Android Sec

8/11/2019 Android Sec

1/63

!"#"$%&'( *'+$,&+ *--%

./01&'( /'+ 0$/01&'( *'+$,&+ /--% &% "/%2


2/63

*("'+/

3%%4"% 5&' 67" -/%68

*'+$,&+ %"04$&62 9 0,+" 0,'0"-6

:"07'&;4"% -"$&"'0"% /'+ 67" ("'"$/? ;4/?&62 ,"+

@$,C%"$ #4?'"$/N&?&62 50,,1&" %6"/?&'(8P Q DE]E^

_"C 6"07'&;4" (,&'( 6, N" $"?"/%"+ &' _,#"KN"$

YN"$7"&+"9J/'&"P X,4$0" @/$0"?,'/


10/63

Y67"$ &%%4"%

H/0"N,,1`*-- aE GEb &% /N?" 6, $"/+9C$&6"9"+&6

X=X9==X

M?/&' /467"'L0/L,' 6,1"'%P \>"+

X=X $"0""$ &'0,$$"06P \>"+

.60?,(("$P .:A ,'?2

*-- $"#"$%&'( =/'2 K,$"


11/63

_40?"/$ 07/&' ,< 0,KK/'+EEE

>10+E0,K


12/63

EEE &% %&K&?/$ 6, 67" *'+$,&+ 07/&' , Y'" /-- R ,'" J&'4> 4%"$


16/63

*'+$,&+ 0,+"

e$&6" /-- &' d/#/ /'+ .:=J9d/#/%0$&-6 5*'+$,&+ XBf8 :7" ,N#&,4% /--$,/07

=,%6 /--%


17/63

:"07'&;4"%


18/63

GE S"h'( 74'+$"6% ,< *'+$,&+

*--% 5/-1 \?"%8


19/63

YN#&,4% +,C'?,/+ /--$,/07

Y-"' K/$1"6 /-- ,' K,N&?"

A?&01 /-- /'+ &'%6/??

XAM /-1 \?"


20/63

.,C 6, +,C'?,/+ /?? *'+$,&+ /--%

A,''"06 K,N&?" 6, ?/-6,- e&\ C&67 /&$N/%"`

'( 9 +'%K/%;

W%" &-6/N?"% 6, $"+&$"06 6, ?,0/? @4$-

67> *'+$,&+ 2 ,-L,'

@4$-g>6"'+"$ 6, %/#" $"%-,'%"% C&67 /-1 \?"%

X"'+ K,N&?" / .::M iFi ',6


21/63

3'%6/?? /?? /--%I

Y'" .::MX $";4"%6 6, K/$1"6E/'+$,&+E0,K

A7/'(" 67" /-- '/K"

0,KE(,,(?"E/'+$,&+E2,464N"

=,+&\"+ C]/< %-&+"$ 9 $"("> -?4(&'

X"/$07


22/63

B,C'?,/+ "'#&$,'K"'6


23/63

="6/+/6/

*N,46 ]FFkFFF /--% &' K/$1"6

A$/C?"+ /N,46 GFkFFF /-- '/K"%

X400"%%


24/63

DE B"0,K-&?"9+&%/%%"KN?"


25/63

:7" /-16,,? +&%/%%"KN?"+ %6$4064$"

+assets

+res

+drawable

-icon.png

+layout

-main.xml

+values

-strings.xml

+META-INF

-AndroidManifest.xml

-classes.dex

*-1 4'l&--"+

+assets

+res

+drawable

-icon.png

+layout

-main.xml

+values

-strings.xml

-AndroidManifest.xml

+smali

+com

+...

-apktool.yml

! /-16,,? +&%/%%"KN?"+


26/63

:C, /--$,/07"%

B&%/%%"KN?&'( 6, %K/?&

X&K&?/$ 6, d/%K&' %2'6/> 5d/#/ /%%"KN?"$ 0,+"8

*-16,,?

A,$$"06 %K/?& 0,+"

B&+'k6 4%" +">+4K-9+"+">"$

B"0,K-&?&'( 6, d/#/

B">Dd/$ m d/#/`B"0,K-&?"$ X,K"LK"% &'0,$$"06 d/#/ 0,+"


27/63

B&%/%%"KN?&'( 7,C6,

*-16,,?

me$ java -jar apktool.jar d app.apk output-folder


28/63

B&%/%%"KN?"+ ">/K-?"


29/63

!"/%%%"KN?&'( 7,C6,

*-16,,?

me$ echo "change something"

change something

me$ java -jar apktool.jar b output-folder/ fake-app.apk

[]me$ keytool -genkey -alias someone -validity 100000 -

keystore someone.keystore

[]

me$ jarsigner -keystore someone.keystore fake.apk someone

me$ adb install fake-app.apk


30/63

]E Y67"$ 6"07'&;4"%


31/63

."/- +4K-

me$ su

me# ps | grep kee

949 10082 183m S com.android.keepass

960 0 1964 S grep kee

me# kill -10 949

me# grep password /data/misc/heap-dump-tm1312268434-

pid949.hprof

thisisasecretpassword

3' *'+$,&+ n DE]

@4O,' &' BB=X 6,,? ,$ 0/??

