Book Image

Android Security Cookbook

Book Image

Android Security Cookbook

Overview of this book

Android Security Cookbook discusses many common vulnerabilities and security related shortcomings in Android applications and operating systems. The book breaks down and enumerates the processes used to exploit and remediate these vulnerabilities in the form of detailed recipes and walkthroughs. The book also teaches readers to use an Android Security Assessment Framework called Drozer and how to develop plugins to customize the framework. Other topics covered include how to reverse-engineer Android applications to find common vulnerabilities, and how to find common memory corruption vulnerabilities on ARM devices. In terms of application protection this book will show various hardening techniques to protect application components, the data stored, secure networking. In summary, Android Security Cookbook provides a practical analysis into many areas of Android application and operating system security and gives the reader the required skills to analyze the security of their Android devices.
Table of Contents (16 chapters)
Android Security Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Decompiling the application's native libraries


Android native libraries are pretty easy to decompile; they are, after all, just C/C++ object files and binaries compiled from the ARM platform. So decompiling them is as simple as finding a decompiler like the "ever-popular" objdump decompiler for Linux that accommodates ARM binaries, and, as it turns out, this problem has been solved for us by the Android NDK.

Before we get into the details of this process, you need to make sure you have the right tools.

Getting ready

Getting ready for this recipe is as easy as making sure you have a fresh copy of the Android NDK package; you can grab a copy at http://developer.android.com/tools/sdk/ndk/index.html.

How to do it...

Decompiling a native library is as simple as invoking one of the tools provided with the Android NDK toolchain known as objdump; it has been prebuilt to include all of the plugins that allow objdump to interpret the endianness and code structures specific to the ARM binaries.

To decompile...