IOS & Android Security, Hacking and Tweaking Workshop D.Papamartzivanos University Of the Aegean – Info Sec Lab Android Security – Cydia Substrate Dimitris

iOS & Android Security, Hacking and Tweaking Workshop

D.PapamartzivanosUniversity Of the Aegean – Info Sec Lab

Android Security – Cydia SubstrateDimitris Papamartzivanos



Android Security Cydia Substrate Set the System Example



Android Security

• Permission Model

• Use permissions to escape the sandbox and interact with system resources

• Inform users about app permissions

• Isolation

• By default, each app runs in separate process

• Linux kernel is responsible for app sandboxing

• Applications get a dedicated part of file system (Read/Write private data, databases, raw files)

• No app can adversely affect other apps, the System and the user of the device

Android Security Model Fundamentals

• Data Encryption

• Encrypts /data partition with AES128 with CBC and ESSIV:SHA256

• Application Signing

• Applications must be signed by the developers otherwise will be rejected

• Bonds of Trust between: Google-Developers and Developers-applications

• Developers can be held accountable for behavior of their application

• Personal Information APIs, Cost-Sensitive APIs, Access Control ……



Why Root?

Get apps from third-party repositories. Get them for Free...

Android isn't open enough to give you some of the features you want.

Why root my android Device?

Why am I always three updates behind? Get the new OS updates.

Download and install functional custom-built ROMs.

Speed/Battery Life Boosts.

Back-up everything. Even apps and settings.

Get rid of annoying, battery-draining, space-wasting, preinstalled software.

Modify Dark Corners of Android System. Debugging applications and system components

For your reasons…



Dangers of Rooting

Root access to apps increase the security exposure to malicious applications and potential application flaws

By default, only the kernel and a small subset of the core apps run with root permissions

Dangers of Rooting

Installing a new operating system that provides root privileges requires that the bootloader erase existing data. BUT this is not the case when Root access gained via exploiting a kernel bug or security hole.

Encrypting data with a key stored on-device does not protect the application data from root users

App isolation model is compromised

Generally, all fall-apart when we allow un-trusted code to run as root



Permisions

Permissions on malwares

Dissecting Android Malware: Characterization and Evolution – Yajin Zhou and Xuxian Jiang IEEE Symposium on Security and Privacy 2012



Cydia Substrate

Jay Freeman(saurik)

• Announced Substrate for Android in 2011• While Android itself is “open”, devices that run it often aren’t• Mobile substrate extensions or “Tweaks” – modifications to the experience

of the system• Allow users change the software running on the device and get the

features they want!• Changes on system itself• Changes on Third-Party applications

• How: By hooking method invocations and objects’ creation

Start

Finish



STEPS

1

3

4

7

6

9

8

Get the Android SDK

Root your phone

Get the API level you need using SDK Manager

Intergrade Substrate extension in your Project

Create your Android Project

Hook your Methods

Restart your System…

Get Cydia Substrate from Google play

Get the Substrate SDK using SDK Manager

2

5



Violet Example

Classes can load at any time. Substrate provides the means to detect when classes of interest are loaded.

• void hookClassLoad(String name, MS.ClassLoadHook hook);• Name: The name of the loading class• Hook: instance of MS.ClassLoadHook whose classLoaded method will be executed

when the class is loaded.

The most critical task is to modify the operation of existing code. To do this implies being able to both replace any method as well as be able to call through to the original implementation.

• void hookMethod(Class _class, Member member, MS.MethodHook hook, MS.MethodPointer old);• _class: Class for which member will be hooked• Member: The method (or the constructor) which is going to be hooked• Hook: Instance of MS.MethodHook whose invoked method contains our code• Old: Instance of MS.MethodPointer pointing to the original implementation of

member



Be Prepared…

In a situation like that… hold the volume-up key pressed!

Many things can go wrong when developing at this level!

Your system may crash during boot time. The Substrate must be unlinked…



void sendTextMessage (String destinationAdd, String scAdd, String text, PendingIntent sentIntent, PentingIntent deliveryIntent);

public InetSocketAddress (InetAddress address, int port);

Using Cydia Substrate to analyze applications’ behavior.

What about hooking these methods?

More Hooks…

Can we use Cydia Substrate for good purposes?



Cydia Substrate: http://www.cydiasubstrate.com/

Android Security Overview: http://source.android.com/devices/tech/security/#interprocess-communication

Android Developers API: http://developer.android.com/reference/packages.html

Permission Statistics: Dissecting Android Malware: Characterization and Evolution – Yajin Zhou and Xuxian Jiang IEEE Symposium on Security and Privacy 2012

References….

References…



Android Security – Cydia SubstrateDimitris Papamartzivanos

Thank you!

Documents

IOS & Android Security, Hacking and Tweaking Workshop D.Papamartzivanos University Of the Aegean – Info Sec Lab Android Security – Cydia Substrate Dimitris