• EOL
Android. Hacker's handbook - Joshua J. Drake

Android. Hacker's guide - Joshua J. Drake

Index: KSZ-03317
Ask a question

Translation: Andrzej Stefański. Publisher: Helion. The book is intended for people who want to broaden their knowledge about the security of devices operating under the control of Android.

Android. Hacker's guide - Joshua J. Drake
€6.74
€6.42 tax excl.
Notify me when available
Check quantity
Unavailable
Discontinued product
Free shipping
30 days to return
PayPal payment
Check quantity
Manufacturer: Helion

Attention!

The sale of the product has been completed. Check otherdevices in this category.

Description

In recent years, Android has become a leader among the operating systems of mobile technology, and its position in the market is still growing. This poses a threat to the developers of the system related to software security. The hacker's manual is the first comprehensive source of information for people who want to broaden their knowledge about the security of this system.

The book presents the operation of the Android system and its general security architecture. During the reading the reader will learn how to recognize the details of security implementation and what are the complications resulting from the fact that Android is an open system. In the following chapters, different techniques and planes of attacks on devices working under Android control are analysed. The book shows how to defend against hacker attacks on this popular system.

Thanks to the information contained in this book you will learn how:

  • Recognize the details of security implementation and the complications resulting from the openness of Android.
  • Avoid common security pitfalls and follow the latest smartphone hacking strategies.
  • Analyze various types of successful attacks on the Android operating system.
  • Get full access to your device and recognize the partition layout and boot process.
  • Understand the complex nature of the Android ecosystem, including the importance of different device manufacturers and software developers.

Sample programs used in the bookavailable on the Internet.Fragment of the book toread on-line.

Table of contents

About the authors (13)

About the substantive revision (15)

Thanks (17)

Introduction (19)

  • Discussion of the book and technology (20)
  • How this book is divided (20)
  • Who Should Read This Book (22)
  • Tools needed (22)
  • What's on the website (23)
  • Good luck! (23)

Chapter 1: Overview of the ecosystem (25)

  • Android roots (25)
    • Company history (25)
    • Version history (26)
    • Available equipment (28)
    • Open (mostly) sources (29)
  • Android shareholders (31)
    • Google (32)
    • Equipment manufacturers (33)
    • Operators (35)
    • Programmers (35)
    • Users (36)
  • A picture of ecosystem complexity (38)
    • Fragmentation (38)
    • Compatibility (40)
    • Problems related to the update (41)
    • Security versus openness (43)
    • Publication of information (44)
  • Summary (45)

Chapter 2 Android security design and architecture (47)

  • Android architecture (47)
  • Restrictions and safeguards (49)
    • Android isolated environment (49)
    • Android powers (52)
  • More detailed layer analysis (55)
    • Android applications (55)
    • Android Framework (59)
    • Dalvik virtual machine (60)
    • Native user space code (62)
    • Kernel (67)
  • Complicated security, complex exploit (74)
  • Summary (75)

Chapter 3 Unlocking the device (77)

  • Partition layout (78)
    • Establishing the partition layout (79)
  • System start-up process (80)
    • Access to download mode (81)
  • Loading programs locked and unlocked (82)
    • Original and modified rescue images (83)
  • Getting full access with unlocked loading program (85)
  • Getting full access with locked loading program (87)
    • Accessing the running system (88)
    • NAND locks, temporary root, permanent root (89)
    • Programme root maintenance (91)
  • History of known attacks (92)
    • Nucleus: Wunderbar/asroot (92)
    • Rescue mode: Volez (93)
    • Udev: Exploid (93)
    • Adbd: RageAgainstTheCage (94)
    • Zygote: Zimperlich and Zysploit (94)
    • Ashm: KillingInTheNameOf and psneuter (95)
    • Vold: GingerBreak (95)
    • PowerVR: levitator (96)
    • Libsysutils: zergRush (96)
    • Nucleus: mempodroid (97)
    • Attacks related to file privileges and symbolic links (97)
    • Adb restore (98)
    • Exynos4: exynos-abuse (99)
    • Diag: lithium / diaggetroot (99)
  • Summary (100)

Chapter 4 Application safety overview (101)

