Successfully reported this slideshow.

Android Tamer (Anant Shrivastava)

4

Share

1 of 17
1 of 17

Android Tamer (Anant Shrivastava)

4

Share

Download to read offline

Description

ClubHack 2011 Hacking and Security Conference.
Talk - Android Tamer
Speaker - Anant Shrivastava

Transcript

  1. 1. Android Tamer By Anant Shrivastava http://anantshri.info
  2. 2. Agenda ● Android and Security ● Tool set available Right Now ● Android Tamer VM ● Source Code Analysis ● Application Development ● Security Analysis Applications ● ROM analysis ● Code Injection ● Demo's 2
  3. 3. Android +40% Phone Market ● +10% Tablet Market ● Manufacturer support : LG,Samsung,SE & ● more Supported by Google ● Linux Based ● 3
  4. 4. Why Security Review ● Emerging Market. ● Smart phones. ● Easily acessible ● Emerging Target for malware distribution. ● Simply Put whole PC malacious life cycle is getting repeated in Mobile Domain 4
  5. 5. How and What to perform ● We Need to perform ● Application / Platform / Protocol Testing ● Malacious Apps / website testing ● Rom Analysis / Modification ● How We perform ● Setup toolset on every machine and still no standards. 5
  6. 6. What's the solution ● Define Some standards. ● OWASP is working on it. ● Design some ToolKit ● Basically we need BT style toolkit for android. 6
  7. 7. Presenting Android Tamer 7
  8. 8. What is Android Tamer ● VM environment Giving you the freedom to perform ● Application Pentesting ● Malware Analysis ● Rom Modification (Core + kernel) ● ROM Analysis ● App / Malware / Native Code Development 8
  9. 9. Salient Features ● Based on Ubuntu 10.04 LTS ● All non needed software removed. ● Minimum mix of foreign repositories to avoid upgrade issues. ● Not just tool dump but integrated solution. ● Browser bookmarks. ● Tamer Repository configured to avoid re-download of complete VDI image. (contains only one package as of now) 9
  10. 10. Tools : Application Pentesting ● OWASP ZAP ● TSOCK Proxy ● Emulator configured with ZAP certificate. ● Custom Link Given to launch specific AVD. ● DDMS configured 10
  11. 11. Tools : Malware Analysis ● DroidBox ● APKInspector ● Apktool ● Dex2jar /JAD / DED / JD-GUI ● Smali / baksmali ● androguard 11
  12. 12. Tools : ROM Analysis / Modification ● DSIXDA Android Kitchen ● Unyaffs2 ● Split_bootimg ● DDMS ● Refer Tools : Development and Malware analysis 12
  13. 13. Tools : Development ● Eclipse + ADT ● NDK ● CodeSourcery C++ lite ● ARM DS-5 CE 13
  14. 14. Tools : Rooting tools ● Scripts ● Rageinthecage ● Psneuter ● Gingerbreak ● ZergRush ● APK’s ● Z4root ● Superoneclick ● Universal Androot Note : tools provided AS-IS, usage is a responsibility of USER 14
  15. 15. Important Links https://sourceforge.net/p/androidtamer/ 15
  16. 16. Future ● Plan to keep it going. ● Applications will be distributed using Tamer Repository (preconfigured) ● Tools and Categories to add ● Agnitio: Source code review ● Forensics Section. ● If you know some other cool tools that could be added send in a mail. 16
  17. 17. About Me Anant Shrivastava CEH, RHCE Interested in Android, Linux, Web 2.0 Member of Null and G4H ●Email : anant@anantshri.info ●Web : http://anantshri.info ●Blog : http://blog.anantshri.info

Description

ClubHack 2011 Hacking and Security Conference.
Talk - Android Tamer
Speaker - Anant Shrivastava

Transcript

  1. 1. Android Tamer By Anant Shrivastava http://anantshri.info
  2. 2. Agenda ● Android and Security ● Tool set available Right Now ● Android Tamer VM ● Source Code Analysis ● Application Development ● Security Analysis Applications ● ROM analysis ● Code Injection ● Demo's 2
  3. 3. Android +40% Phone Market ● +10% Tablet Market ● Manufacturer support : LG,Samsung,SE & ● more Supported by Google ● Linux Based ● 3
  4. 4. Why Security Review ● Emerging Market. ● Smart phones. ● Easily acessible ● Emerging Target for malware distribution. ● Simply Put whole PC malacious life cycle is getting repeated in Mobile Domain 4
  5. 5. How and What to perform ● We Need to perform ● Application / Platform / Protocol Testing ● Malacious Apps / website testing ● Rom Analysis / Modification ● How We perform ● Setup toolset on every machine and still no standards. 5
  6. 6. What's the solution ● Define Some standards. ● OWASP is working on it. ● Design some ToolKit ● Basically we need BT style toolkit for android. 6
  7. 7. Presenting Android Tamer 7
  8. 8. What is Android Tamer ● VM environment Giving you the freedom to perform ● Application Pentesting ● Malware Analysis ● Rom Modification (Core + kernel) ● ROM Analysis ● App / Malware / Native Code Development 8
  9. 9. Salient Features ● Based on Ubuntu 10.04 LTS ● All non needed software removed. ● Minimum mix of foreign repositories to avoid upgrade issues. ● Not just tool dump but integrated solution. ● Browser bookmarks. ● Tamer Repository configured to avoid re-download of complete VDI image. (contains only one package as of now) 9
  10. 10. Tools : Application Pentesting ● OWASP ZAP ● TSOCK Proxy ● Emulator configured with ZAP certificate. ● Custom Link Given to launch specific AVD. ● DDMS configured 10
  11. 11. Tools : Malware Analysis ● DroidBox ● APKInspector ● Apktool ● Dex2jar /JAD / DED / JD-GUI ● Smali / baksmali ● androguard 11
  12. 12. Tools : ROM Analysis / Modification ● DSIXDA Android Kitchen ● Unyaffs2 ● Split_bootimg ● DDMS ● Refer Tools : Development and Malware analysis 12
  13. 13. Tools : Development ● Eclipse + ADT ● NDK ● CodeSourcery C++ lite ● ARM DS-5 CE 13
  14. 14. Tools : Rooting tools ● Scripts ● Rageinthecage ● Psneuter ● Gingerbreak ● ZergRush ● APK’s ● Z4root ● Superoneclick ● Universal Androot Note : tools provided AS-IS, usage is a responsibility of USER 14
  15. 15. Important Links https://sourceforge.net/p/androidtamer/ 15
  16. 16. Future ● Plan to keep it going. ● Applications will be distributed using Tamer Repository (preconfigured) ● Tools and Categories to add ● Agnitio: Source code review ● Forensics Section. ● If you know some other cool tools that could be added send in a mail. 16
  17. 17. About Me Anant Shrivastava CEH, RHCE Interested in Android, Linux, Web 2.0 Member of Null and G4H ●Email : anant@anantshri.info ●Web : http://anantshri.info ●Blog : http://blog.anantshri.info

More Related Content

Related Books

Free with a 30 day trial from Scribd

See all

×