEID, MDN ▪ phone logs ▪ MUCH more  *#*#HTCLOG#*#* 28
  • 28. 100,000 installations 29
  • 29.  File System Permissions Set to 777  Access saved sessions  Modify included binaries Why: Lazy permissions How discovered: file system permission review 30
  • 30. SSHUNTUNNEL
  • 31.  Shares information Controls permissions Tool: Android Manifest Auditor Code Name: The Jaku 32
  • 32. 33
  • 33. 1. Insecure Data Storage2. Weak Server Side Controls3. Insufficient Transport Layer Protection4. Client Side Injection5. Poor Authorization and Authentication6. Improper Session Handling7. Security Decisions Via Untrusted Inputs8. Side Channel Data Leakage9. Broken Cryptography10. Sensitive Information Disclosure 34
  • 34.  Deploy mobile device management solution  Zenprise, MobileIron, (Google?) Train your users – don’t give in Audit your devices  Are users following best practices?  What apps are installed? Require mobile security solution  Lookout, WaveSecure, NetQin 35
  • 35.  Audit your apps!  Check permissions  Check source code  Analyze your traffic Think before you Root Security Software  Remote wipe  Malware detection 36
  • 36. Coincidence? 37
  • 37. Slides and app available at www.antitree.com 38
  • 38.  http://www.intrepidusgroup.com/insight/ http://code.google.com/p/android-apktool/ http://code.google.com/p/smali/ http://code.google.com/p/dex2jar/ http://java.decompiler.free.fr/?q=jdgui http://developer.android.com/sdk 39
  • 39. 40