Hacking Android explore every nook and cranny of the Android OS to modify your device and guard it against security threats
"Hacking Android is a step-by-step guide that will get you started with Android security. You'll begin your journey at the absolute basics, and then will slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. On this...
| Main Authors: | , |
|---|---|
| Format: | eBook |
| Language: | English |
| Published: |
Birmingham, UK
Packt Publishing
2016
|
| Series: | Community experience distilled
|
| Subjects: | |
| Online Access: | |
| Collection: | O'Reilly - Collection details see MPG.ReNa |
Table of Contents:
- Services
- Broadcast receivers
- Content providers
- Android app build process
- Building DEX files from the command line
- What happens when an app is run?
- ART
- the new Android Runtime
- Understanding app sandboxing
- UID per app
- App sandboxing
- Is there a way to break out of this sandbox?
- Summary
- Chapter 4: Overview of Attacking Android Apps
- Introduction to Android apps
- Web Based apps
- Native apps
- Hybrid apps
- Understanding the app's attack surface
- Mobile application architecture
- Threats at the client side
- Threats at the backend
- Guidelines for testing and securing mobile apps
- OWASP Top 10 Mobile Risks (2014)
- M1: Weak Server-Side Controls
- M2: Insecure Data Storage
- M3: Insufficient Transport Layer Protection
- M4: Unintended Data Leakage
- M5: Poor Authorization and Authentication
- M6: Broken Cryptography
- M7: Client-Side Injection
- M8: Security Decisions via Untrusted Inputs
- M9: Improper Session Handling
- M10: Lack of Binary Protections
- Automated tools
- Drozer
- Performing Android security assessments with Drozer
- Installing testapp.apk
- Listing out all the modules
- Retrieving package information
- Identifying the attack surface
- Identifying and exploiting Android app vulnerabilities using Drozer
- QARK (Quick Android Review Kit)
- Running QARK in interactive mode
- Reporting
- Running QARK in seamless mode:
- Summary
- Chapter 5: Data Storage and Its Security
- What is data storage?
- Android local data storage techniques
- Shared preferences
- SQLite databases
- Internal storage
- External storage
- Shared preferences
- Real world application demo
- SQLite databases
- Internal storage
- External storage
- User dictionary cache
- Insecure data storage
- NoSQL database
- NoSQL demo application functionality
- Backup techniques
- Finding out the package name of your target application
- Getting information about a package
- Dumping the AndroidManifes.xml file
- Finding out the attack surface:
- Attacks on activities
- Attacks on services
- Broadcast receivers
- Content provider leakage and SQL Injection using Drozer
- Attacking SQL Injection using Drozer
- Path traversal attacks in content providers
- Reading /etc/hosts
- Reading kernel version
- Exploiting debuggable apps
- Introduction to Cydia Substrate
- Runtime monitoring and analysis using Introspy
- Hooking using Xposed framework
- Dynamic instrumentation using Frida
- What is Frida?
- Prerequisites
- Steps to perform dynamic hooking with Frida
- Logging based vulnerabilities
- WebView attacks
- Accessing sensitive local resources through file scheme
- Other WebView issues
- Summary
- Chapter 9: Android Malware
- What do Android malwares do?
- Writing Android malwares
- Writing a simple reverse shell Trojan using socket programming
- Registering permissions
- Writing a simple SMS stealer
- The user interface
- Registering permissions
- Code on the server
- A note on infecting legitimate apps
- Malware analysis
- Static analysis
- Disassembling Android apps using Apktool
- Decompiling Android apps using dex2jar and JD-GUI
- Dynamic analysis
- Analyzing HTTP/HTTPS traffic using Burp
- Analysing network traffic using tcpdump and Wireshark
- Tools for automated analysis
- How to be safe from Android malwares?
