Hacking Android : Explore Every Nook and Cranny of the Android OS to Modify Your Device and Guard It Against Security Threats.

Cover -- Copyright -- Credits -- About the Authors -- About the Reviewer -- www.PacktPub.com -- Table of Contents -- Preface -- Chapter 1: Setting Up the Lab -- Installing the required tools -- Java -- Android Studio -- Setting up an AVD -- Real device -- Apktool -- Dex2jar/JD-GUI -- Burp Suite -- Configuring the AVD -- Drozer -- Prerequisites -- QARK (No support for windows) -- Getting ready -- Advanced REST Client for Chrome -- Droid Explorer -- Cydia Substrate and Introspy -- SQLite browser -- Frida -- Setting up Frida server -- Setting up frida-client -- Vulnerable apps -- Kali Linux -- ADB Primer -- Checking for connected devices -- Getting a shell -- Listing the packages -- Pushing files to the device -- Pulling files from the device -- Installing apps using adb -- Troubleshooting adb connections -- Summary -- Chapter 2: Android Rooting -- What is rooting? -- Why would we root a device? -- Advantages of rooting -- Unlimited control over the device -- Installing additional apps -- More features and customization -- Disadvantages of rooting -- It compromises the security of your device -- Bricking your device -- Voids warranty -- Locked and unlocked boot loaders -- Determining boot loader unlock status on Sony devices -- Unlocking boot loader on Sony through a vendor specified method -- Rooting unlocked boot loaders on a Samsung device -- Stock recovery and Custom recovery -- Prerequisites -- Rooting Process and Custom ROM installation -- Installing recovery softwares -- Using Odin -- Using Heimdall -- Rooting a Samsung Note 2 -- Flashing the Custom ROM to the phone -- Summary -- Chapter 3: Fundamental Building Blocks of Android Apps -- Basics of Android apps -- Android app structure -- How to get an APK file? -- Storage location of APK files -- /data/app/ -- /system/app/ -- /data/app-private/ -- Android app components -- Activities.

Services -- Broadcast receivers -- Content providers -- Android app build process -- Building DEX files from the command line -- What happens when an app is run? -- ART - the new Android Runtime -- Understanding app sandboxing -- UID per app -- App sandboxing -- Is there a way to break out of this sandbox? -- Summary -- Chapter 4: Overview of Attacking Android Apps -- Introduction to Android apps -- Web Based apps -- Native apps -- Hybrid apps -- Understanding the app's attack surface -- Mobile application architecture -- Threats at the client side -- Threats at the backend -- Guidelines for testing and securing mobile apps -- OWASP Top 10 Mobile Risks (2014) -- M1: Weak Server-Side Controls -- M2: Insecure Data Storage -- M3: Insufficient Transport Layer Protection -- M4: Unintended Data Leakage -- M5: Poor Authorization and Authentication -- M6: Broken Cryptography -- M7: Client-Side Injection -- M8: Security Decisions via Untrusted Inputs -- M9: Improper Session Handling -- M10: Lack of Binary Protections -- Automated tools -- Drozer -- Performing Android security assessments with Drozer -- Installing testapp.apk -- Listing out all the modules -- Retrieving package information -- Identifying the attack surface -- Identifying and exploiting Android app vulnerabilities using Drozer -- QARK (Quick Android Review Kit) -- Running QARK in interactive mode -- Reporting -- Running QARK in seamless mode: -- Summary -- Chapter 5: Data Storage and Its Security -- What is data storage? -- Android local data storage techniques -- Shared preferences -- SQLite databases -- Internal storage -- External storage -- Shared preferences -- Real world application demo -- SQLite databases -- Internal storage -- External storage -- User dictionary cache -- Insecure data storage - NoSQL database -- NoSQL demo application functionality -- Backup techniques.

Backup the app data using adb backup command -- Convert .ab format to tar format using Android backup extractor -- Extracting the TAR file using the pax or star utility -- Analyzing the extracted content for security issues -- Being safe -- Summary -- Chapter 6: Server-Side Attacks -- Different types of mobile apps and their threat model -- Mobile applications server-side attack surface -- Mobile application architecture -- Strategies for testing mobile backend -- Setting up Burp Suite Proxy for testing -- Proxy setting via APN -- Proxy setting via Wi-Fi -- Bypass certificate warnings and HSTS -- Bypassing certificate pinning -- Bypass SSL pinning using AndroidSSLTrustKiller -- Setting up a demo application -- Threats at the backend -- Relating OWASP top 10 mobile risks and web attacks -- Authentication/authorization issues -- Session management -- Insufficient Transport Layer Security -- Input validation related issues -- Improper error handling -- Insecure data storage -- Attacks on the database -- Summary -- Chapter 7: Client-Side Attacks - Static Analysis Techniques -- Attacking application components -- Attacks on activities -- What does exported behavior mean to an activity? -- Intent filters -- Attacks on services -- Extending the Binder class: -- Using a Messenger -- Using AIDL -- Attacking AIDL services -- Attacks on broadcast receivers -- Attacks on content providers -- Querying content providers: -- Exploiting SQL Injection in content providers using adb -- Testing for Injection: -- Finding the column numbers for further extraction -- Running database functions -- Finding out SQLite version: -- Finding out table names -- Static analysis using QARK: -- Summary -- Chapter 8: Client-Side Attacks - Dynamic Analysis Techniques -- Automated Android app assessments using Drozer -- Listing out all the modules -- Retrieving package information.

Finding out the package name of your target application -- Getting information about a package -- Dumping the AndroidManifes.xml file -- Finding out the attack surface: -- Attacks on activities -- Attacks on services -- Broadcast receivers -- Content provider leakage and SQL Injection using Drozer -- Attacking SQL Injection using Drozer -- Path traversal attacks in content providers -- Reading /etc/hosts -- Reading kernel version -- Exploiting debuggable apps -- Introduction to Cydia Substrate -- Runtime monitoring and analysis using Introspy -- Hooking using Xposed framework -- Dynamic instrumentation using Frida -- What is Frida? -- Prerequisites -- Steps to perform dynamic hooking with Frida -- Logging based vulnerabilities -- WebView attacks -- Accessing sensitive local resources through file scheme -- Other WebView issues -- Summary -- Chapter 9: Android Malware -- What do Android malwares do? -- Writing Android malwares -- Writing a simple reverse shell Trojan using socket programming -- Registering permissions -- Writing a simple SMS stealer -- The user interface -- Registering permissions -- Code on the server -- A note on infecting legitimate apps -- Malware analysis -- Static analysis -- Disassembling Android apps using Apktool -- Decompiling Android apps using dex2jar and JD-GUI -- Dynamic analysis -- Analyzing HTTP/HTTPS traffic using Burp -- Analysing network traffic using tcpdump and Wireshark -- Tools for automated analysis -- How to be safe from Android malwares? -- Summary -- Chapter 10: Attacks on Android Devices -- MitM attacks -- Dangers with apps that provide network level access -- Using existing exploits -- Malware -- Bypassing screen locks -- Bypassing pattern lock using adb -- Removing the gesture.key file -- Cracking SHA1 hashes from the gesture.key file -- Bypassing password/PIN using adb.

Bypassing screen locks using CVE-2013-6271 -- Pulling data from the sdcard -- Summary -- Index.

Description based on publisher supplied metadata and other sources.

Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2024. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.