project:android
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
project:android [2012/11/03 23:26] – [Security] biiter | project:android [2016/09/30 22:57] – [Misc Links] Bugtroid & Lucky patcher ruza | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Android ====== | ||
+ | {{template> | ||
+ | name=Android| | ||
+ | image=androidpirate.png? | ||
+ | interested=[[user: | ||
+ | status=alive and kicking | ||
+ | }} | ||
+ | People involved in this project are interested in better understanding of android platform, learning ways how to improve android security or customize android platform for their specific needs. | ||
+ | ===== Research Wishlist ===== | ||
+ | |||
+ | * Understand application compatibility mechanism in Android Market. How to fake compatibility, | ||
+ | * USB HID keyboard support, how to enable. | ||
+ | * Find really secure [[project: | ||
+ | * Do some [[project: | ||
+ | |||
+ | ===== Equipment ===== | ||
+ | * Various tools needed for disassembly/ | ||
+ | * [[: | ||
+ | * [[https:// | ||
+ | * [[project: | ||
+ | |||
+ | ===== Knowledge base ===== | ||
+ | * [[project: | ||
+ | * [[project: | ||
+ | * [[project: | ||
+ | * [[project: | ||
+ | * [[project: | ||
+ | * [[project: | ||
+ | |||
+ | ==== Building Android from source ==== | ||
+ | If you want to apply more deeply implemented features into android you need to implement them to the source code and then sucesfully build that code. If you need a feature which is implemented in another [[http:// | ||
+ | |||
+ | Many ROMs' source code is aviable on [[https:// | ||
+ | |||
+ | A lot has been written about buidling roms, good starting point is to build [[ https:// | ||
+ | |||
+ | === Unlocking === | ||
+ | Before you install custom rom you need to **unlock** your device first. [[https:// | ||
+ | |||
+ | === Editing your build === | ||
+ | Here are located source-code editing guides/ | ||
+ | |||
+ | * [[ http:// | ||
+ | * [[ project: | ||
+ | * [[ project: | ||
+ | |||
+ | === Building for specific roms & devices links === | ||
+ | There is wiki entry related to specific rom & devices building, but tips and tricks could be applied globally. | ||
+ | |||
+ | * [[ : | ||
+ | ==== Android Security ==== | ||
+ | Android have many security features. Some of them are implemented better, some of them not (f.e. [[http:// | ||
+ | * **[[http:// | ||
+ | * **[[http:// | ||
+ | * **[[https:// | ||
+ | * **[[https:// | ||
+ | * **[[http:// | ||
+ | * **[[https:// | ||
+ | |||
+ | === Android devices attack vectors === | ||
+ | * Attack android OS **through internet** - Java exploits etc. | ||
+ | * Attacks **through radio** (baseband, modem) - even with very well implemented safety features on Android OS you need to "take care" of another processor, which is in every mobile phone. | ||
+ | |||
+ | == Security - Radio (baseband) related == | ||
+ | RADIO (BASEBAND, MODEM) is another processor inside every mobile phone which is resposible for communication between BTS and your OS. It is closed source and not well documented playground (it is not easy to get nice and easily understandable articles related to this problematic). Source codes are from 80's and 90's with security mindset from that age. | ||
+ | |||
+ | * Samsung (unofficial) RADIO-WIRESHARK bridging: https:// | ||
+ | * Samsung " | ||
+ | * Radio workaround (see part w HW selection), misc useful tips, interesting links inside: https:// | ||
+ | |||
+ | === Android exploits === | ||
+ | If you want to improve android security it's good to know the problem from another point of view, so you could easily adopt policy and changes to the code to prevent attack. It is obvious that nobody can predict how exactly 0day exploit looks like, but if you learn how to minimize impact even after sucesfull exploitation, | ||
+ | |||
+ | * Cvedetails - filter on android http:// | ||
+ | * Cvedetails - listed android vulns. https:// | ||
+ | * Exploit-db - filter on android vuln. https:// | ||
+ | * Adding exploit from exploit-db to metasploit http:// | ||
+ | * Nexus security bulletins - list of android security issues with according CVE - **monthly** - https:// | ||
+ | * Collection of tools - [[https:// | ||
+ | |||
+ | == Exploit list == | ||
+ | Here are some of exploits known today to android platform, it serves mainly as link database to get some interesting info on special cases, old one is left in database for educational and historical meanings. For full coverage of known android vulnerabilities use [[https:// | ||
+ | * CVE-2015-8505, | ||
+ | |||
+ | * Libstagefright **+ ALSR bypass** (useful for androids **> | ||
+ | |||
+ | * Android class loading hijacking - **not exactly a bug**, only weaknes which could be used in ODEX handling, usefull for badly writed apps on dalvik machine, androids **>5.0** have dalvik, newer one runs or Art so for them its history: [[http:// | ||
+ | |||
+ | * One Class to Rule Them All (useful for unpatched androids to some M preview, patched **> | ||
+ | |||
