Anant Shrivastava

Android Tamer Clubhack

ClubHack 2011 Pune, India
1 / 17
Slide 1 of Android Tamer Clubhack
Slide 2 of Android Tamer Clubhack
Slide 3 of Android Tamer Clubhack
Slide 4 of Android Tamer Clubhack
Slide 5 of Android Tamer Clubhack
Slide 6 of Android Tamer Clubhack
Slide 7 of Android Tamer Clubhack
Slide 8 of Android Tamer Clubhack
Slide 9 of Android Tamer Clubhack
Slide 10 of Android Tamer Clubhack
Slide 11 of Android Tamer Clubhack
Slide 12 of Android Tamer Clubhack
Slide 13 of Android Tamer Clubhack
Slide 14 of Android Tamer Clubhack
Slide 15 of Android Tamer Clubhack
Slide 16 of Android Tamer Clubhack
Slide 17 of Android Tamer Clubhack

Abstract

Introduces Android Tamer, a comprehensive virtual machine toolkit that consolidates all necessary tools for Android security testing into a single ready-to-use environment.

AI Generated Summary

AI Generated Content Disclaimer

Note: This summary is AI-generated and may contain inaccuracies, errors, or omissions. If you spot any issues, please contact the site owner for corrections. Errors or omissions are unintended.

This presentation introduces Android Tamer, a comprehensive virtual machine environment designed as a one-stop toolkit for Android security operations, presented at ClubHack 2011.

Key Topics Covered

Android Market Context:

  • Android holds 40%+ phone market share and 10%+ tablet market
  • Supported by multiple manufacturers (LG, Samsung, SE) and backed by Google
  • Linux-based operating system with growing corporate integration needs
  • The entire PC malicious lifecycle is being repeated in the mobile domain

The Problem:

  • Security professionals need to download and configure numerous tools separately (SDK, NDK, proxy, decompiler, etc.)
  • No standardized toolkit exists for Android security operations
  • OWASP is working on mobile security standards, but a consolidated toolset is needed

Android Tamer Solution:

  • A VMware-based virtual machine serving as a “BackTrack for Android”
  • Built on Ubuntu 10.04 LTS with all non-essential software removed
  • Provides an integrated solution, not just a tool dump
  • Pre-configured browser bookmarks and custom repository for automatic updates
  • Supports application pentesting, malware analysis, ROM modification, ROM analysis, and native code development

Tools Included:

  • Application Pentesting: OWASP ZAP, TSOCK Proxy, pre-configured emulator with ZAP certificate, DDMS
  • Malware Analysis: DroidBox, APKInspector, Apktool, Dex2jar, JD-GUI, JAD, Smali/Baksmali, Androguard
  • ROM Analysis/Modification: DSIXDA Android Kitchen, Unyaffs2, Split_bootimg
  • Development: Eclipse + ADT, NDK, CodeSourcery C++ Lite, ARM DS-5 CE
  • Rooting Tools: Rageinthecage, Psneuter, Gingerbreak, ZergRush, Z4root, Superoneclick, Universal Androot

Key Design Decisions:

  • Minimum foreign repositories to avoid upgrade issues
  • Pre-configured personal repository for distributing tool updates
  • Transparent socket proxy (T-Proxy) for intercepting all application traffic
  • Root CA certificate pre-loaded for proxy-based testing

Future Plans:

  • Continuous development with repository-based updates
  • Adding Agnitio for source code review
  • Forensics section planned
  • Community contributions welcome

Actionable Takeaways

  1. Android security requires a consolidated toolset rather than ad-hoc tool downloads
  2. VM-based approach provides isolated, pre-configured environment for security work
  3. Transparent proxying solves the challenge of intercepting non-browser application traffic
  4. Certificate pre-configuration eliminates common proxy setup friction
  5. Multiple decompilation approaches (dex2jar, smali) serve different analysis needs

Embed This Presentation

See Also

mobile android tamer