Introduction to the Android OS. the Android Developers Kit, Android Emulators, Rooting Android devices, de-compiling Android Apps. Dex2jar, Java JD_GUI and so on. During the presentation I will pull an App apart and show how to bypass a login screen.
What better way to express the Zombie Apocalypse then with mobile devices. They are ubiquitous. they are carried everywhere, they go everywhere. Having a decent understanding of the Operating System and it’s vulnerabilities can go a long way towards keeping your device protected.
3. About Me
Ex Military “31 Mic” Microwave Communications - 34th Signal Battalion
Lab Developer for Jones and Bartlett Publishing
CEI – CEH V8
Martial Art Nutcase
Co-creator of Cyber Kung Fu
4. Reverse Engineering
• Understand how applications work
• Analyze them
• Find vulnerabilities
• Uncover hard coded information
6. • Natural Curiosity
• MacGyver Fan
• CEH V8 mobile sucked
• Humongous Installed Base
• Self Defense
7. Lots of important information
• Contacts
• Messages
• Photos
• Email
• GPS co-ordinates
• Personal notes
• Stored accounts
• Web traffic
• Application configs and credentials
8. Double Edged Sword
• User moves between work and personal environments
• Carries Corporate Data
• Device can be compromised in less secure areas
• Compromised device is then connected to work
environment
9. Theft and Loss
• Weak protective mechanisms
• Compounded by users turning off security features
• Rooted devices
10. More Problems
• Increasing everyday use
• Users not educated
• Mix of personal and business use
• Always connected to internet
19. C/C++ Libraries
• Exposed to developer via Java API
• Kind of a transaction layer between kernel and
application framework
• Provides common services for apps
21. Runtime
• DVM – Dalvik Virtual Machine
• Efficient and Secure mobile environment
22. Secure
• Each app runs in its own instance
• Unique ID and VM
• Separate memory and files
23. Application Framework
• Compiled java code running in DVM
• Provides services to multiple apps
• Layer that 3rd party developers interact with
• Abstract access to key resources
25. Privilege Separation & Sandboxing
• Based on Linux security model
• Each user is assigned a unique ID (UID)
• Each user can be assigned to Groups
• Each Group has an unique ID (GID)
27. Sandboxing
• Two or more applications can communicate
• Provided they grant permissions
• Implemented in the kernel
• Extended to all software above 1st layer
28. App Separation
• Kernel assigns unique UID
• Runs as that user in separate process
• Different than multiuser OS
29. File Separation
• New apps get new UIDs
• Extended across memory cards
• All associated DB and files use the new UID
31. Separate File Permission Groups
• Note – only the associated UID and root UID have full privileges on
these resources unless the developer exposes files to other apps.
32. SD Cards
• Everyone (Whole World) has access Storage
• Currently vfat fs
• Doesn’t support granular permissions
• Note – good place for privilege escalation
34. SharedPreferences
• Allows app to store and retrieve persistent key values
• Persist across device sessions
• Accesss using the SharedPreferences Object
• Stored as XML
• /data/data/”app”/shared_prefs
• Example
35. SQLite3
• Full Support
• Accessed via the UID of the related app
• /data/data/”app”/databases
36. Application Signing
• Ensures Integrity and Authenticity
• APK must be signed
• Inhibits tampering
• Aids confidentiality by insuring where it came from
• Apps signed with same key can share UID, Process, Memory,
Data Storage and Sandbox
37. Signing Quirks
• Apps can be disassembled and changed
• Can be resigned with same certificate if you have key
• Multiple apps can use same certificate
• App can be manipulated to accept same certificate
• Debugging certificate
38. App access to resources
• Developer limits access to required resources
• Helps to inhibit rogue apps from taking over
• Text, GPS, MMS, camera, microphone, contacts
39. API Permissions
• AndroidManifest.xml
• Used by trusted applications
• Tracks what the user is allowed to do
• Each app must have an AndroidManifest.xml
40. Permission Model
• System displays permissions
• Helps user to decide to trust app or not.
Normal – Dangerous – Signature – Signature or System
42. Activity
• Provides a screen and allows a user to interact with it.
• A window where the user interface is defined
43. Content Providers
• Allow efficient data sharing between processes & applications
• Allow applications to access the stored data of other
applications
• Use relational databases similar to tables
• Each row is an Instance each column is a Type
• Pic
48. Intents
• Mechanisms for asynchronous IPC (Inter Process Communication)
• Allow app to send or broadcast messages to specific components
• Control task and transport data
• Components like Activities, Broadcast Receivers & Services are
activated via Intents
• Contain a large amount of information
• Parsed by OS & used by the receiver to take action
• Contain category and instruction for activity launch
Action – Data – Type – Category (note)
49. Google Bouncer
• Automatically scans Android Market looking for malicious Apps
• Checks new applications
• Apps already in Store
• Developer accounts
• No restrictions on upload process
• Can be bypassed
50. Rooting
• Gain Root permissions
• Allow access and editing of Carrier and Manufacturer apps
• Install Custom Software (ROMs)
• Install different Android Version
• Wi Fi tethering
• Overclocking
• Removing Fluff-ware
51. Some Rooting Techniques
• Depends on the device
• OneClickRoot
• SuperOneClick
• z4Root
• GingerBreak
• UnlockRoot
52. The SDK
• Windows and Linux
• SDk & Eclipse
• Virtual Devices (emulators)
• Allows interaction with virtual and real devices
– Browse files
– Create, install, extract apps
– Get shells
– SSH & VNC
53. SDK continued
• Eclipse
• ADT – Android Developer Tools
– Signing
– Debugging
– Important for developer & tester
– Use Android SDK Tools
• IDE – integrated Development Environment
61. What we can do with a Virtual Device
• Send and receive text between devices
• make calls
• interact with the touch screen if you have one on your host
• browse file
• threads
62. Commands Available
• the VM can be run from the command line
• Command - adb devices
• adb connect <device name>
• note the number reference the port used
100. Folders & Uses
bin – same as Linux
libs - same as Linux
res - resources
• drawables – images for layouts
• layout –user interface *
• values – string.xml – styles.xml – dimens.xml - colors