Andriod Pentesting and Malware Analysis


Published on

null Hyderabad Chapter January 2013 Meet

Published in: Education

Andriod Pentesting and Malware Analysis

  1. 1. Srinivasa RaoIndependent Security ResearcherWorking for TCSCo-Author of the book “HACKING S3CRETS”
  2. 2. What we discuss? Android OS Basics Understanding APK Android Architechture Android Security Model Android Rooting A Brief look into android malwares Reversing android malwares Pentesting on Android platform Demos
  3. 3. What is Android? Android is a software stack for mobile devices. The stack consists of An Operating System, Middleware and Key mobile applications It is initially developed by Android Inc in 2003 and later acquired by Google in 2005. 2007 – OHA(Open Handset Alliance) Largest market share HTC Dream – the first commercially available mobile phone based on android based operating system.
  4. 4. Why Android? Wherever you go it follows you!! (Tablets, mobile phones, TVs) Open source Anyone can develop apps! No restrictions like Iphone Runs on Linux 2.6.X kernel Uses SQLITE databases Official market containing over 7,00,000 apps
  5. 5. Understanding the APK Every app contains the extension  .APK Nothing but a zip file Can be extracted with winrar or winzip. Written in Java, with native libraries in C/C++ Composed of components such as activities, services, Broadcast Receivers etc.
  6. 6. Understanding the APK
  7. 7. Understanding the APK
  8. 8. Components Activity Screen to let users interact – Buttons, text view, image view etc. Service Performs the work in the back ground – playing music Broadcast receiver Receives and Responds to broadcast announcements Binds individual components at runtime Intents Stores and retrieves the application data – SQLITE databases Content Providers
  9. 9. Permissions – They Suck!! Declared in AndroidManifest.xml XML file contains all the components and permissions App can only use the declared permissions
  11. 11. Android Security Model Application 1 Application 2 Application 3 UID : 1000 UID : 1001 UID : 1002 Dalvik VM Dalvik VM Dalvik VM Application 4 Application 5 UID : 1003 UID : 1004 Dalvik VM Dalvik VM SYSTEM PROCESS (UID : SYSTEM) LINUX KERNEL
  12. 12. Dalvik Virtual Machine Created by Dan Bornstein It’s a virtual System to run the android apps Register based instead of stack based It runs the dex (Dalvik Executables) files
  13. 13. Some popular android malwares Geniemi Droid dream Trojan fake player iCalender
  14. 14. Making the APK .java .class .dex .apk
  15. 15. Reversing the APK .java .class .dex .apk
  16. 16. Reversing tools… Tools used APK TOOL. BAKSMALI DEX2JAR. JDGUI.
  17. 17. File System Access •Android Debug Bridge (adb) command Access a shell. Pull/push files. Many more.
  18. 18. Greetzzzzz