Hacking Android

Hacking Android

by Srinivasa Rao Kotipalli, Mohammed A. Imran
Released July 2016
Publisher(s): Packt Publishing
ISBN: 9781785883149

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Explore every nook and cranny of the Android OS to modify your device and guard it against security threats

About This Book

  • Understand and counteract against offensive security threats to your applications
  • Maximize your device's power and potential to suit your needs and curiosity
  • See exactly how your smartphone's OS is put together (and where the seams are)

Who This Book Is For

This book is for anyone who wants to learn about Android security. Software developers, QA professionals, and beginner- to intermediate-level security professionals will find this book helpful. Basic knowledge of Android programming would be a plus.

What You Will Learn

  • Acquaint yourself with the fundamental building blocks of Android Apps in the right way
  • Pentest Android apps and perform various attacks in the real world using real case studies
  • Take a look at how your personal data can be stolen by malicious attackers
  • Understand the offensive maneuvers that hackers use
  • Discover how to defend against threats
  • Get to know the basic concepts of Android rooting
  • See how developers make mistakes that allow attackers to steal data from phones
  • Grasp ways to secure your Android apps and devices
  • Find out how remote attacks are possible on Android devices

In Detail

With the mass explosion of Android mobile phones in the world, mobile devices have become an integral part of our everyday lives. Security of Android devices is a broad subject that should be part of our everyday lives to defend against ever-growing smartphone attacks. Everyone, starting with end users all the way up to developers and security professionals should care about android security.

Hacking Android is a step-by-step guide that will get you started with Android security. You'll begin your journey at the absolute basics, and then will slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. On this journey you'll get to grips with various tools and techniques that can be used in your everyday pentests. You'll gain the skills necessary to perform Android application vulnerability assessment and penetration testing and will create an Android pentesting lab.

Style and approach

This comprehensive guide takes a step-by-step approach and is explained in a conversational and easy-to-follow style. Each topic is explained sequentially in the process of performing a successful penetration test. We also include detailed explanations as well as screenshots of the basic and advanced concepts.

