Book Image

Learning Pentesting for Android Devices

By : Aditya Gupta
Book Image

Learning Pentesting for Android Devices

By: Aditya Gupta

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Learning Pentesting for Android Devices
Aditya Gupta
Mar, 2014 | 154 pages
No titles found
Table of Contents (18 chapters)
Learning Pentesting for Android Devices
Learning Pentesting for Android Devices
Credits
Credits
Foreword
Foreword
About the Author
About the Author
Acknowledgments
Acknowledgments
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Getting Started with Android Security
Getting Started with Android Security
Introduction to Android
Digging deeper into Android
Sandboxing and the permission model
Application signing
Android startup process
Summary
2
Preparing the Battlefield
Preparing the Battlefield
Setting up the development environment
Useful utilities for Android Pentest
Summary
3
Reversing and Auditing Android Apps
Reversing and Auditing Android Apps
Android application teardown
Reversing an Android application
Using Apktool to reverse an Android application
Auditing Android applications
Content provider leakage
Insecure file storage
OWASP top 10 vulnerabilities for mobiles
Summary
4
Traffic Analysis for Android Devices
Traffic Analysis for Android Devices
Android traffic interception
Ways to analyze Android traffic
HTTPS Proxy interception
Extracting sensitive files with packet capture
Summary
5
Android Forensics
Android Forensics
Types of forensics
Filesystems
Using dd to extract data
Using Andriller to extract an application's data
Using AFLogical to extract contacts, calls, and text messages
Dumping application databases manually
Logging the logcat
Using backup to extract an application's data
Summary
6
Playing with SQLite
Playing with SQLite
Understanding SQLite in depth
Security vulnerability
Summary
7
Lesser-known Android Attacks
Lesser-known Android Attacks
Android WebView vulnerability
Infecting legitimate APKs
Vulnerabilities in ad libraries
Cross-Application Scripting in Android
Summary
8
ARM Exploitation
ARM Exploitation
Introduction to ARM architecture
Setting up the environment
Simple stack-based buffer overflow
Return-oriented programming
Android root exploits
Summary
9
Writing the Pentest Report
Writing the Pentest Report
Basics of a penetration testing report
Writing the pentest report
Summary
Security Audit of
Table of Contents
1.
2. Auditing and Methodology
3. Conclusions
Index
Index

Introduction to Android

Since Android got acquired by Google (in 2005) and Google undertook its entire development, a lot has changed in the last 9 years, especially in terms of security. Right now, it is the world's most widely used smartphone platform especially due to the support by different handset manufacturers, such as LG, Samsung, Sony, and HTC. A lot of new concepts have been introduced in the subsequent releases of Android such as Google Bouncer and Google App Verifier. We will go through each of them one by one in this chapter.

If we have a look at the architecture of Android as shown in the following figure, we will see that it is divided into four different layers. At the bottom of it sits the Linux kernel, which has been modified for better performance in a mobile environment. The Linux kernel also has to interact with all the hardware components, and thus contains most of the hardware drivers as well. Also, it is responsible for most of the security features that are present in Android. Since, Android is based on a Linux platform, it also makes porting of Android to other platforms and architectures much easier for developers. Android also provides a Hardware Abstraction Layer for the developers to create software hooks between the Android Platform Stack and the hardware they want it to port.

On top of Linux kernel sits a layer that contains some of the most important and useful libraries as follows:

  • Surface Manager: This manages the windows and screens

  • Media Framework: This allows the use of various types of codecs for playback and recording of different media

  • SQLite: This is a lighter version of SQL used for database management

  • WebKit: This is the browser rendering engine

  • OpenGL: This is used to render 2D and 3D contents on the screen properly

The following is a graphical representation of the Android architecture from the Android developer's website:

The libraries in Android are written in C and C++, most of which are ported from Linux. One of the major differences in Android compared to the Linux is that there is no libc library here, which is used for most of the tasks in Linux. Instead, Android has its own library called bionic, which we could think of as a stripped down and modified version of libc for Android.

At the same level, there are also components from the Android Runtime— Dalvik Virtual Machine and Core Libraries. We will discuss a lot about Dalvik Virtual Machine in the upcoming sections of the book.

On top of this layer, there is the application framework layer, which supports the application to carry out different kinds of tasks.

Also, most of the applications created by developers only interact with the first and topmost layer, the applications. The architecture is designed in such a way that at every point of time, the bottom layer supports the above layer and so on.

The earlier versions of Android (<4.0) were based on Linux kernel 2.6.x whereas the newer versions are based on kernel 3.x. A list of different Android versions and the Linux kernel they used are specified as follows:

All the applications in Android run under a virtual environment, which is called Dalvik Virtual Machine (DVM). An important point to note here is that from Android Version 4.4, there is also the availability of another runtime called Android Runtime (ART), and the user is free to switch between the DVM and the ART runtime environments.

However, for this book, we'll be focusing only on the Dalvik Virtual Machine implementation. It is similar to Java Virtual Machine (JVM), apart from features such as it is register-based, instead of stack-based. So, each and every application that runs will run under its own instance of Dalvik Virtual Machine. So, if we are running three different applications, there will be three different virtual instances. Now, the point to focus here is even though it creates a virtual environment for the applications to run, it shouldn't be confused with a secure container or a security environment. The prime focus of the DVM is performance-related, and not security-related.

The Dalvik Virtual Machine executes a file format called .dex or Dalvik Executable. We will look more into the .dex file format and will analyze it in the upcoming chapters as well. Let's now go ahead and interact with adb, and analyze an Android device and its architecture more deeply.

Previous Section
End of Section 2
Next Section