  • Frequent errors (101)
    • Problems with application permissions (102)
    • Unprotected transmission of sensitive data (103)
    • Storage of unsecured data (104)
    • Information leaks through logs (105)
    • Unprotected IPC Terminals (106)
  • A case study: Mobile Security App (108)
    • Profiling (108)
    • Static analysis (110)
    • Dynamic analysis (124)
    • Attack (132)
  • A case study: SIP Client (134)
    • Dropper (134)
    • Reconnaissance (134)
    • Snarfing (136)
    • Injection (138)
  • Summary (140)

Chapter 5 Android attack planes (141)

  • Basic terminology (141)
    • Attack vectors (142)
    • Attack planes (143)
  • Classification of attack planes (144)
    • Properties of the plane (144)
    • Method of classification (145)
  • Attack planes remotely accessible (145)
    • Network issues (146)
    • Network stacks (150)
    • Network services made available (151)
    • Mobile technologies (152)
    • User-side attack plane (153)
    • Google infrastructure (158)
  • Physical neighbourhood (164)
    • Wireless communication (164)
    • Other technologies (170)
  • Local attack planes (170)
    • Browse file system (171)
    • Finding other local attack planes (172)
  • Physical attack planes (176)
    • Dismantling the device (177)
    • USB (178)
    • Other physical attack planes (181)
  • External modifications (182)
  • Summary (182)

Chapter 6 Fuzzing weakness search (183)

  • Origin of fuzzing (183)
    • Identification of target (185)
    • Creating distorted input (185)
    • Processing of input data (186)
    • Monitoring of results (187)
  • Fuzzing in Android (187)
  • Fuzzing of message recipients (188)
    • Identification of purpose (189)
    • Input data generation (190)
    • Input data provision (190)
    • Monitoring of tests (191)
  • Fuzzing Chrome for Android (193)
    • Target selection (193)
    • Input data generation (195)
    • Processing of input data (197)
    • Monitoring of tests (199)
  • Fuzzing the USB attack plane (201)
    • USB fuzzing challenges (202)
    • Mode selection (202)
    • Input data generation (203)
    • Processing of input data (205)
    • Monitoring of tests (206)
  • Summary (207)

Chapter 7 Error search and weakness analysis (209)

  • Collection of all available information (209)
  • Toolkit selection (211)
  • Debugging an incorrect ending (212)
    • System logs (212)
    • Tombstone (213)
  • Remote debugging (214)
  • Debugging Dalvik VM code (215)
    • Debugging a sample application (216)
    • Displaying the Android Framework source code (218)
    • Debugging of existing code (220)
  • Debugging native code (224)
    • Debugging with NDK (224)
    • Debugging with Eclipse (228)
    • Debugging with AOSP (230)
    • Increasing automation (235)
    • Debugging with symbols (237)
    • Debugging a device not supported by AOSP (243)
  • Mixed mode debugging (244)
  • Alternative debugging techniques (244)
    • Expressions for debugging (244)
    • Debugging on the device (245)
    • Dynamic binaries modification (246)
  • Vulnerability analysis (247)
    • Determination of root cause (247)
    • Evaluation of utilisation possibilities (260)
  • Summary (261)

Chapter 8: Use of user space software (263)

  • Memory error bases (263)
    • Stack buffer overflow (264)
    • Use of the heap (267)
  • History of publicly known explosives (274)
    • GingerBreak (275)
    • zergRush (278)
    • mempodroid (281)
  • Using the Android browser (282)
    • Understand the error (283)
    • Heap control (285)
  • Summary (288)

Chapter 9 Return Oriented Programming (289)

  • History and justification (289)
    • Separate data and instructions cache (290)
  • The bases of POPs in the ARM (292)
    • Calling sub-procedures in ARM (293)
    • Combining gadgets into a chain (295)
    • Identification of potential gadgets (296)
  • Case study: Android linker 4.0.1 (297)
    • Modification of stack ratio (298)
    • Executing any code from the allocated memory (300)
  • Summary (304)

Chapter 10: Hacking and attacking of the core (317)