- Summary
- Chapter 10: Attacks on Android Devices
- MitM attacks
- Dangers with apps that provide network level access
- Using existing exploits
- Malware
- Bypassing screen locks
- Bypassing pattern lock using adb
- Removing the gesture.key file
- Cracking SHA1 hashes from the gesture.key file
- Bypassing password/PIN using adb
- Bypassing screen locks using CVE-2013-6271
- Pulling data from the sdcard
- Summary
- Index
- Cover
- Copyright
- Credits
- About the Authors
- About the Reviewer
- www.PacktPub.com
- Table of Contents
- Preface
- Chapter 1: Setting Up the Lab
- Installing the required tools
- Java
- Android Studio
- Setting up an AVD
- Real device
- Apktool
- Dex2jar/JD-GUI
- Burp Suite
- Configuring the AVD
- Drozer
- Prerequisites
- QARK (No support for windows)
- Getting ready
- Advanced REST Client for Chrome
- Droid Explorer
- Cydia Substrate and Introspy
- SQLite browser
- Frida
- Setting up Frida server
- Setting up frida-client
- Vulnerable apps
- Kali Linux
- ADB Primer
- Checking for connected devices
- Getting a shell
- Listing the packages
- Pushing files to the device
- Pulling files from the device
- Installing apps using adb
- Troubleshooting adb connections
- Summary
- Chapter 2: Android Rooting
- What is rooting?
- Why would we root a device?
- Advantages of rooting
- Unlimited control over the device
- Installing additional apps
- More features and customization
- Disadvantages of rooting
- It compromises the security of your device
- Bricking your device
- Voids warranty
- Locked and unlocked boot loaders
- Determining boot loader unlock status on Sony devices
- Unlocking boot loader on Sony through a vendor specified method
- Rooting unlocked boot loaders on a Samsung device
- Stock recovery and Custom recovery
- Prerequisites
- Rooting Process and Custom ROM installation
- Installing recovery softwares
- Using Odin
- Using Heimdall
- Rooting a Samsung Note 2
- Flashing the Custom ROM to the phone
- Summary
- Chapter 3: Fundamental Building Blocks of Android Apps
- Basics of Android apps
- Android app structure
- How to get an APK file?
- Storage location of APK files
- /data/app/
- /system/app/
- /data/app-private/
- Android app components
- Activities
- Backup the app data using adb backup command
- Convert .ab format to tar format using Android backup extractor
- Extracting the TAR file using the pax or star utility
- Analyzing the extracted content for security issues
- Being safe
- Summary
- Chapter 6: Server-Side Attacks
- Different types of mobile apps and their threat model
- Mobile applications server-side attack surface
- Mobile application architecture
- Strategies for testing mobile backend
- Setting up Burp Suite Proxy for testing
- Proxy setting via APN
- Proxy setting via Wi-Fi
- Bypass certificate warnings and HSTS
- Bypassing certificate pinning
- Bypass SSL pinning using AndroidSSLTrustKiller
- Setting up a demo application
- Threats at the backend
- Relating OWASP top 10 mobile risks and web attacks
- Authentication/authorization issues
- Session management
- Insufficient Transport Layer Security
- Input validation related issues
- Improper error handling
- Insecure data storage
- Attacks on the database
- Summary
- Chapter 7: Client-Side Attacks
- Static Analysis Techniques
- Attacking application components
- Attacks on activities
- What does exported behavior mean to an activity?
- Intent filters
- Attacks on services
- Extending the Binder class:
- Using a Messenger
- Using AIDL
- Attacking AIDL services
- Attacks on broadcast receivers
- Attacks on content providers
- Querying content providers:
- Exploiting SQL Injection in content providers using adb
- Testing for Injection:
- Finding the column numbers for further extraction
- Running database functions
- Finding out SQLite version:
- Finding out table names
- Static analysis using QARK:
- Summary
- Chapter 8: Client-Side Attacks
- Dynamic Analysis Techniques
- Automated Android app assessments using Drozer
- Listing out all the modules
- Retrieving package information