+ | * Browser Cross-Application Scripting (usfel for androids **2.3.4. and 3.1**) - CVE-2011-2357: | ||
+ | |||
+ | * GingerBreak (historical root, useful for androids **2.2-3.0**): | ||
+ | |||
+ | * Exploid udev (historical root, useful for androids **1.x/ | ||
+ | |||
+ | * RageAgainstTheCage (historical root, useful for androids **1.x/ | ||
+ | |||
+ | === Studies / reports === | ||
+ | * **7/2015** - [[https:// | ||
+ | * **7/2012** - [[https:// | ||
+ | * **1/2011** - [[http:// | ||
+ | |||
+ | === Security related links === | ||
+ | |||
+ | < | ||
+ | * https:// | ||
+ | * http:// | ||
+ | * http:// | ||
+ | * http:// | ||
+ | * http:// | ||
+ | * http:// | ||
+ | * https:// | ||
+ | * http:// | ||
+ | * http:// | ||
+ | * http:// | ||
+ | * http:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | |||
+ | |||
+ | ==== Android application creating & building ==== | ||
+ | |||
+ | * [[event: | ||
+ | * [[http:// | ||
+ | ==== Reverse engineering ==== | ||
+ | |||
+ | === links === | ||
+ | < | ||
+ | * http:// | ||
+ | * http:// | ||
+ | * http:// | ||
+ | * http:// | ||
+ | * http:// | ||
+ | |||
+ | ==== Android rooting ==== | ||
+ | In many cases if you want to modify your device first you need to root it. | ||
+ | There are many ready to use toolkits online but usually many of those have uknown source. | ||
+ | |||
+ | One solution to this problem is to compile your own root toolikt from open-source - f.e. [[https:// | ||
+ | |||
+ | ===== GPLv2 Android ===== | ||
+ | |||
+ | From [[https:// | ||
+ | |||
+ | The problem is that it unfortunately cares only about radio implementation into android, but **not radio itself**. | ||
+ | |||
+ | [[ http:// | ||
+ | |||
+ | ===== Misc Links ===== | ||
+ | |||
+ | < | ||
+ | |||
+ | == Speeding up the android emulator == | ||
+ | |||
+ | * http:// | ||
+ | |||
+ | == Cool appz == | ||
+ | |||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | |||
+ | == Cool soft == | ||
+ | |||
+ | * http:// | ||
+ | * [[http:// | ||
+ | == Cool links == | ||
+ | * http:// | ||
+ | * http:// | ||
+ | * http:// | ||
+ | * http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | |||
+ | |||
+ | ===== Misc Notes ===== | ||
+ | == Devices == | ||
+ | |||
+ | /dev/mtd/ | ||
+ | * mtd0 handles miscellaneous tasks | ||
+ | * mtd1 holds a recovery image | ||
+ | * mtd2 contains boot partition | ||
+ | * mtd3 contains system files | ||
+ | * mtd4 holds cache | ||
+ | * mtd5 holds user data | ||
+ | |||
+ | == Blbinky == | ||
+ | * / | ||
+ | |||
+ | == Jak se dostat do nastaveni i kdyz to UI neumoznuje == | ||
+ | |||
+ | ./adb shell am start -a android.intent.action.MAIN -n com.android.email/ | ||
+ | |||
+ | http:// | ||
+ | |||
+ | == Random MAC == | ||
+ | |||
+ | echo 00:50:`expr $RANDOM % 89 + 10`:`expr $RANDOM % 89 + 10`:`expr $RANDOM % 89 + 10`:`expr $RANDOM % 89 + 10` | ||
+ | |||
+ | == StrongSwan == | ||
+ | CA certificate needs to be imported to verify server side of communication. Certificate can be in tis binary form with .pem filename suffix | ||
+ | ===== Android Open Accessory Development Kit ===== | ||
+ | |||
+ | [[http:// | ||
+ | |||
+ | {{: | ||
+ | |||
+ | [[http:// | ||
+ | |||
+ | < | ||
+ | |||
+ | ===== Dropad A8/Heropad Related ===== | ||
+ | |||
+ | {{youtube> | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | ==== Root ==== | ||
+ | |||
+ | [[http:// | ||
+ | * utv210_root.tgz. rozbalit na interni sd kartu. | ||
+ | * vypnout tablet | ||
+ | * vyndat externi sd kartu (ta co je ve slotu zvenku), jinak zustane flashovani viset na obrazku Tuxe | ||
+ | * stisknout Menu (M) a Power (C-) | ||
+ | |||
+ | http:// | ||
+ | |||
+ | ==== Unbrick Android tablet ==== | ||
+ | |||
+ | http:// | ||
+ | |||
+ | - Download HerotabC8_V2.2_2011_03_01.zip or Haipad_M7_0831_android2.3 Rooted.zip. (tested by [[user: | ||
+ | - Take out the internal 4GB microSD and wipe it clean: dd if=/ | ||
+ | - Put the internal 4GB microSD back into the tablet. | ||
+ | - Extract the contents of the ZIP. With u-boot-sd.bin from the ZIP, use dd to dump it onto an external microSD. I used a 2GB card for this. dd if=/ | ||
+ | - Copy the entire contents of the ZIP to the largest partition of the external microSD. It was the only automatically mounted partition when I replugged the card into Ubuntu. | ||
+ | - I had to do these steps as recommended in the first post: rm -R utscript_sd && cp utscript utscript_sd (I didn't do it initially and after the recovery flash, my tablet couldn' | ||
+ | - Insert the external microSD into your tablet. Now, both microSDs are inside the tablet. | ||
+ | - Press power and " | ||
+ | |||
+ | <note tip> | ||
+ | |||
+ | [[http:// | ||
+ | |||
+ | |||
+ | ==== Wi-Fi sudenly stopped working ==== | ||
+ | |||
+ | * logcat show error mesage: | ||
+ | |||
+ | E/ | ||
+ | No such file or directory will appear. | ||
+ | |||
+ | * recreate **/ | ||
+ | |||
+ | ctrl_interface=DIR=/ | ||
+ | update_config=1 | ||
+ | | ||
+ | more info about [[http:// | ||
+ | |||
+ | ===== Nexus 2012 (grouper/ | ||
+ | * [[ http:// |