eBook - ePub
Hacking Android
Srinivasa Rao Kotipalli, Mohammed A. Imran
This is a test
Condividi libro
- 376 pagine
- English
- ePUB (disponibile sull'app)
- Disponibile su iOS e Android
eBook - ePub
Hacking Android
Srinivasa Rao Kotipalli, Mohammed A. Imran
Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni
Informazioni sul libro
Explore every nook and cranny of the Android OS to modify your device and guard it against security threats
About This Book
- Understand and counteract against offensive security threats to your applications
- Maximize your device's power and potential to suit your needs and curiosity
- See exactly how your smartphone's OS is put together (and where the seams are)
Who This Book Is For
This book is for anyone who wants to learn about Android security. Software developers, QA professionals, and beginner- to intermediate-level security professionals will find this book helpful. Basic knowledge of Android programming would be a plus.
What You Will Learn
- Acquaint yourself with the fundamental building blocks of Android Apps in the right way
- Pentest Android apps and perform various attacks in the real world using real case studies
- Take a look at how your personal data can be stolen by malicious attackers
- Understand the offensive maneuvers that hackers use
- Discover how to defend against threats
- Get to know the basic concepts of Android rooting
- See how developers make mistakes that allow attackers to steal data from phones
- Grasp ways to secure your Android apps and devices
- Find out how remote attacks are possible on Android devices
In Detail
With the mass explosion of Android mobile phones in the world, mobile devices have become an integral part of our everyday lives. Security of Android devices is a broad subject that should be part of our everyday lives to defend against ever-growing smartphone attacks. Everyone, starting with end users all the way up to developers and security professionals should care about android security.
Hacking Android is a step-by-step guide that will get you started with Android security. You'll begin your journey at the absolute basics, and then will slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. On this journey you'll get to grips with various tools and techniques that can be used in your everyday pentests. You'll gain the skills necessary to perform Android application vulnerability assessment and penetration testing and will create an Android pentesting lab.
Style and approach
This comprehensive guide takes a step-by-step approach and is explained in a conversational and easy-to-follow style. Each topic is explained sequentially in the process of performing a successful penetration test. We also include detailed explanations as well as screenshots of the basic and advanced concepts.
Domande frequenti
Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Hacking Android è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Hacking Android di Srinivasa Rao Kotipalli, Mohammed A. Imran in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Computer Science e Computer Networking. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.
Informazioni
Hacking Android
Table of Contents
Hacking Android
Credits
About the Authors
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Setting Up the Lab
Installing the required tools
Java
Android Studio
Setting up an AVD
Real device
Apktool
Dex2jar/JD-GUI
Burp Suite
Configuring the AVD
Drozer
Prerequisites
QARK (No support for windows)
Getting ready
Advanced REST Client for Chrome
Droid Explorer
Cydia Substrate and Introspy
SQLite browser
Frida
Setting up Frida server
Setting up frida-client
Testing the setup
Vulnerable apps
Kali Linux
ADB Primer
Checking for connected devices
Getting a shell
Listing the packages
Pushing files to the device
Pulling files from the device
Installing apps using adb
Troubleshooting adb connections
Summary
2. Android Rooting
What is rooting?
Why would we root a device?
Advantages of rooting
Unlimited control over the device
Installing additional apps
More features and customization
Disadvantages of rooting
It compromises the security of your device
Bricking your device
Voids warranty
Locked and unlocked boot loaders
Determining boot loader unlock status on Sony devices
Unlocking boot loader on Sony through a vendor specified method
Rooting unlocked boot loaders on a Samsung device
Stock recovery and Custom recovery
Prerequisites
Rooting Process and Custom ROM installation
Installing recovery softwares
Using Odin
Using Heimdall
Rooting a Samsung Note 2
Flashing the Custom ROM to the phone
Summary
3. Fundamental Building Blocks of Android Apps
Basics of Android apps
Android app structure
How to get an APK file?
Storage location of APK files
/data/app/
/system/app/
/data/app-private/
Example of extracting preinstalled apps
Example of extracting user installed apps
Android app components
Activities
Services
Broadcast receivers
Content providers
Android app build process
Building DEX files from the command line
What happens when an app is run?
ART – the new Android Runtime
Understanding app sandboxing
UID per app
App sandboxing
Is there a way to break out of this sandbox?
Summary
4. Overview of Attacking Android Apps
Introduction to Android apps
Web Based apps
Native apps
Hybrid apps
Understanding the app's attack surface
Mobile application architecture
Threats at the client side
Threats at the backend
Guidelines for testing and securing mobile apps
OWASP Top 10 Mobile Risks (2014)
M1: Weak Server-Side Controls
M2: Insecure Data Storage
M3: Insufficient Transport Layer Protection
M4: Unintended Data Leakage
M5: Poor Authorization and Authentication
M6: Broken Cryptography
M7: Client-Side Injection
M8: Security Decisions via Untrusted Inputs
M9: Improper Session Handling
M10: Lack of Binary Protections
Automated tools
Drozer
Performing Android security assessments with Drozer
Installing testapp.apk
Listing out all the modules
Retrieving package information
Identifying the attack surface
Identifying and exploiting Android app vulnerabilities using Drozer
Attacks on exported activities
What is the problem here?
QARK (Quick Android Review Kit)
Running QARK in interactive mode
Reporting
Running QARK in seamless mode:
Summary
5. Data Storage and Its Security
What is data storage?
Android local data storage techniques
Shared preferences
SQLite databases
Internal storage
External storage
Shared preferences
Real world application demo
SQLite databases
Internal storage
External storage
User dictionary cache
Insecure data storage – NoSQL database
NoSQL demo application functionality
Backup techniques
Backup the app data using adb backup command
Convert .ab format to tar format using Android backup extractor
Extracting the TAR file using the pax or star utility
Analyzing the extracted content for security issues
Being safe
Summary
6. Server-Side Attacks
Different types of mobile apps and their threat model
Mobile applications server-side attack surface
Mobile application architecture
Strategies for testing mobile backend
Setting up Burp Suite Proxy for testing
Proxy setting via APN
Proxy setting via Wi-Fi
Bypass certificate warnings and HSTS
HSTS – HTTP Strict Transport Security
Bypassing certificate pinning
Bypass SSL pinning using AndroidSSLTrustKiller
Setting up a demo application
Installing OWASP GoatDroid
Threats at the backend
Relating OWASP top 10 mobile risks and web attacks
Authentication/authorization issues
Authentication vulnerabilities
Authorization vulnerabilities
Session management
Insufficient Transport Layer Security
In...