Hacking Android : explore every nook and cranny of the Android OS to modify your device and guard it against security threats / Srinivasa Rao Kotipalli, Mohammed A. Imran.

Format:

Book

Author/Creator:

Kotipalli, Srinivasa Rao, author.

Imran, Mohammed A., author.

Series:

Community experience distilled.

Community experience distilled

Language:

English

Subjects (All):

Android (Electronic resource).

Operating systems (Computers)--Security measures.

Operating systems (Computers).

Physical Description:

1 online resource (376 pages) : color illustrations.

Edition:

1st edition

Place of Publication:

Birmingham : Packt Publishing, 2016.

System Details:

text file

Summary:

Explore every nook and cranny of the Android OS to modify your device and guard it against security threats About This Book Understand and counteract against offensive security threats to your applications Maximize your device's power and potential to suit your needs and curiosity See exactly how your smartphone's OS is put together (and where the seams are) Who This Book Is For This book is for anyone who wants to learn about Android security. Software developers, QA professionals, and beginner- to intermediate-level security professionals will find this book helpful. Basic knowledge of Android programming would be a plus. What You Will Learn Acquaint yourself with the fundamental building blocks of Android Apps in the right way Pentest Android apps and perform various attacks in the real world using real case studies Take a look at how your personal data can be stolen by malicious attackers Understand the offensive maneuvers that hackers use Discover how to defend against threats Get to know the basic concepts of Android rooting See how developers make mistakes that allow attackers to steal data from phones Grasp ways to secure your Android apps and devices Find out how remote attacks are possible on Android devices In Detail With the mass explosion of Android mobile phones in the world, mobile devices have become an integral part of our everyday lives. Security of Android devices is a broad subject that should be part of our everyday lives to defend against ever-growing smartphone attacks. Everyone, starting with end users all the way up to developers and security professionals should care about android security. Hacking Android is a step-by-step guide that will get you started with Android security. You'll begin your journey at the absolute basics, and then will slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. On this journey you'll get to grips with various tools and techniques that can be used in your everyday pentests. You'll gain the skills necessary to perform Android application vulnerability assessment and penetration testing and will create an Android pentesting lab. Style and approach This comprehensive guide takes a step-by-step approach and is explained in a conversational and easy-to-follow style. Each topic is explained sequentially in the process of performing a successful penetration test. We also include detailed explanations as well as screensho...

Contents:

Cover

Copyright

Credits

About the Authors

About the Reviewer

www.PacktPub.com

Table of Contents

Preface

Chapter 1: Setting Up the Lab

Installing the required tools

Java

Android Studio

Setting up an AVD

Real device

Apktool

Dex2jar/JD-GUI

Burp Suite

Configuring the AVD

Drozer

Prerequisites

QARK (No support for windows)

Getting ready

Advanced REST Client for Chrome

Droid Explorer

Cydia Substrate and Introspy

SQLite browser

Frida

Setting up Frida server

Setting up frida-client

Vulnerable apps

Kali Linux

ADB Primer

Checking for connected devices

Getting a shell

Listing the packages

Pushing files to the device

Pulling files from the device

Installing apps using adb

Troubleshooting adb connections

Summary

Chapter 2: Android Rooting

What is rooting?

Why would we root a device?

Advantages of rooting

Unlimited control over the device

Installing additional apps

More features and customization

Disadvantages of rooting

It compromises the security of your device

Bricking your device

Voids warranty

Locked and unlocked boot loaders

Determining boot loader unlock status on Sony devices

Unlocking boot loader on Sony through a vendor specified method

Rooting unlocked boot loaders on a Samsung device

Stock recovery and Custom recovery

Rooting Process and Custom ROM installation

Installing recovery softwares

Using Odin

Using Heimdall

Rooting a Samsung Note 2

Flashing the Custom ROM to the phone

Chapter 3: Fundamental Building Blocks of Android Apps

Basics of Android apps

Android app structure

How to get an APK file?

Storage location of APK files

/data/app/

/system/app/

/data/app-private/

Android app components

Activities.

Services

Broadcast receivers

Content providers

Android app build process

Building DEX files from the command line

What happens when an app is run?

ART - the new Android Runtime

Understanding app sandboxing

UID per app

App sandboxing

Is there a way to break out of this sandbox?

