Book Image

Android Security Cookbook

Book Image

Android Security Cookbook

Overview of this book

Android Security Cookbook discusses many common vulnerabilities and security related shortcomings in Android applications and operating systems. The book breaks down and enumerates the processes used to exploit and remediate these vulnerabilities in the form of detailed recipes and walkthroughs. The book also teaches readers to use an Android Security Assessment Framework called Drozer and how to develop plugins to customize the framework. Other topics covered include how to reverse-engineer Android applications to find common vulnerabilities, and how to find common memory corruption vulnerabilities on ARM devices. In terms of application protection this book will show various hardening techniques to protect application components, the data stored, secure networking. In summary, Android Security Cookbook provides a practical analysis into many areas of Android application and operating system security and gives the reader the required skills to analyze the security of their Android devices.
Table of Contents (16 chapters)
Android Security Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Using the Android Debug Bridge (ADB) to interact with the AVDs


Interacting with the emulated Android device is one of the most important skills for both a developer and an Android security engineer/auditor. The Android Debug Bridge (ADB) provides the functionality needed to interact with the native-level components of an Android device. It allows the developers and security engineers to read the contents of the filesystem and interact with the package manager, application manager, kernel driver interfaces, and initialization scripts to mention a few.

How to do it...

Interacting with a virtual device using the ADB works as follows:

  1. You'll need to start an AVD first or, if you like, simply plug in your own Android device via a USB to whatever machine you'd like to use—given that this machine has the SDK installed. You can start the AVD using the following command:

    emulator –avd [name]
    
  2. We can list all the connected Android Devices by using the following command for a Windows machine:

    C;\\[path-to-sdk-install]\platform-tools\adb devices
    

    Or, if you're using a Linux machine, use the following command:

    [path-to-sdk-install]/platform-tools/adb devices
    

    This command should give you a list of the connected devices, which is basically all the devices that you will be able to connect to using ADB. You need to pay attention to the device names in the list. You will need to identify the devices when you launch a connection to them using ADB.

  3. You can launch a shell connection to your Android device using the following command:

    /sdk/platform-tools/abd shell –s [specific device]
    

    Or, if you happen to know that the Android device you want to connect to is the only emulated device, you can use the following command:

    /sdk/platform-tools/adb shell –e
    

    Or, if the device is the only USB-connected device, you can use the following command:

    /sdk/platform-tools/adb shell –d
    

    The switches –d, -e, and -p apply to the other ADB commands and not just the shell. If this works well, you should see a prompt string—the string displayed to identify the command shell being used—similar to the following command:

    root@android$
    

You should now have a full-fledged shell with some of the traditional Unix/Linux commands and utilities at your finger tips. Try searching around on the filesystem and getting to know where everything is kept.

There's more…

Now that you have a connected device, you'll need to know a little bit about navigating the Android filesystem and making use of the commands. Here's a small list to get you started:

  • ls {path}: This will list the contents of the directory at the path

  • cat {file}: This will print the contents of a text file on the screen

  • cd {path}: This will change the working directory to the one pointed to by the path

  • cd ../: This changes the working directory to the one that's exactly one level higher

  • pwd: This prints the current working directory

  • id: This checks your user ID