Transcript iOS & Android Security, Hacking and Tweaking Workshop D

Android Security – Cydia Substrate
Dimitris Papamartzivanos
University Of the Aegean – Info Sec Lab
iOS & Android Security, Hacking and Tweaking Workshop
D.Papamartzivanos
Android Security
University Of the Aegean – Info Sec Lab
Cydia Substrate
Set the System
Example
iOS & Android Security, Hacking and Tweaking Workshop
D.Papamartzivanos
Android Security
Android Security Model Fundamentals
•
•
•
Isolation
•
By default, each app runs in separate process
•
Linux kernel is responsible for app sandboxing
•
Applications get a dedicated part of file system (Read/Write private data, databases, raw files)
•
No app can adversely affect other apps, the System and the user of the device
Permission Model
•
Use permissions to escape the sandbox and interact with system resources
•
Inform users about app permissions
Data Encryption
• Encrypts /data partition with AES128 with CBC and ESSIV:SHA256
•
Application Signing
•
Applications must be signed by the developers otherwise will be rejected
•
Bonds of Trust between: Google-Developers and Developers-applications
•
Developers can be held accountable for behavior of their application
• Personal Information APIs, Cost-Sensitive APIs, Access Control ……
University Of the Aegean – Info Sec Lab
iOS & Android Security, Hacking and Tweaking Workshop
D.Papamartzivanos
Why Root?
Why root my android Device?
Android isn't open enough to give you some of the features you want.
Get apps from third-party repositories. Get them for Free...
Why am I always three updates behind? Get the new OS updates.
Download and install functional custom-built ROMs.
Speed/Battery Life Boosts.
Back-up everything. Even apps and settings.
Get rid of annoying, battery-draining, space-wasting, preinstalled software.
Modify Dark Corners of Android System. Debugging applications and system components
For your reasons…
University Of the Aegean – Info Sec Lab
iOS & Android Security, Hacking and Tweaking Workshop
D.Papamartzivanos
Dangers of Rooting
Dangers of Rooting
By default, only the kernel and a small subset of the core apps run with root permissions
Root access to apps increase the security exposure to malicious applications and potential
application flaws
Installing a new operating system that provides root privileges requires that the bootloader
erase existing data. BUT this is not the case when Root access gained via exploiting a kernel
bug or security hole.
Encrypting data with a key stored on-device does not protect the application data from root
users
App isolation model is compromised
Generally, all fall-apart when we allow un-trusted code to run as root
University Of the Aegean – Info Sec Lab
iOS & Android Security, Hacking and Tweaking Workshop
D.Papamartzivanos
Permisions
Permissions on malwares
Dissecting Android Malware: Characterization and Evolution – Yajin Zhou and Xuxian Jiang
IEEE Symposium on Security and Privacy 2012
University Of the Aegean – Info Sec Lab
iOS & Android Security, Hacking and Tweaking Workshop
D.Papamartzivanos
Cydia Substrate
• Announced Substrate for Android in 2011
• While Android itself is “open”, devices that run it often aren’t
• Mobile substrate extensions or “Tweaks” – modifications to the experience of the
system
• Allow users change the software running on the device and get the features they
want!
•
•
Jay Freeman
(saurik)
Changes on system itself
Changes on Third-Party applications
• How: By hooking method invocations and objects’ creation
Start
Finish
University Of the Aegean – Info Sec Lab
iOS & Android Security, Hacking and Tweaking Workshop
D.Papamartzivanos
STEPS
1
2
3
Root your phone
Get the Android
SDK
Get Cydia Substrate
from Google play
University Of the Aegean – Info Sec Lab
4
Get the API level
you need using
SDK Manager
5
Get the Substrate
SDK using SDK
Manager
6
Create your
Android Project
7
9
Restart your System…
8
Hook your Methods
Intergrade Substrate
extension in your
Project
iOS & Android Security, Hacking and Tweaking Workshop
D.Papamartzivanos
Violet Example
 Classes can load at any time. Substrate provides the means to detect when classes of
interest are loaded.
•
void hookClassLoad(String name, MS.ClassLoadHook hook);
•
•
Name: The name of the loading class
Hook: instance of MS.ClassLoadHook whose classLoaded method will be executed when the
class is loaded.
 The most critical task is to modify the operation of existing code. To do this implies
being able to both replace any method as well as be able to call through to the original
implementation.
•
void hookMethod(Class _class, Member member, MS.MethodHook hook,
MS.MethodPointer old);
• _class: Class for which member will be hooked
• Member: The method (or the constructor) which is going to be hooked
• Hook: Instance of MS.MethodHook whose invoked method contains our code
• Old: Instance of MS.MethodPointer pointing to the original implementation of member
University Of the Aegean – Info Sec Lab
iOS & Android Security, Hacking and Tweaking Workshop
D.Papamartzivanos
Be Prepared…
Your system may crash during
boot time. The Substrate must
be unlinked…
In a situation like that… hold
the volume-up key pressed!
Many things can go wrong
when developing at this
level!
University Of the Aegean – Info Sec Lab
iOS & Android Security, Hacking and Tweaking Workshop
D.Papamartzivanos
More Hooks…
What about hooking these methods?
public InetSocketAddress (InetAddress address, int port);
void sendTextMessage (String destinationAdd, String scAdd, String text, PendingIntent sentIntent, PentingIntent deliveryIntent);
Can we use Cydia Substrate for good purposes?
Using Cydia Substrate to analyze applications’ behavior.
University Of the Aegean – Info Sec Lab
iOS & Android Security, Hacking and Tweaking Workshop
D.Papamartzivanos
References…
References….
Cydia Substrate: http://www.cydiasubstrate.com/
Android Security Overview: http://source.android.com/devices/tech/security/#interprocess-communication
Android Developers API: http://developer.android.com/reference/packages.html
Permission Statistics: Dissecting Android Malware: Characterization and Evolution – Yajin Zhou and Xuxian Jiang
IEEE Symposium on Security and Privacy 2012
University Of the Aegean – Info Sec Lab
iOS & Android Security, Hacking and Tweaking Workshop
D.Papamartzivanos
Android Security – Cydia Substrate
Dimitris Papamartzivanos
Thank you!
University Of the Aegean – Info Sec Lab
iOS & Android Security, Hacking and Tweaking Workshop
D.Papamartzivanos