BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
Droid Hacking for the Innocent
1. Droid Hacking for the Innocent
Giles R. Greenway, Department of Digital Humanties
@kingsBSD @SoBigData https://www.slideshare.net/kingsBSD
2. The Prologue: “Our Data Ourselves”
Wrote “MobileMiner” Android
app.
Captures network sockets by
scanning /proc.
See “Mining Mobile Youth
Cultures” and PyData London
2015 talk:
http://tinyurl.com/miningmobile
youthcultures
https://youtu.be/hjjniizB794
This approach still works on
unrooted Android N. (See
NetMonitor by SECUSO
Research Group.)
https://github.com/SecUSo/privacy-
friendly-netmonitor
3. The Prologue: “Our Data Ourselves”
Observed apps, especially
games, “phoning home” with
unreasonable frequency.
Decided to decompile the app,
(TheLineKeepIn) found code
from Umeng, Jpush and
TenCent.
Not really malware, just very
obnoxious adware.
Can non-experts be taught how
to do this, and gain autonomy
over their devices and data?
4. Can’t we just distribute Kali?
Kali requires users to download
the Android dev tools by
themselves.
Google prohibits distributing the
binary.
Get ADB via apt-get?
-Not going to happen for
novices.
Even @evilsocket’s 101 tutorial
is too difficult:
https://www.evilsocket.net
5. The Droid Destruction Kit (DDK)
Dockerized browser-based
desktop with a set of app
reversal and traffic capture
tools.
(Embed in VirtualBox.)
Simple Zenity scripts to
push/pull .apk packages.
Distribute rooted ‘phones.
“Press this button to
Wireshark...”
First used at KCL in 2015,
with help from Darren
Martyn and Mustafa Al-
Bassam.
6. Don’t underestimate the value of learning.
AndroidManifest.xml:
“So these permissions are
classed as dangerous?”
“You can see which 3rd
-
parties are involved, but you
can’t in the PlayStore?”
Illustrate the general
absurdity. (Press the build-
number. Congratulations,
you’re a ‘Droid dev!”
7. Reading Java is hard...
...but people will surprise you.
Sometimes 2+2=4¼…
(e.g. Facebook ReactJS CDN)
Sometimes students teach you things.
8. Writing Java isn’t that hard!
“Digital Ecosystems of
Refugee Mobility”
(http://tinyurl.com/kclderm)
“The International Rescue
Committee”