Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Android Tamer (Anant Shrivastava)

8,580 views

Published on

ClubHack 2011 Hacking and Security Conference.
Talk - Android Tamer
Speaker - Anant Shrivastava

Published in: Technology

Android Tamer (Anant Shrivastava)

  1. 1. Android Tamer ByAnant Shrivastavahttp://anantshri.info
  2. 2. Agenda● Android and Security● Tool set available Right Now● Android Tamer VM ● Source Code Analysis ● Application Development ● Security Analysis Applications ● ROM analysis ● Code Injection● Demos 2
  3. 3. Android+40% Phone Market●+10% Tablet Market●Manufacturer support : LG,Samsung,SE &●moreSupported by Google●Linux Based● 3
  4. 4. Why Security Review● Emerging Market.● Smart phones.● Easily acessible● Emerging Target for malware distribution.● Simply Put whole PC malacious life cycle is getting repeated in Mobile Domain 4
  5. 5. How and What to perform● We Need to perform ● Application / Platform / Protocol Testing ● Malacious Apps / website testing ● Rom Analysis / Modification● How We perform ● Setup toolset on every machine and still no standards. 5
  6. 6. Whats the solution● Define Some standards. ● OWASP is working on it.● Design some ToolKit ● Basically we need BT style toolkit for android. 6
  7. 7. PresentingAndroid Tamer 7
  8. 8. What is Android Tamer● VM environment Giving you the freedom to perform ● Application Pentesting ● Malware Analysis ● Rom Modification (Core + kernel) ● ROM Analysis ● App / Malware / Native Code Development 8
  9. 9. Salient Features● Based on Ubuntu 10.04 LTS● All non needed software removed.● Minimum mix of foreign repositories to avoid upgrade issues.● Not just tool dump but integrated solution.● Browser bookmarks.● Tamer Repository configured to avoid re-download of complete VDI image. (contains only one package as of now) 9
  10. 10. Tools : Application Pentesting● OWASP ZAP● TSOCK Proxy● Emulator configured with ZAP certificate.● Custom Link Given to launch specific AVD.● DDMS configured 10
  11. 11. Tools : Malware Analysis● DroidBox● APKInspector● Apktool● Dex2jar /JAD / DED / JD-GUI● Smali / baksmali● androguard 11
  12. 12. Tools : ROM Analysis / Modification● DSIXDA Android Kitchen● Unyaffs2● Split_bootimg● DDMS● Refer Tools : Development and Malware analysis 12
  13. 13. Tools : Development● Eclipse + ADT● NDK● CodeSourcery C++ lite● ARM DS-5 CE 13
  14. 14. Tools : Rooting tools● Scripts ● Rageinthecage ● Psneuter ● Gingerbreak ● ZergRush● APK’s ● Z4root ● Superoneclick ● Universal Androot Note : tools provided AS-IS, usage is a responsibility of USER 14
  15. 15. Important Linkshttps://sourceforge.net/p/androidtamer/ 15
  16. 16. Future● Plan to keep it going.● Applications will be distributed using Tamer Repository (preconfigured)● Tools and Categories to add ● Agnitio: Source code review ● Forensics Section.● If you know some other cool tools that could be added send in a mail. 16
  17. 17. About Me Anant Shrivastava CEH, RHCE Interested in Android, Linux, Web 2.0 Member of Null and G4H●Email : anant@anantshri.info●Web : http://anantshri.info●Blog : http://blog.anantshri.info

×