Upload
byron-lewis
View
224
Download
2
Embed Size (px)
Citation preview
iOS & Android Security, Hacking and Tweaking Workshop
D.PapamartzivanosUniversity Of the Aegean – Info Sec Lab
Android Security – Cydia SubstrateDimitris Papamartzivanos
iOS & Android Security, Hacking and Tweaking Workshop
D.PapamartzivanosUniversity Of the Aegean – Info Sec Lab
Android Security Cydia Substrate Set the System Example
iOS & Android Security, Hacking and Tweaking Workshop
D.PapamartzivanosUniversity Of the Aegean – Info Sec Lab
Android Security
• Permission Model
• Use permissions to escape the sandbox and interact with system resources
• Inform users about app permissions
• Isolation
• By default, each app runs in separate process
• Linux kernel is responsible for app sandboxing
• Applications get a dedicated part of file system (Read/Write private data, databases, raw files)
• No app can adversely affect other apps, the System and the user of the device
Android Security Model Fundamentals
• Data Encryption
• Encrypts /data partition with AES128 with CBC and ESSIV:SHA256
• Application Signing
• Applications must be signed by the developers otherwise will be rejected
• Bonds of Trust between: Google-Developers and Developers-applications
• Developers can be held accountable for behavior of their application
• Personal Information APIs, Cost-Sensitive APIs, Access Control ……
iOS & Android Security, Hacking and Tweaking Workshop
D.PapamartzivanosUniversity Of the Aegean – Info Sec Lab
Why Root?
Get apps from third-party repositories. Get them for Free...
Android isn't open enough to give you some of the features you want.
Why root my android Device?
Why am I always three updates behind? Get the new OS updates.
Download and install functional custom-built ROMs.
Speed/Battery Life Boosts.
Back-up everything. Even apps and settings.
Get rid of annoying, battery-draining, space-wasting, preinstalled software.
Modify Dark Corners of Android System. Debugging applications and system components
For your reasons…
iOS & Android Security, Hacking and Tweaking Workshop
D.PapamartzivanosUniversity Of the Aegean – Info Sec Lab
Dangers of Rooting
Root access to apps increase the security exposure to malicious applications and potential application flaws
By default, only the kernel and a small subset of the core apps run with root permissions
Dangers of Rooting
Installing a new operating system that provides root privileges requires that the bootloader erase existing data. BUT this is not the case when Root access gained via exploiting a kernel bug or security hole.
Encrypting data with a key stored on-device does not protect the application data from root users
App isolation model is compromised
Generally, all fall-apart when we allow un-trusted code to run as root
iOS & Android Security, Hacking and Tweaking Workshop
D.PapamartzivanosUniversity Of the Aegean – Info Sec Lab
Permisions
Permissions on malwares
Dissecting Android Malware: Characterization and Evolution – Yajin Zhou and Xuxian Jiang IEEE Symposium on Security and Privacy 2012
iOS & Android Security, Hacking and Tweaking Workshop
D.PapamartzivanosUniversity Of the Aegean – Info Sec Lab
Cydia Substrate
Jay Freeman(saurik)
• Announced Substrate for Android in 2011• While Android itself is “open”, devices that run it often aren’t• Mobile substrate extensions or “Tweaks” – modifications to the experience
of the system• Allow users change the software running on the device and get the
features they want!• Changes on system itself• Changes on Third-Party applications
• How: By hooking method invocations and objects’ creation
Start
Finish
iOS & Android Security, Hacking and Tweaking Workshop
D.PapamartzivanosUniversity Of the Aegean – Info Sec Lab
STEPS
1
3
4
7
6
9
8
Get the Android SDK
Root your phone
Get the API level you need using SDK Manager
Intergrade Substrate extension in your Project
Create your Android Project
Hook your Methods
Restart your System…
Get Cydia Substrate from Google play
Get the Substrate SDK using SDK Manager
2
5
iOS & Android Security, Hacking and Tweaking Workshop
D.PapamartzivanosUniversity Of the Aegean – Info Sec Lab
Violet Example
Classes can load at any time. Substrate provides the means to detect when classes of interest are loaded.
• void hookClassLoad(String name, MS.ClassLoadHook hook);• Name: The name of the loading class• Hook: instance of MS.ClassLoadHook whose classLoaded method will be executed
when the class is loaded.
The most critical task is to modify the operation of existing code. To do this implies being able to both replace any method as well as be able to call through to the original implementation.
• void hookMethod(Class _class, Member member, MS.MethodHook hook, MS.MethodPointer old);• _class: Class for which member will be hooked• Member: The method (or the constructor) which is going to be hooked• Hook: Instance of MS.MethodHook whose invoked method contains our code• Old: Instance of MS.MethodPointer pointing to the original implementation of
member
iOS & Android Security, Hacking and Tweaking Workshop
D.PapamartzivanosUniversity Of the Aegean – Info Sec Lab
Be Prepared…
In a situation like that… hold the volume-up key pressed!
Many things can go wrong when developing at this level!
Your system may crash during boot time. The Substrate must be unlinked…
iOS & Android Security, Hacking and Tweaking Workshop
D.PapamartzivanosUniversity Of the Aegean – Info Sec Lab
void sendTextMessage (String destinationAdd, String scAdd, String text, PendingIntent sentIntent, PentingIntent deliveryIntent);
public InetSocketAddress (InetAddress address, int port);
Using Cydia Substrate to analyze applications’ behavior.
What about hooking these methods?
More Hooks…
Can we use Cydia Substrate for good purposes?
iOS & Android Security, Hacking and Tweaking Workshop
D.PapamartzivanosUniversity Of the Aegean – Info Sec Lab
Cydia Substrate: http://www.cydiasubstrate.com/
Android Security Overview: http://source.android.com/devices/tech/security/#interprocess-communication
Android Developers API: http://developer.android.com/reference/packages.html
Permission Statistics: Dissecting Android Malware: Characterization and Evolution – Yajin Zhou and Xuxian Jiang IEEE Symposium on Security and Privacy 2012
References….
References…
iOS & Android Security, Hacking and Tweaking Workshop
D.PapamartzivanosUniversity Of the Aegean – Info Sec Lab
Android Security – Cydia SubstrateDimitris Papamartzivanos
Thank you!