Rooting Your Devices - StickyMinds Alan Crouch.pdfRooting Your Devices to Test Outside the Box Presented by: Alan Crouch Coveros, Inc. ... , DevOps, and security best practices. Alan

K4Keynote4/28/173:15PM

RootingYourDevicestoTestOutsidetheBox

Presentedby:

AlanCrouch

Coveros,Inc.

Broughttoyouby:

350CorporateWay,Suite400,OrangePark,FL32073888---268---8770··[email protected]://www.techwell.com/

AlanCrouchCoveros,Inc.AlanCrouchisadirectorofmobiletestingwithCoveros,Inc.,whichhelpscompaniesbuildbetterapplicationsusingagile,DevOps,andsecuritybestpractices.AlanworkswithC-levelandseniormanagementatprivatecompaniesandfederalagenciestotransformandadoptamore"mobile-first"approachtoinformationtechnology.AlanhasworkedwithDepartmentsofHomelandSecurity,Defense,andHealthandHumanServices;Symantec;andmobilestart-upstobuildandtestAndroid,iOS,andresponsivewebapplications.Hispassionistheintersectionofmobiletestingandinformationsecurity.SparetimefindsAlantravelingtheglobeandcreatingadventuresforhissonanddaughter.FollowAlanonTwitter@RealAlanCrouchoronLinkedIn.

4/6/17

1

©COPYRIGHT2016COVEROS,INC.ALLRIGHTSRESERVED. 1

Agility.Security.Delivered.

Roo#ng Your Devices to Test Outside the Box

AlanR.Crouch@RealAlanCrouch

MobileDev+Test2017

SanDiego,CA


Agenda

• What’sHappeningintheWorldofMobile?

• What’s“Everyone”ElseDoing(WhenItComestoMobileTesYng)?

• WhyRootWhenYouTest?• LeveragingRooYngtoTestOutsidetheBox

4/6/17

2


What’s Happening in Mobile?

MoreDevices,More(User)Control



MoreOpera:ngSystems,MoreVersions!

4/6/17

3



MoreOpera:ngSystems,MoreVersions!


What Happening in Mobile?

MoreApps,MoreData,MoreComplexity!

4/6/17

4


What Happening in Mobile?

MoreApps,MoreData,MoreComplexity!



Source:RedHatMobileMaturitySurvey2015

MoreGrowth,MoreMarketSatura:on!

MobileGrowthPlansbyOrganiza:onfor2016

4/6/17

5



MorePower,MoreCapabili:es!


What’s “Everyone” Doing?

• BadhabitsfromtradiYonalapplicaYontesYngcommunityhavepenetratedthemobileapptesYngcommunity• PoorHiringandTrainingPracYces• MobiletestautomaYonisnolongeropYonal

4/6/17

6


What’s “Everyone” Doing?

• StatusofRooYnginMobileTesYng:

A)  Bears–CuriousTesters/Mother-BearsB)  Ostriches–TestersOvercomebyFearor“Policy”C)  GrumpCats–“Iknowbeeer”Testers


Because I’m Morally Obligated

• RooYngdoescomewithrisks• VoidedWarranty• Possibilityofbecoming“bricked”

• IsrooYngillegal?• No

4/6/17

7


Why Root?

• Moresimilarlytestreal-worlduserscenarios.• TesYngonamodifieddevicecanexposeaddiYonaltesYnginterfaces• AdvantagesofRooYng:• AlterorreplacesystemapplicaYons• Runspecializedapps• FullcustomizaYon• Accessnormallyinaccessibledata• TestDataSeeding• FileRecovery• Enable/disabledfeatures• Modify/customizekernels

• MobileSecurityTesYng


Why Root?

28%

72%

NumberofAndroidDevicesRooted(World-Wide)

Rooted Not-Rooted

Source:TencentStudyonRootedDevices,2015

•  Justhowmanydevicesarerooted?Howbigisit?• ProliferaYonishigheramongsttech-savvy.

