The art of android hacking by Abhinav Mishra (0ctac0der)
3 likes740 views
The document presents a comprehensive overview of Android application hacking, focusing on architecture, security vulnerabilities, and essential tools for analysis. Abhinav Mishra, a senior security consultant, shares techniques for decompiling APK files, examining components, and utilizing tools like Drozer for security assessments. The session encourages practical learning and investigation into Android app security to address identified vulnerabilities.
The art of android hacking by Abhinav Mishra (0ctac0der)
- 1. The Art Of Android Hacking by, Abhinav Mishra (0ctac0der)
- 2. Who is this weird tall guy?? Abhinav Mishra | @0ctac0der Senior Security Consultant @ TOTHENEW Digital Top 5 Mobile Security Researcher | Synack Red Team (@SynackRedTeam) Web and Mobile Application Security Researcher Bug Bounty Hunter, Speaker, Trainer, Traveler, Movie buff Have you seen “Mr. Robot” ? Any comments? Link
- 3. What is he talking about?? ● Android application security ○ Android architecture ○ Application structure ○ Cool tools and distributions ○ Emulators, Devices, Attacks, Vulnerabilities ….. ● What (& How) to look for in an android application ● Some interesting findings ● (Random talks) ● Cool demonstrations ● Next steps to learn android appsec
- 4. Que le jeu commence….. Quick Questions ● What all you know about android… ● Application structure ● Vulnerability ? Okay, my turn now ● What you want to know/learn? ● What you want me to demo? ● Any tool you love? We can talk….
- 5. Quick Android Walkthrough ● Linux Kernel ● Privilege separation Model (UID & GID) ● Android Permission model (android manifest) ● APK components: ○ AndroidManifest.xml ○ Classes.dex ○ META-INF ○ Resources.arsc ○ Assets ○ Res ○ Lib
- 6. Reversing a cute APK Things I am going to do in next 10-15 minutes: ● Choose any apk ● Decompile with apktool | $apktool d package_name.apk ● Read and understand the AndroidManifest.xml ● Showing components in the code: ○ Activities, Broadcast receivers, Content providers …. ● Extract the apk with any extractor ● Change the classes.dex to jar | $dex2jar classes.dex ● Show multiple java classes ● Possible issues to be discovered ● SMALI files and converting to JAR
- 7. Tools & Demos ● Emulators??? ○ Genymotion ○ Android Studio | AVD ● ADB (Android Debug Bridge) ○ $adb install ○ $ adb pull / push ● AppUse Virtual Machine ● Android Monitor / Logcat ● Application Local files
- 8. Drozer Basics ● Drozer client and server ● Setting up the console ● Basic commands: ○ $ run app.packer.list ○ $run app.package.info ○ $run app.package.attacksurface ○ $ run app.activity.start
- 9. 15 min checks 1. Debuggable | Backup : True ??? 2. AndroidManifest: Permissions 3. Hardcoded stuff 4. SSL Pinning ?? 5. Drozer: attack surface | exported components 6. Local storage encryption 7. Sdcard storage | public folder usage 8. TLS protection check
- 10. Because Money matters Vulnerability 1 Date: Mar-2014 Issue: Debuggable = True Bounty: $500 How to check: APK AndroidManifest.xml “debuggable=true”
- 11. Because Money matters Vulnerability 2 Date: May-2015 Issue: App fragment injection Bounty: $250 How to check: Anyone?
- 12. Because Money matters Vulnerability 3 Date: May-2015 Issue: Hardcoded Account Credentials Bounty: $200 How to check: Anyone?
- 13. Because Money matters Vulnerability 4 Date: June-2015 Issue: Exported component malicious usage Bounty: $1000 How to check: Anyone?
- 14. Because Money matters Vulnerability 5 Date: Oct-2015 Issue: Parameter manipulation Bounty: $1000 How to check: Let me explain this one to you.
- 15. My virtual machine (Droider) Prerequisites ● 16 GB RAM ● Intel COREi7 processor ● 500 GB free hard disk space ● Minimum internet speed required 50 MBPS ● Google Nexus 7 device, rooted
- 16. What Next …. ● Learn more ● Read online ● Use tools: Drozer, QARK etc. ● Start practising