• Aucun résultat trouvé

Introduc)on  to  Android

N/A
N/A
Info
Télécharger
Protected

Academic year: 2022

Partager "Introduc)on  to  Android"

Copied!
19
0
0

Chargement.... (Voir le texte intégral maintenant)

Texte intégral

(1)

Introduc)on  to  Android  

Swapnil Pathak

www.SecurityXploded.com

Advanced  Malware  Analysis  Training  Series  

(2)

Disclaimer

               

The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions of any kind. Also the views/ideas/knowledge expressed here are solely of the trainer’s only and nothing to do with the company or the organization in which the trainer is currently working.

However in no circumstances neither the Trainer nor SecurityXploded is responsible for any damage or loss caused due to use or misuse of the information presented here.

(3)

Acknowledgement

               

§ 

Special thanks to Null community for their extended support and co-operation.

§ 

Special thanks to ThoughtWorks for the beautiful venue.

§ 

Thanks to all the trainers who have devoted their precious time and countless hours to make it happen.

(4)

Advanced Malware Analysis Training

               

This presentation is part of our Advanced Malware Analysis Training program. Currently it is delivered only during our local meets for FREE of cost.

For complete details of this course, visit our Security Training page.

(5)

Who am I?

Swapnil Pathak

§  Security Researcher

§  Reversing, Malware Analysis, Exploit Analysis etc.

§  E-mail: swapnilpathak101@gmail.com

(6)

Agenda

ž  Introduction

ž  Architecture

ž  Security Features

ž  Application Format

ž  Permissions

ž  Dalvik bytecode

ž  Analysis lab setup

ž  Q & A

www.SecurityXploded.com  

(7)

Introduction

ž  Linux based OS designed for mobile devices such as smartphones and tablets.

ž  500 million devices activated

ž  1.3 million activations per day by Q3 of 2012

ž  1+ million apps available for download at Google Play Store

Source : Wikipedia

(8)

Introduction

ž  Mobile malware on the rise, Android most at Risk - McAfee

ž  Android users are prime target for malware – PC World

ž  New Android malware app turns phone into surveillance device - ThreatPost

ž  New Android Trojan app exploits previously unknow flaws, researchers say – Computer World

(9)

Android Architecture

(10)

Security Features

System and Kernel Security - Application Sandbox

Each application assigned a unique user id (UID) and executed as a separate process Implemented in kernel, all software above the kernel are run inside the sandbox Memory Management

- Hardware based NoExecute (NX) to provide code execution on stack and heap - Address Space Layout Randomization to randomize key locations in memory Permissions

Application Signing

(11)

Application Format

ž  .apk file extension

ž  Similar to archive file can be extracted using 7-zip

ž  Archive contains

–  AndroidManifest.xml

–  Classes.dex (Compiled source code) –  Res directory

–  Asset directory

–  META-INF directory

(12)

Application Format

ž  Basic elements of Applications

–  AndroidManifest.xml : Specifies the permissions requested by the application –  Activities : Represents a single screen with user interface

–  Services : Executes in background in its own process or in the context of another applications process.

–  Content Providers : Provides access to private and shared data –  Broadcast receivers : Code that responds to system wide events

–  Intent – Actions that activate activity, service and broadcast receivers http://developer.android.com/guide/components/fundamentals.html

(13)

Permissions

Permissions updated with each OS release.

CALL_PHONE – Initiate phone call

CAMERA – To access camera on the device INTERNET – To open network sockets.

INSTALL_PACKAGES – To install packages.

READ_CONTACTS – To read users contact data READ_LOGS – Low level system log files.

READ_PHONE_STATE , READ_PROFILE

READ_SMS, RECEIVE_SMS,SEND_SMS, WRITE_SMS WRITE_APN_SETTINGS

RECORD_AUDIO

ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION

(14)

Dalvik Virtual Machine and Bytecode

ž  Applications programmed in java are compiled into java bytecode (.class files)

ž  dx tool compiles the java bytecode into dalvik bytecode (classes.dex) which is executed on Dalvik virtual machine.

ž  Dalvik VM, an open source software, responsible for running apps.

ž  Register based VM, optimized for low memory requirements.

ž  Consist of virtual registers

(15)

Dalvik Virtual Machine and Bytecode

.method public add(II)I .limit registers 4

; this: v1 (Ltest2;)

; parameter[0] : v2 (I)

; parameter[1] : v3 (I)

add-int v0,v2,v3 ; v0=v2+v3 return v0

.end method

(16)

Analysis Setup – Tools of the Trade

•  Android Emulator

•  Smali(assembler)/Baksmali(dissasembler), dedexer

•  Apktool

•  Dex2Jar

•  JD-GUI

•  Androguard

•  Tcpdump-arm

•  Android Reverse Engineering Virtual Machine

(17)

Research Projects

ž  Malgenome Project

ž  Appanalysis.org

ž  Sandia MegDroid

ž  HoneyDroid

ž  Understanding the Dalvik bytecode with Dedexer tool – Gabor Paller

(18)

Reference

Complete Reference Guide for Advanced Malware Analysis Training

[Include links for all the Demos & Tools]

www.SecurityXploded.com  

(19)

Thank You !    

   

www.SecurityXploded.com    

 

Références

Télécharger maintenant ( PDF - 19 Page - 319.01 KB )

Documents relatifs

Dexpler: Converting Android Dalvik Bytecode to Jimple for Static Analysis with Soot

Analyzing Android applications with Java static analysis tools means either that the Java source code or the Java byte- code of the Android application must be available.. Most of

Profil socio-économique de l’étudiant en médecine dans la région de Marrakech-Tensift-Al Haouz (FMPM).

Nous espérons que notre étude, ouvrira la porte à d’autres enquêtes portant sur le profil socio-économique des étudiants en médecine de la Faculté de Médecine et de

Raisonnement à contraintes pour le test de bytecode Java

Cet article est structur´e de la mani`ere suivante : la section 2 donne les notations, le type de programmes trait´es, et d´ecrit les ´etapes de l’ex´ecution d’un pro- gramme

Cours programmation Android pour débutant – Cours et formation gratuit

➔ une machine virtuelle Java adaptée : la Dalvik virtual machine. ➔ un environnement debugueur DDMS (Dalvik Debug Monitor Service) utilisant adb (Android

Experiments with Non-Termination Analysis for Java Bytecode

Cur- rent ly ,nosystemex iststoprovethenon-term inat iono fJavabytecode methods , s inceresearchhas ma in lybeenfocusedonproo fso fnon-term inat ionforlog icpro- grams[4, 11, 10, 2,

Magic-sets transformation for the analysis of Java bytecode

To prove these results with a denotational analysis, our magic-sets transformation builds new magic blocks of code whose functional behaviours are the internal behaviours just after

Using CLP Simplifications to Improve Java Bytecode Termination Analysis

If we apply this simplification to the CLP program derived from the Java pro- gram in Figure 1, the number of clauses decreases from 297 to 12 and the time needed to prove all

Magic-sets for localised analysis of Java bytecode

Our contributions Our contributions here are the solution of the above limitation of deno- tational static analyses through the definition of a magic-sets transformation for Java