4/6/17

8


Why Root?

Source:TencentStudyonRootedDevices,2015

It’sjustplainfun.


Root to Test Outside the Box

RootAccessforUsersandApps

•  SuperUsergrantsandmanagesappsabilitytogetrootaccess.• ArootedAndroiddevicewon’tbeasusefulifappsdon’thaverootaccess.Tofixthisproblem,makesureyouinstallSuperUsersoonalerrooYngyourdevice.ThiswillautomaYcallyforceappstoaskpermissiontoestablishrootprivileges.

4/6/17

9



LocaYon/GPSSpoofing

• AppslikeFakeGPSorLockitoallowyoutonotonlychangeyourGPSlocaYonbutalsobuildiniYneraries.• Byaddingarootedapplike“LuckyPatcher”orXposedyoucanmakeFakeGPSaSystemAppandoverrideGPSSpoofingDetecYon



AutomatedTasking

• AppslikeTaskerallowyoutosetupautomatedtasks.• ByrooYngyourPhone,Taskercannowperformtaskwithrootaccessallowingittodoanythingfrom:•  Nightlyresetstoa“cleanstate”•  SeedingtestapplicaYondata•  Nightlybackupsofsystemandappdata

•  AutomatedlogaccessArchive

4/6/17

10



NetworkTrafficAnalysis

• AppslikeSharkforRootallowyoutorecordnetworktrafficandanalyzejustwhatdataisbeingtransferredoverclear-text.• DeterminewhatsensiYvedatamightbeexposedfromyourappincluding:•  Passwords•  Keys•  PersonalData•  SensiYve“App”InformaYon



RecordandPlaybackofTouchEvents

• RootAppsthatallowrecordandplaybackoftouchevents,suchasRepeYTouchcanbeapoorman’sautomaYontool• RecordandplaybacktoucheventswithloopsorbuiltinresponsetooutsidesYmuli(howtohandleaphonecall)totest“farming”orcommonacYonsinyourmobileapp

4/6/17

11



ModifyingLocalDataStorage

•  Therearemanyrootedappsthatlookatlocaldatastorageandsharedpreferencestoallowyoutotestyourapps.• Determinewhatyourapphasstoredwhereandwhatyoumightbeabletohack.•  Changeyourstates(level,permissionsetc.)

•  ExploreprivacyviolaYonsondisk•  Recoverpasswords•  Giveyourselflotsof“free”goldorin-gamecurrency



DeletedFileRecovery

• Non-rootedappsmayallowyoutorecoverdeletedfiles,butotherfiletypesareelusivetorecover• RecoverytoolslikeUndeleterallowyoutorecoveravarietyoffiletypesfromallyourparYYons•  TempData•  CachedData•  Logs•  TextMessages

4/6/17

12



SecurityTesYng

• NaYveAppTesYng•  CertValidaYontesYngwiththe“XposedFramework”and“JustTrustMe”

•  Root-DetecYonControltesYng•  XposedDetecYoncontrols•  Fuzzing•  APIVulnerabilityTesYng

• MobileWebApp&Network• WifiCrackers•  PenetraYonTesYngMobileWebApps

•  AutomatedInjecYonAeacks

Bugtroid

dSpolit

DroidSQLi


Conclusion

•  YoucangetawaywithmobiletesYngwithoutrooYng.•  Youcancatchbugsandbuild/testgoodproducts• RooYngcanhelpyouelevateyourtesYngcapabiliYes:•  TESTFASTER•  TESTMORE•  TESTDIFFERENTLY•  HAVEFUN

4/6/17

13


Thank You AlanR.Crouch

@RealAlanCrouch

Documents

Rooting Your Devices - StickyMinds Alan Crouch.pdfRooting Your Devices to Test Outside the Box Presented by: Alan Crouch Coveros, Inc. ... , DevOps, and security best practices. Alan