Humla workshop on Android Security Testing - null Singapore
-
Upload
nu-the-open-security-community -
Category
Technology
-
view
363 -
download
2
Transcript of Humla workshop on Android Security Testing - null Singapore
mwrinfosecurity.com | MWR InfoSecurity 1 mwrinfosecurity.com | MWR InfoSecurity
Android Penetration Testing Workshop31st March 2016Hamla (Null – SG)
mwrinfosecurity.com | MWR InfoSecurity 2
About Me• I am working with MWR Infosecurity as a security
consultant, offering professional penetration tests to help clients improve their level of IT security.
• Double Masters (Research) in Information Security
• OSCP/CRT/OSCE Certified
mwrinfosecurity.com | MWR InfoSecurity 3
DisclaimerNo Android Architecture
No Android Permission Model
No Java Programming
No Zero-Day Vulnerability
mwrinfosecurity.com | MWR InfoSecurity 4
Outline
Android Basics Android Attack Surface
Demo
Reverse Engineering (.apk) Static Analysis Demo
Dynamic Analysis Demo
mwrinfosecurity.com | MWR InfoSecurity 5
Environment Setup• VMPlayer
• Ubuntu 14.04
• Genymotion (Android 4.1.1)
• Tools – apktool, jd-gui, dex2jar, android studio
• Vulnerable APKs
mwrinfosecurity.com | MWR InfoSecurity 6
Android Basic• The communication between applications is performed
in a well-defined manner that is strictly facilitated by akernel module named binder, which is an Inter-Process Communication (IPC) system.
• Android applications can make use of four standard components that can be invoked via calls to binder – Activities, Services, Broadcast Receivers, Content Providers.
mwrinfosecurity.com | MWR InfoSecurity 7
Android Basic• Activities represent visual screens of an application
with which users interact. For example, when you launch an application, you see its main activity.
• Services are components that do not provide a graphical interface. They provide the facility to perform tasks that are long running in the background and run even when user has opened another application.
mwrinfosecurity.com | MWR InfoSecurity 8
Android Basic• Broadcast receivers are non-graphical components
that allow an application to register for certainsystems or application events.
• Content providers are the data storehouses of an application, that provide a standard way to retrieve, modify, and delete data.
mwrinfosecurity.com | MWR InfoSecurity 9
Android Basic• Each Android package contains a file named
AndroidManifest. xml in the root of the archive. This file defines the package configuration, application components, and security attributes.
• An intent is a defined object used for messaging which is created and communicated to an intended application component.
mwrinfosecurity.com | MWR InfoSecurity 10
Attacking Android Application• Exploiting Activities• Exploiting Insecure Content Providers• Attacking Insecure Services• Abusing Broadcast Receivers
mwrinfosecurity.com | MWR InfoSecurity 11
Drozer• Drozer is an Android assessment tool.
• Drozer has two distinct use cases – • Finding vulnerabilities in applications or devices• Providing exploits and useful payloads for known
vulnerabilities.
• For more information – https://labs.mwrinfosecurity.com/tools/drozer/
mwrinfosecurity.com | MWR InfoSecurity 12
How Drozer works • Drozer is a distributed system that makes use of some key components -
• Agent— A lightweight Android application that runs on the device or emulator being used for testing.
• Console—A command-line interface running on your computer that allows you to interact with the device through the agent
• Server—Provides a central point where consoles and agents can route sessions between them.
mwrinfosecurity.com | MWR InfoSecurity 13
Demo
mwrinfosecurity.com | MWR InfoSecurity 14
Root Detection• Default Files and Configurations
Check if release-keys tag is present on non-rooted device - /system/build.prop
• Installed Files & Packages
eu.chainfire.supersu, com.koushikdutta.superuser,/system/bin/su, /system/xbin/su
• Directory Permissions
Check write permission on the directories – /system, /system/bin, /system/sbin
• Commands
Execute commands - `id`, `busybox`
mwrinfosecurity.com | MWR InfoSecurity 15
Static Analysis
.apk .dex
.jar
unzip
dex2jarjd-gui
.apk .smaliapktool
.java
mwrinfosecurity.com | MWR InfoSecurity 16
Demo
mwrinfosecurity.com | MWR InfoSecurity 17
Dynamic AnalysisDebug android application using Android Studio.
.apk .dex
.jar
unzip
dex2jarjd-gui
.java
source package Android Studio
apktool
mwrinfosecurity.com | MWR InfoSecurity 18
Demo
mwrinfosecurity.com | MWR InfoSecurity 19
Recommended Books