Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

CNIT 128 6. Analyzing Android Applications (Part 3)

93 Aufrufe

Veröffentlicht am

For a college class: Hacking Mobile Devices at CCSF

Instructor: Sam Bowne
More info: https://samsclass.info/128/128_S19.shtml

Veröffentlicht in: Bildung
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

CNIT 128 6. Analyzing Android Applications (Part 3)

  1. 1. CNIT 128 Hacking Mobile Devices 6. Analyzing Android Applications Part 3
  2. 2. Topics • Part 1 • Creating Your First Android Environment • Understanding Android Applications • Part 2 • Understanding the Security Model: p 205-222 • Part 3 • Understanding the Security Model: p 222ff • Reverse-Engineering Applications
  3. 3. Topics in Part 3 • Generic Exploit Mitigation Protections • Rooting Explained • Reverse-Engineering Applications
  4. 4. Generic Exploit Mitigation Protections
  5. 5. Exploit Mitigations • Make the underlying OS more secure • So even unpatched legacy code is safer • Many of these mitigations are inherited from Linux
  6. 6. Kernel Protections
  7. 7. Rooting Explained
  8. 8. Root Access • By default Android doesn't allow users to use root • Rooting typically adds a su binary • Allows elevation to root • So su itself must run as root
  9. 9. SUID Permissions • Runs with owner's permissions • Even when launched by someone else
  10. 10. Security of su • On Linux, it asks for a password to allow elevation • On Android, it pops up a box like this
  11. 11. Rooting Methods • Using an exploit • Using an unlocked bootloader
  12. 12. Exploits • Gingerbreak • Exploited vold to write to the Global Offset Table (GOT) in Android 2.2 and 3.0 • Bug in Google's original Android • Exynos abuse • Bug in driver for exynos processors, used by Samsung • Only affected some devices
  13. 13. • Samsung Admire • Exploited dump files and logs to change pemissions on adb • Worked only on specific device • Ace Iconia • Pre-installed SUID binary with code injection vulnerabiliti Exploits
  14. 14. • Master Key • Make a modified system app • Re-install it with the same signature • Works on most Android versions prior to 4.2 • Towelroot • Exploits locks used when threading • Rooted many devices Exploits
  15. 15. • Flash new firmware onto device • A new recovery image, or • A rooted kernel image containing su • May void warranty or brick your phone Unlocked Bootloader
  16. 16. Cyagenmod • Link Ch 6h
  17. 17. • Link Ch 6i
  18. 18. Reverse-Engineering Applications
  19. 19. In the Projects • Pulling an APK from the phone with adb • Disassemble with apktool
  20. 20. Vulnerability Scanning • Qark and AndroBugs
  21. 21. Jadx
  22. 22. Code Modification
  23. 23. Repacking and Signing

×