/'+$,&+E,%EB"N4(E+4K-.-$,


32/63

3'#,1&'( *0L#&L"%

*0L#&L"% /$" N/%&0/??2 4%"$ &'6"$/K-?" +,"%'o6 C,$1

me$ dumpsys package > packages.txtme$ am start -n com.android.keepass/

com.keepassdroid.PasswordActivity


33/63

:,'% ,< ,67"$ 6,,?%

*'+$,(4/$+

*-1&'%-"06,$ SW3 0,KN&'&'( /-16,,?P +">Dp/$P / d/#/ +"0,K-&?"$P N26"

0,+"P "60E

BgB

/'+$,&+*4+&6:,,?%

XK/$6-7,'"%+4KN/--%

:/&'6+$,&+ 5M$/02 &%%4"%8

*'+$,&+ H,$"'%&0 :,,?1&6 #&/g>6$/06

=,$"


34/63

g>-"$&"'0"% C7"' +"0,K-&?&'(9

+&%/%%"KN?&'( ]o^FF /--%

H&'+&'( %"04$&62 $"?/6"+ &%%4"%


35/63

="6/+/6/

*N,46 ]k^FF /--%

Dk]FF 4'&;4" "K/&? /++$"%%"%

GkFFF q


36/63

J,C 7/'(&'(


37/63

./%7&'( /'+ "'0$2-L,' Z / %7,$6 N"%6

-$/0L0"% $"


38/63


39/63

f"2c=X@/?C/2%F

W%"+


40/63

W%"+6,%&('/?&%"67"%"$#"$6

7/6&'`

(/K"(,,+%C"$"-4$07/%"+


41/63


42/63


43/63

YN


44/63

YN


45/63

:"%6[[[[[Ep/#/

t"/7P ?"6k% 0,-29-/%6" / 6"%6 "K/&?u


46/63

:"%6[[[[[DEp/#/

*'+ 0$"+"'L/?%


47/63

X,K" /--% 3 ?,,1"+ /6 K,$"

0?,%"?2

5&6k% ("h'( C,$%"8


48/63

*-- G ` N/'1&'( /--

e7, $"/??2 C/'6% N/'1&'( ,' 67" K,N&?"I

* ?,6 ,< N/'1&'( /--%u t/2u

*-- G

_, ,N


49/63

*-- D

X"$#"$ 7/+ %"?


50/63

*-- D

*gX 1"2

public byte[] cryptKey42 = {-31, -21, 4, 24, -21,

54, -63, -40, -38, 61, -47, -115, -95, -36, -142,

64, 53, 120, -85, -96, -69, 85, 81, 16, -36, 80,

-102, 95, -20, 110, 36, -11};


51/63

*-- ] Z $,,6 +"6"0L,'

private boolean deviceRoot(){

try{

Runtime.getRuntime().exec("su");

return true;

}

catch (IOException localIOException){return false;

}

}


52/63

*-- ] Z A&$04K#"'L'( $,,6 +"6"0L,'

_,6 '"0"%%/$2


53/63

*-- i Z *',67"$ $,,6 +"6"0L,'

public static boolean isDeviceRooted(){

File f = new File(/system/sbin/su)

return f.exists()

}


54/63

*-- i ` !"K,#&'( $,,6 +"6"0L,'

me$ java -jar apktool.jar d app.apk source

[]

me$ sed -i "" 's/system\/sbin\/su/system\/sbin\/

CEW1PFSLK/g' source/smali/net/example/checks.smali

me$ java -jar apktool.jar b source/ fake.apk

[]me$ keytool -genkey -alias someone -validity 100000

-keystore someone.keystore

[]

me$ jarsigner -keystore someone.keystore fake.apk

someoneme$ adb install fake.apk

* i e 67 6 + 67 + 6


55/63

*-- i Z e/% 67/6 / (,,+ K"67,+ 6,

$"K,#" 67" $,,6 +"6"0L,'I

*?6"$&'( 67" /--

_, 4-+/6"%

e" ,'?2 C/'6 6,


56/63

*-- i ` M$"#"'6 $,,6 +"6"0L,'

me$ adb shell

$ su

# cd /system/bin/; mount -o remount,rw -o rootfs rootfs /;

mount -o remount,rw -o yaffs2 /dev/block/mtdblock3 /system

# echo $PATH

/sbin:/system/sbin:/system/bin:/system/xbin

# mv /system/sbin/su /system/xbin/

$,,6%6/2%$,,6u


57/63

* %-"0&/? %"0$"6 1"2

ii^ /--% 4%" 67" %/K" *gX 1"2

N26"vw / R x GFP ^^P `GGDP `iyP `bP yP GGP y^P `yP `GDGP

GDGP bzP {FP `bGP G^P ^ |


58/63

S,,(?" *+%

g'0$2-6 ?/%6 1',C' ?,0/L,'

*?? ?,0/L,' -$,#&+"$% 5SMXP e&\P EEE8

X"'+ #&/ 67" U44?"V dXY_ -/$/K"6"$

_,L\"+ S,,(?" ,' 67" D]67 ,< d4'"

_, $"%-,'%" 2"6

:, N" 7,'"%6 3 7/#"'o6 %""' 67" U44?"V

-/$/K"6"$ &' K2 '"6C,$1 2"6


59/63

S,,(?" *+%

e72 +&+'o6 67"2 4%" /%2KK"6$&0 0$2-6,I


60/63

A,4'6"$K"/%4$"%

W%" /%2KK"6$&0 0$2-6, &'%6"/+ ,< %2KK"6$&0C7"' 6$/'%


61/63

!"6~0&+RN&l~%,0K"+~6C&O"$~


62/63

:7>u

:C&O"$c s,2+~07

7O-c99s,2+E07


63/63

Android Sec

Documents

Transcript of Android Sec