Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Learning Pentesting for Android Devices
  • Table Of Contents Toc
Learning Pentesting for Android Devices

Learning Pentesting for Android Devices

By : Aditya Gupta
4.3 (11)
Buy this Book
close
close
Learning Pentesting for Android Devices

Learning Pentesting for Android Devices

4.3 (11)
By: Aditya Gupta
Buy this Book

Overview of this book

Table of Contents (18 chapters)
close
close
close
Learning Pentesting for Android Devices
Icon
Learning Pentesting for Android Devices
Credits
Icon
Credits
Foreword
Icon
Foreword
About the Author
Icon
About the Author
Acknowledgments
Icon
Acknowledgments
About the Reviewers
Icon
About the Reviewers
www.PacktPub.com
Icon
www.PacktPub.com
Preface
Icon
Preface
Lock Free Chapter
1
Getting Started with Android Security
Icon
Getting Started with Android Security
Icon
Introduction to Android
Icon
Digging deeper into Android
Icon
Sandboxing and the permission model
Icon
Application signing
Icon
Android startup process
Icon
Summary
2
Preparing the Battlefield
Icon
Preparing the Battlefield
Icon
Setting up the development environment
Icon
Useful utilities for Android Pentest
Icon
Summary
3
Reversing and Auditing Android Apps
Icon
Reversing and Auditing Android Apps
Icon
Android application teardown
Icon
Reversing an Android application
Icon
Using Apktool to reverse an Android application
Icon
Auditing Android applications
Icon
Content provider leakage
Icon
Insecure file storage
Icon
OWASP top 10 vulnerabilities for mobiles
Icon
Summary
4
Traffic Analysis for Android Devices
Icon
Traffic Analysis for Android Devices
Icon
Android traffic interception
Icon
Ways to analyze Android traffic
Icon
HTTPS Proxy interception
Icon
Extracting sensitive files with packet capture
Icon
Summary
5
Android Forensics
Icon
Android Forensics
Icon
Types of forensics
Icon
Filesystems
Icon
Using dd to extract data
Icon
Using Andriller to extract an application's data
Icon
Using AFLogical to extract contacts, calls, and text messages
Icon
Dumping application databases manually
Icon
Logging the logcat
Icon
Using backup to extract an application's data
Icon
Summary
6
Playing with SQLite
Icon
Playing with SQLite
Icon
Understanding SQLite in depth
Icon
Security vulnerability
Icon
Summary
7
Lesser-known Android Attacks
Icon
Lesser-known Android Attacks
Icon
Android WebView vulnerability
Icon
Infecting legitimate APKs
Icon
Vulnerabilities in ad libraries
Icon
Cross-Application Scripting in Android
Icon
Summary
8
ARM Exploitation
chevron up
Icon
ARM Exploitation
Icon
Introduction to ARM architecture
Icon
Setting up the environment
Icon
Simple stack-based buffer overflow
Icon
Return-oriented programming
Icon
Android root exploits
Icon
Summary
9
Writing the Pentest Report
Icon
Writing the Pentest Report
Icon
Basics of a penetration testing report
Icon
Writing the pentest report
Icon
Summary
Icon
Security Audit of
Icon
Table of Contents
Icon
1.
Icon
2. Auditing and Methodology
Icon
3. Conclusions
1
Index
Icon
Index

Return-oriented programming

In most cases, we don't need to call another function present in the program itself. Instead, we need to place shellcode in our attack vector, which will perform any malicious activity specified by us in the shellcode. However, in most devices based on the ARM platform, the region in memory is non-executable, which prevents us from placing the shellcode and executing it.

So, an attacker has to rely on what is known as return-oriented programming (ROP), which is simply chaining up pieces of instructions from different parts of memory, which will finally execute our shellcode. These pieces are also known as ROP gadgets. In order to chain the ROP gadgets, we need to find the gadgets that have an instruction at the end, which will allow us to jump to another location.

For example, if we disassemble seed48() while executing the program, we will notice the following output:

If we look at the disassembly, we will notice that it contains an ADD instruction followed by a...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Learning Pentesting for Android Devices
End of Section 8
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon