Anant Shrivastava

G0s Workshop Android

Ground Zero Summit 2013 Delhi, India
1 / 83
Slide 1 of G0s Workshop Android
Slide 2 of G0s Workshop Android
Slide 3 of G0s Workshop Android
Slide 4 of G0s Workshop Android
Slide 5 of G0s Workshop Android
Slide 6 of G0s Workshop Android
Slide 7 of G0s Workshop Android
Slide 8 of G0s Workshop Android
Slide 9 of G0s Workshop Android
Slide 10 of G0s Workshop Android
Slide 11 of G0s Workshop Android
Slide 12 of G0s Workshop Android
Slide 13 of G0s Workshop Android
Slide 14 of G0s Workshop Android
Slide 15 of G0s Workshop Android
Slide 16 of G0s Workshop Android
Slide 17 of G0s Workshop Android
Slide 18 of G0s Workshop Android
Slide 19 of G0s Workshop Android
Slide 20 of G0s Workshop Android
Slide 21 of G0s Workshop Android
Slide 22 of G0s Workshop Android
Slide 23 of G0s Workshop Android
Slide 24 of G0s Workshop Android
Slide 25 of G0s Workshop Android
Slide 26 of G0s Workshop Android
Slide 27 of G0s Workshop Android
Slide 28 of G0s Workshop Android
Slide 29 of G0s Workshop Android
Slide 30 of G0s Workshop Android
Slide 31 of G0s Workshop Android
Slide 32 of G0s Workshop Android
Slide 33 of G0s Workshop Android
Slide 34 of G0s Workshop Android
Slide 35 of G0s Workshop Android
Slide 36 of G0s Workshop Android
Slide 37 of G0s Workshop Android
Slide 38 of G0s Workshop Android
Slide 39 of G0s Workshop Android
Slide 40 of G0s Workshop Android
Slide 41 of G0s Workshop Android
Slide 42 of G0s Workshop Android
Slide 43 of G0s Workshop Android
Slide 44 of G0s Workshop Android
Slide 45 of G0s Workshop Android
Slide 46 of G0s Workshop Android
Slide 47 of G0s Workshop Android
Slide 48 of G0s Workshop Android
Slide 49 of G0s Workshop Android
Slide 50 of G0s Workshop Android
Slide 51 of G0s Workshop Android
Slide 52 of G0s Workshop Android
Slide 53 of G0s Workshop Android
Slide 54 of G0s Workshop Android
Slide 55 of G0s Workshop Android
Slide 56 of G0s Workshop Android
Slide 57 of G0s Workshop Android
Slide 58 of G0s Workshop Android
Slide 59 of G0s Workshop Android
Slide 60 of G0s Workshop Android
Slide 61 of G0s Workshop Android
Slide 62 of G0s Workshop Android
Slide 63 of G0s Workshop Android
Slide 64 of G0s Workshop Android
Slide 65 of G0s Workshop Android
Slide 66 of G0s Workshop Android
Slide 67 of G0s Workshop Android
Slide 68 of G0s Workshop Android
Slide 69 of G0s Workshop Android
Slide 70 of G0s Workshop Android
Slide 71 of G0s Workshop Android
Slide 72 of G0s Workshop Android
Slide 73 of G0s Workshop Android
Slide 74 of G0s Workshop Android
Slide 75 of G0s Workshop Android
Slide 76 of G0s Workshop Android
Slide 77 of G0s Workshop Android
Slide 78 of G0s Workshop Android
Slide 79 of G0s Workshop Android
Slide 80 of G0s Workshop Android
Slide 81 of G0s Workshop Android
Slide 82 of G0s Workshop Android
Slide 83 of G0s Workshop Android

Abstract

A comprehensive Android security workshop covering platform internals, application architecture, the Android Tamer toolkit, and hands-on penetration testing techniques for both testing apps and using Android as a testing platform.

AI Generated Summary

AI Generated Content Disclaimer

Note: This summary is AI-generated and may contain inaccuracies, errors, or omissions. If you spot any issues, please contact the site owner for corrections. Errors or omissions are unintended.

This workshop at the Ground Zero Summit provides a comprehensive deep dive into Android security, covering platform internals, application architecture, the Android Tamer toolkit, mobile security vulnerabilities, and hands-on penetration testing techniques for both testing Android apps and using Android as a testing platform.

Key Topics Covered

Android Platform Fundamentals:

  • 56% smartphone market share, open source with minimal developer license cost
  • Linux-based kernel (merged to mainstream in 3.4), Dalvik VM with JIT compiler
  • File system: /system (OS image, yaffs2/ext), /data (user data), /sdcard (vfat)
  • Security model: Unix permissions, SELinux (permissive in 4.3, enforced in 4.4), app sandboxing, permission-based access control

Application Architecture:

  • Dalvik VM designed for memory-constrained devices; DEX format with optimized memory footprint
  • Zygote process initializes core libraries at boot, forks VMs for each application
  • Key components: Activities, Intents, Services, Content Providers, Broadcast Receivers
  • AndroidManifest.xml defines permissions, intents, SDK versions, and component declarations

Android Tamer:

  • VM/Live ISO environment for Android security (Debian 7 based)
  • Comprehensive toolset: OWASP ZAP, Burp, Drozer, Androguard, Dex2Jar, JD-GUI, APKtool, Wireshark, AF Logical OSE, Sleuthkit
  • ROM modding tools, flashing utilities, rooting kits

Mobile Security Issues:

  • Data sniffing (SMS, audio, video, location, contacts)
  • Telephony abuse (premium SMS, USSD), unsafe data transit/storage
  • Hardcoded credentials and API keys
  • Side-channel leakage, information disclosure through reverse engineering
  • Logic bombs, UI impersonation, SQL injection, tap jacking

Pentesting Methodology:

  • Static analysis: Dex2jar + JD-GUI for decompilation, APKtool for resource extraction
  • Dynamic analysis: Proxy setup, SSL certificate import, traffic interception
  • IPTables-based per-app interception using unique Android UIDs
  • Backend server scanning with nmap, w3af, nikto
  • SandroProxy for on-device traffic analysis

Using Android as a Pentesting Platform:

  • Available tools: DroidSheep, Dsploit, Interceptor, zAnti
  • Scripting via SL4A with Python/Perl
  • Custom script development for brute force, enumeration, and automation

Actionable Takeaways

  1. Understanding Android internals (Dalvik, Zygote, permissions) is foundational for security testing
  2. Multiple decompilation paths exist for different analysis needs
  3. SSL interception requires certificate installation on the testing device
  4. Per-app UID architecture enables granular network monitoring via IPTables
  5. Android devices serve dual purpose as both testing targets and portable pentesting platforms

Embed This Presentation

See Also