Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Hacking Android
  • Table Of Contents Toc
  • Feedback & Rating feedback
Hacking Android

Hacking Android

By : Mohammed A. Imran, Rao Kotipalli
4.4 (5)
Buy this Book
close
close
Hacking Android

Hacking Android

4.4 (5)
By: Mohammed A. Imran, Rao Kotipalli
Buy this Book

Overview of this book

With the mass explosion of Android mobile phones in the world, mobile devices have become an integral part of our everyday lives. Security of Android devices is a broad subject that should be part of our everyday lives to defend against ever-growing smartphone attacks. Everyone, starting with end users all the way up to developers and security professionals should care about android security. Hacking Android is a step-by-step guide that will get you started with Android security. You’ll begin your journey at the absolute basics, and then will slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. On this journey you’ll get to grips with various tools and techniques that can be used in your everyday pentests. You’ll gain the skills necessary to perform Android application vulnerability assessment and penetration testing and will create an Android pentesting lab.
Table of Contents (12 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
1. Setting Up the Lab
chevron up
Icon
1. Setting Up the Lab
Icon
Installing the required tools
Icon
Android Studio
Icon
Setting up an AVD
Icon
Configuring the AVD
Icon
ADB Primer
Icon
Summary
2
2. Android Rooting
Icon
2. Android Rooting
Icon
What is rooting?
Icon
Locked and unlocked boot loaders
Icon
Stock recovery and Custom recovery
Icon
Rooting Process and Custom ROM installation
Icon
Rooting a Samsung Note 2
Icon
Flashing the Custom ROM to the phone
Icon
Summary
3
3. Fundamental Building Blocks of Android Apps
Icon
3. Fundamental Building Blocks of Android Apps
Icon
Basics of Android apps
Icon
Android app components
Icon
Building DEX files from the command line
Icon
What happens when an app is run?
Icon
Understanding app sandboxing
Icon
Summary
4
4. Overview of Attacking Android Apps
Icon
4. Overview of Attacking Android Apps
Icon
Introduction to Android apps
Icon
Understanding the app's attack surface
Icon
Threats at the client side
Icon
Threats at the backend
Icon
Guidelines for testing and securing mobile apps
Icon
Automated tools
Icon
Identifying the attack surface
Icon
QARK (Quick Android Review Kit)
Icon
Summary
5
5. Data Storage and Its Security
Icon
5. Data Storage and Its Security
Icon
What is data storage?
Icon
Shared preferences
Icon
SQLite databases
Icon
Internal storage
Icon
External storage
Icon
User dictionary cache
Icon
Insecure data storage – NoSQL database
Icon
Backup techniques
Icon
Being safe
Icon
Summary
6
6. Server-Side Attacks
Icon
6. Server-Side Attacks
Icon
Different types of mobile apps and their threat model
Icon
Mobile applications server-side attack surface
Icon
Strategies for testing mobile backend
Icon
Summary
7
7. Client-Side Attacks – Static Analysis Techniques
Icon
7. Client-Side Attacks – Static Analysis Techniques
Icon
Attacking application components
Icon
Static analysis using QARK:
Icon
Summary
8
8. Client-Side Attacks – Dynamic Analysis Techniques
Icon
8. Client-Side Attacks – Dynamic Analysis Techniques
Icon
Automated Android app assessments using Drozer
Icon
Introduction to Cydia Substrate
Icon
Runtime monitoring and analysis using Introspy
Icon
Hooking using Xposed framework
Icon
Dynamic instrumentation using Frida
Icon
Logging based vulnerabilities
Icon
WebView attacks
Icon
Summary
9
9. Android Malware
Icon
9. Android Malware
Icon
What do Android malwares do?
Icon
Writing Android malwares
Icon
Registering permissions
Icon
Malware analysis
Icon
Tools for automated analysis
Icon
Summary
10
10. Attacks on Android Devices
Icon
10. Attacks on Android Devices
Icon
MitM attacks
Icon
Dangers with apps that provide network level access
Icon
Using existing exploits
Icon
Malware
Icon
Bypassing screen locks
Icon
Pulling data from the sdcard
Icon
Summary
11
Index
Icon
Index

ADB Primer

adb is an essential tool for penetration testing Android apps. We will use this utility in multiple scenarios during our journey through this book. This tool comes preinstalled with the Android SDK and it is located in the "platform-tools" directory of the Android SDK. We added its path to the environment variables during the SDK installation process. Let us see some of the applications of this utility.

Checking for connected devices

We can use adb to list the devices that are connected to the workstation using the following command:

adb devices
Checking for connected devices

As we can see in the preceding screenshot, there is an emulator running on the laptop.

Note

Note: If you have connected your phone to the workstation, and if adb is not listing your phone, please check the following:

  • USB debugging is enabled on your phone
  • Appropriate drivers for your device are installed on the workstation

Getting a shell

We can use adb to get a shell on the emulator or device using the following command:

adb shell
Getting a shell

The preceding command will get a shell for the connected device.

The command to get a shell for an emulator when a real device and emulator are connected is as follows:

adb –e shell

The command to get a shell for a real device when a real device and emulator are connected is as follows:

adb –d shell

The command to get a shell for a specific target when multiple devices/emulators are connected is as follows:

adb –s [name of the device]

Listing the packages

When you have access to a shell on an Android device using adb, you can interact with the device using tools available via the shell. "Listing the installed packages" is one such example that uses pm, which stands for package manager.

We can use the following command to list all the packages installed on the device:

pm list packages
Listing the packages

Pushing files to the device

We can push data from the workstation to the device using the following syntax:

adb push [file on the local machine] [location on the device]

Let's see this in action. At the moment, I have a file called test.txt in my current directory:

Pushing files to the device

Let's move the test.txt file to the emulator. Type in the following command:

adb push test.txt /data/local/tmp
Pushing files to the device

Note

Note: /data/local/tmp is one of the writable directories on Android devices.

Pulling files from the device

We can also use adb to pull files/data from the device to our workstation using the following syntax:

adb pull [file on the device]

Let us first delete the test.txt file from the current directory:

Pulling files from the device

Now, type in the following command to pull the file located at /data/local/tmp directory to the device:

adb pull /data/local/tmp/test.txt
Pulling files from the device

Installing apps using adb

As we have seen in one of the previous sections of this chapter, we can also install apps using the following syntax:

adb install [filename.apk]

Let's install the Drozer agent app using the following command:

Installing apps using adb

As we can see, we have successfully installed this app.

Note

Note: If we install an app that is already installed on the target device/emulator, adb throws a failure error as shown following. The existing app has to be deleted before we proceed to install the app again.

Installing apps using adb

Troubleshooting adb connections

It is often the case that adb does not recognize your emulator, even if it's up and running. To troubleshoot this, we can run the following command to get a the list of devices attached to your machine.

The following command kills the adb daemon on the device and restarts it for us:

adb kill-server
Troubleshooting adb connections
Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Hacking Android
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon