The art of android hacking by Abhinav Mishra (0ctac0der)
The Art Of
by, Abhinav Mishra (0ctac0der)
Who is this weird tall guy??
Abhinav Mishra | @0ctac0der
Senior Security Consultant @ TOTHENEW Digital
Top 5 Mobile Security Researcher | Synack Red Team (@SynackRedTeam)
Web and Mobile Application Security Researcher
Bug Bounty Hunter, Speaker, Trainer, Traveler, Movie buff
Have you seen “Mr. Robot” ? Any comments? Link
What is he talking about??
● Android application security
○ Android architecture
○ Application structure
○ Cool tools and distributions
○ Emulators, Devices, Attacks, Vulnerabilities …..
● What (& How) to look for in an android application
● Some interesting findings
● (Random talks)
● Cool demonstrations
● Next steps to learn android appsec
Que le jeu commence…..
● What all you know about android…
● Application structure
● Vulnerability ?
Okay, my turn now
● What you want to know/learn?
● What you want me to demo?
● Any tool you love? We can talk….
Quick Android Walkthrough
● Linux Kernel
● Privilege separation Model
(UID & GID)
● Android Permission model
● APK components:
Reversing a cute APK
Things I am going to do in next 10-15 minutes:
● Choose any apk
● Decompile with apktool | $apktool d package_name.apk
● Read and understand the AndroidManifest.xml
● Showing components in the code:
○ Activities, Broadcast receivers, Content providers ….
● Extract the apk with any extractor
● Change the classes.dex to jar | $dex2jar classes.dex
● Show multiple java classes
● Possible issues to be discovered
● SMALI files and converting to JAR