Publisher resources

Download Example Code

Table of contents

  1. Hacking Android
    1. Table of Contents
    2. Hacking Android
    3. Credits
    4. About the Authors
    5. About the Reviewer
    6. www.PacktPub.com
      1. eBooks, discount offers, and more
        1. Why subscribe?
    7. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Downloading the example code
        2. Errata
        3. Piracy
        4. Questions
    8. 1. Setting Up the Lab
      1. Installing the required tools
        1. Java
      2. Android Studio
      3. Setting up an AVD
        1. Real device
        2. Apktool
        3. Dex2jar/JD-GUI
        4. Burp Suite
      4. Configuring the AVD
        1. Drozer
          1. Prerequisites
        2. QARK (No support for windows)
          1. Getting ready
        3. Advanced REST Client for Chrome
        4. Droid Explorer
        5. Cydia Substrate and Introspy
        6. SQLite browser
        7. Frida
          1. Setting up Frida server
          2. Setting up frida-client
            1. Testing the setup
        8. Vulnerable apps
        9. Kali Linux
      5. ADB Primer
        1. Checking for connected devices
        2. Getting a shell
        3. Listing the packages
        4. Pushing files to the device
        5. Pulling files from the device
        6. Installing apps using adb
        7. Troubleshooting adb connections
      6. Summary
    9. 2. Android Rooting
      1. What is rooting?
        1. Why would we root a device?
        2. Advantages of rooting
          1. Unlimited control over the device
          2. Installing additional apps
          3. More features and customization
        3. Disadvantages of rooting
          1. It compromises the security of your device
          2. Bricking your device
          3. Voids warranty
      2. Locked and unlocked boot loaders
        1. Determining boot loader unlock status on Sony devices
        2. Unlocking boot loader on Sony through a vendor specified method
        3. Rooting unlocked boot loaders on a Samsung device
      3. Stock recovery and Custom recovery
        1. Prerequisites
      4. Rooting Process and Custom ROM installation
        1. Installing recovery softwares
          1. Using Odin
          2. Using Heimdall
      5. Rooting a Samsung Note 2
      6. Flashing the Custom ROM to the phone
      7. Summary
    10. 3. Fundamental Building Blocks of Android Apps
      1. Basics of Android apps
        1. Android app structure
          1. How to get an APK file?
        2. Storage location of APK files
          1. /data/app/
          2. /system/app/
          3. /data/app-private/
            1. Example of extracting preinstalled apps
            2. Example of extracting user installed apps
      2. Android app components
        1. Activities
        2. Services
        3. Broadcast receivers
        4. Content providers
        5. Android app build process
      3. Building DEX files from the command line
      4. What happens when an app is run?
        1. ART – the new Android Runtime
      5. Understanding app sandboxing
        1. UID per app
        2. App sandboxing
        3. Is there a way to break out of this sandbox?
      6. Summary
    11. 4. Overview of Attacking Android Apps
      1. Introduction to Android apps
        1. Web Based apps
        2. Native apps
        3. Hybrid apps
      2. Understanding the app's attack surface
        1. Mobile application architecture
      3. Threats at the client side
      4. Threats at the backend
      5. Guidelines for testing and securing mobile apps
        1. OWASP Top 10 Mobile Risks (2014)
        2. M1: Weak Server-Side Controls
        3. M2: Insecure Data Storage
        4. M3: Insufficient Transport Layer Protection
        5. M4: Unintended Data Leakage
        6. M5: Poor Authorization and Authentication
        7. M6: Broken Cryptography
        8. M7: Client-Side Injection
        9. M8: Security Decisions via Untrusted Inputs
        10. M9: Improper Session Handling
        11. M10: Lack of Binary Protections
      6. Automated tools
        1. Drozer
        2. Performing Android security assessments with Drozer
          1. Installing testapp.apk
          2. Listing out all the modules
          3. Retrieving package information
      7. Identifying the attack surface
        1. Identifying and exploiting Android app vulnerabilities using Drozer
          1. Attacks on exported activities
            1. What is the problem here?
      8. QARK (Quick Android Review Kit)
        1. Running QARK in interactive mode
          1. Reporting
        2. Running QARK in seamless mode:
      9. Summary
    12. 5. Data Storage and Its Security
      1. What is data storage?
        1. Android local data storage techniques
          1. Shared preferences
          2. SQLite databases
          3. Internal storage
          4. External storage
      2. Shared preferences
        1. Real world application demo
      3. SQLite databases
      4. Internal storage
      5. External storage
      6. User dictionary cache
      7. Insecure data storage – NoSQL database
        1. NoSQL demo application functionality
      8. Backup techniques
        1. Backup the app data using adb backup command
        2. Convert .ab format to tar format using Android backup extractor
        3. Extracting the TAR file using the pax or star utility
        4. Analyzing the extracted content for security issues
      9. Being safe
      10. Summary
    13. 6. Server-Side Attacks
      1. Different types of mobile apps and their threat model
      2. Mobile applications server-side attack surface
        1. Mobile application architecture
      3. Strategies for testing mobile backend
        1. Setting up Burp Suite Proxy for testing
          1. Proxy setting via APN
          2. Proxy setting via Wi-Fi
          3. Bypass certificate warnings and HSTS
            1. HSTS – HTTP Strict Transport Security
        2. Bypassing certificate pinning
        3. Bypass SSL pinning using AndroidSSLTrustKiller
          1. Setting up a demo application
            1. Installing OWASP GoatDroid
        4. Threats at the backend
          1. Relating OWASP top 10 mobile risks and web attacks
          2. Authentication/authorization issues
            1. Authentication vulnerabilities
            2. Authorization vulnerabilities
          3. Session management
          4. Insufficient Transport Layer Security
          5. Input validation related issues
          6. Improper error handling
          7. Insecure data storage
          8. Attacks on the database
      4. Summary
    14. 7. Client-Side Attacks – Static Analysis Techniques
      1. Attacking application components
        1. Attacks on activities
          1. What does exported behavior mean to an activity?
          2. Intent filters
        2. Attacks on services
          1. Extending the Binder class:
          2. Using a Messenger
          3. Using AIDL
          4. Attacking AIDL services
        3. Attacks on broadcast receivers
        4. Attacks on content providers
          1. Querying content providers:
          2. Exploiting SQL Injection in content providers using adb
            1. Querying the content provider
            2. Writing a where condition:
        5. Testing for Injection:
          1. Finding the column numbers for further extraction
          2. Running database functions
          3. Finding out SQLite version:
          4. Finding out table names
      2. Static analysis using QARK:
      3. Summary
    15. 8. Client-Side Attacks – Dynamic Analysis Techniques
      1. Automated Android app assessments using Drozer
        1. Listing out all the modules
        2. Retrieving package information
        3. Finding out the package name of your target application
        4. Getting information about a package
        5. Dumping the AndroidManifes.xml file
        6. Finding out the attack surface:
        7. Attacks on activities
        8. Attacks on services
        9. Broadcast receivers
        10. Content provider leakage and SQL Injection using Drozer
        11. Attacking SQL Injection using Drozer
        12. Path traversal attacks in content providers
          1. Reading /etc/hosts
          2. Reading kernel version
        13. Exploiting debuggable apps
      2. Introduction to Cydia Substrate
      3. Runtime monitoring and analysis using Introspy
      4. Hooking using Xposed framework
      5. Dynamic instrumentation using Frida
        1. What is Frida?
          1. Prerequisites
          2. Steps to perform dynamic hooking with Frida
      6. Logging based vulnerabilities
      7. WebView attacks
        1. Accessing sensitive local resources through file scheme
        2. Other WebView issues
      8. Summary
    16. 9. Android Malware
      1. What do Android malwares do?
      2. Writing Android malwares
        1. Writing a simple reverse shell Trojan using socket programming
      3. Registering permissions
        1. Writing a simple SMS stealer
          1. The user interface
            1. Code for MainActivity.java
            2. Code for reading SMS
            3. Code for the uploadData() method
            4. Complete code for MainActivity.java
          2. Registering permissions
          3. Code on the server
          4. A note on infecting legitimate apps
      4. Malware analysis
        1. Static analysis
          1. Disassembling Android apps using Apktool
            1. Exploring the AndroidManifest.xml file
            2. Exploring smali files
          2. Decompiling Android apps using dex2jar and JD-GUI
        2. Dynamic analysis
          1. Analyzing HTTP/HTTPS traffic using Burp
          2. Analysing network traffic using tcpdump and Wireshark
      5. Tools for automated analysis
        1. How to be safe from Android malwares?
      6. Summary
    17. 10. Attacks on Android Devices
      1. MitM attacks
      2. Dangers with apps that provide network level access
      3. Using existing exploits
      4. Malware
      5. Bypassing screen locks
        1. Bypassing pattern lock using adb
          1. Removing the gesture.key file
          2. Cracking SHA1 hashes from the gesture.key file
        2. Bypassing password/PIN using adb
        3. Bypassing screen locks using CVE-2013-6271
      6. Pulling data from the sdcard
      7. Summary
    18. Index

Product information

  • Title: Hacking Android
  • Author(s): Srinivasa Rao Kotipalli, Mohammed A. Imran
  • Release date: July 2016
  • Publisher(s): Packt Publishing
  • ISBN: 9781785883149