Chapter 4: Overview of Attacking Android Apps

Introduction to Android apps

Web Based apps

Native apps

Hybrid apps

Understanding the app's attack surface

Mobile application architecture

Threats at the client side

Threats at the backend

Guidelines for testing and securing mobile apps

OWASP Top 10 Mobile Risks (2014)

M1: Weak Server-Side Controls

M2: Insecure Data Storage

M3: Insufficient Transport Layer Protection

M4: Unintended Data Leakage

M5: Poor Authorization and Authentication

M6: Broken Cryptography

M7: Client-Side Injection

M8: Security Decisions via Untrusted Inputs

M9: Improper Session Handling

M10: Lack of Binary Protections

Automated tools

Performing Android security assessments with Drozer

Installing testapp.apk

Listing out all the modules

Retrieving package information

Identifying the attack surface

Identifying and exploiting Android app vulnerabilities using Drozer

QARK (Quick Android Review Kit)

Running QARK in interactive mode

Reporting

Running QARK in seamless mode:

Chapter 5: Data Storage and Its Security

What is data storage?

Android local data storage techniques

Shared preferences

SQLite databases

Internal storage

External storage

Real world application demo

User dictionary cache

Insecure data storage - NoSQL database

NoSQL demo application functionality

Backup techniques.

Backup the app data using adb backup command

Convert .ab format to tar format using Android backup extractor

Extracting the TAR file using the pax or star utility

Analyzing the extracted content for security issues

Being safe

Chapter 6: Server-Side Attacks

Different types of mobile apps and their threat model

Mobile applications server-side attack surface

Strategies for testing mobile backend

Setting up Burp Suite Proxy for testing

Proxy setting via APN

Proxy setting via Wi-Fi

Bypass certificate warnings and HSTS

Bypassing certificate pinning

Bypass SSL pinning using AndroidSSLTrustKiller

Setting up a demo application

Relating OWASP top 10 mobile risks and web attacks

Authentication/authorization issues

Session management

Insufficient Transport Layer Security

Input validation related issues

Improper error handling

Insecure data storage

Attacks on the database

Chapter 7: Client-Side Attacks - Static Analysis Techniques

Attacking application components

Attacks on activities

What does exported behavior mean to an activity?

Intent filters

Attacks on services

Extending the Binder class:

Using a Messenger

Using AIDL

Attacking AIDL services

Attacks on broadcast receivers

Attacks on content providers

Querying content providers:

Exploiting SQL Injection in content providers using adb

Testing for Injection:

Finding the column numbers for further extraction

Running database functions

Finding out SQLite version:

Finding out table names

Static analysis using QARK:

Chapter 8: Client-Side Attacks - Dynamic Analysis Techniques

Automated Android app assessments using Drozer

Retrieving package information.

Finding out the package name of your target application

Getting information about a package

Dumping the AndroidManifes.xml file

Finding out the attack surface:

Content provider leakage and SQL Injection using Drozer

Attacking SQL Injection using Drozer

Path traversal attacks in content providers

Reading /etc/hosts

Reading kernel version

Exploiting debuggable apps

Introduction to Cydia Substrate

Runtime monitoring and analysis using Introspy

Hooking using Xposed framework

Dynamic instrumentation using Frida

What is Frida?

Steps to perform dynamic hooking with Frida

Logging based vulnerabilities

WebView attacks

Accessing sensitive local resources through file scheme

Other WebView issues

Chapter 9: Android Malware

What do Android malwares do?

Writing Android malwares

Writing a simple reverse shell Trojan using socket programming

Registering permissions

Writing a simple SMS stealer

The user interface

Code on the server

A note on infecting legitimate apps

Malware analysis

Static analysis

Disassembling Android apps using Apktool

Decompiling Android apps using dex2jar and JD-GUI

Dynamic analysis

Analyzing HTTP/HTTPS traffic using Burp

Analysing network traffic using tcpdump and Wireshark

Tools for automated analysis

How to be safe from Android malwares?

Chapter 10: Attacks on Android Devices

MitM attacks

Dangers with apps that provide network level access

Using existing exploits

Malware

Bypassing screen locks

Bypassing pattern lock using adb

Removing the gesture.key file

Cracking SHA1 hashes from the gesture.key file

Bypassing password/PIN using adb.

Bypassing screen locks using CVE-2013-6271

Pulling data from the sdcard

Index.

Notes:

Includes index.

Description based on online resource; title from PDF title page (ebrary, viewed March 6, 2017).

ISBN:

9781785888007

1785888005

OCLC:

955140515