  • Linux Kernel in Android (317)
  • Nuclear fission (318)
    • Separation from the factory software (319)
    • Downloading from the device (321)
    • Getting the kernel from the launch image (323)
    • Nuclear unpacking (323)
  • Activation of modified kernel code (324)
    • Obtaining the source code (324)
    • Preparation of the compilation environment (327)
    • Kernel configuration (328)
    • Use of own kernel modules (329)
    • Modified Kernel Compilation (332)
    • Creating a start image (335)
    • Commissioning of a modified nuclear power plant (337)
  • Kernel debugging (342)
    • Kernel error reports (342)
    • Understand Oops (344)
    • Live debugging with KGDB (348)
  • Use of the testicle (352)
    • Typical Android kernels (352)
    • Address extraction (354)
    • Case studies (356)
  • Summary (367)

Chapter 11 Attacking RIL (311)

  • Introduction to RIL (312)
    • RIL architecture (312)
    • Smartphone architecture (313)
    • Android's phone stack (313)
    • Adjusting the phone stack (315)
    • RIL services (rild) (315)
    • API vendor-ril (318)
  • SMS (Short Message Service) (319)
    • Sending and receiving SMS messages (319)
    • SMS message format (319)
  • Communication with the modem (322)
    • Modem emulation for fuzzing (322)
    • Fuzzing SMS in Android (324)
  • Summary (331)

Chapter 12 Explosion containment mechanisms (333)

  • Classification (334)
  • Code signing (334)
  • Heap curing (336)
  • Variable integer overfill protections (336)
  • Preventing data execution (338)
  • Randomization of address space (340)
  • Stack securing (342)
  • Formatting string protection (343)
  • Read-Only Relocations (345)
  • Environmental insulation (346)
  • Source code protection (346)
  • Access control mechanisms (348)
  • Nuclear safeguards (349)
    • Limitations of indicators and logs (350)
    • Zero-side protection (351)
    • Read only memory areas (351)
  • Other securities (352)
  • Summary of explosion containment mechanisms (354)
  • Exclusion of restrictions (356)
    • Change of identity (356)
    • Binarians swapping (357)
    • Nuclear modification (357)
  • Overcoming Explosion Control Mechanisms (358)
    • Stack security (358)
    • ASLR beating (359)
    • Overriding safeguards against data execution (359)
    • Overcoming nuclear constraints (359)
  • Looking to the future (360)
    • Officially developed projects (360)
    • Community nuclear curing (361)
    • A bit of speculation (362)
  • Summary (362)

Chapter 13 Hardware attacks (363)

  • Communication with equipment (364)
    • UART serial interfaces (364)
    • I2C, SPI and One-Wire interfaces (368)
    • JTAG (370)
    • Finding interfaces for debugging (381)
  • Identification of components (392)
    • Acquisition of specifications (392)
    • Difficulties in identifying components (394)
  • Data capture, monitoring and injection (395)
    • USB (395)
    • I2C, SPI and UART serial interfaces (399)
  • Theft of data and software (404)
    • Discreet access (405)
    • Invasive methods of accessing software (407)
    • What to do with the data dump? (410)
  • Traps (414)
    • Unusual interfaces (414)
    • Binary data and closed protocols (414)
    • Defective interfaces for debugging (415)
    • System passwords (415)
    • Loading program passwords, key combinations and silent terminals (415)
    • Modified launch sequences (416)
    • Hidden address lines (416)
    • Protective resin (416)
    • Image encryption, encryption and obstruction of debugging (417)
  • Summary (417)

Appendix A. Tools (419)

  • Programming tools (419)
    • Android SDK (419)
    • Android NDK (420)
    • Eclipse (420)
    • ADT plug (420)
    • ADT package (420)
    • Android Studio (420)
  • Factory software acquisition and memory modification tools (421)
    • Binwalk (421)
    • fastboot (421)
    • Samsung (421)
    • NVIDIA (422)
    • LG (422)
    • HTC (423)
    • Motorola (423)
  • Android native tools (424)
    • BusyBox (424)
    • setpropex (425)
    • SQLite (425)
    • loss (425)
  • Locking and Modification Tools (425)
    • Framework ADBI (425)
    • ldpreloadhook (426)
    • Framework XPosed (426)
    • Cydia Substrate (426)
  • Tools for static analysis (426)
    • Lard and Baksmali (427)
    • Androguard (427)
    • apktool (427)
    • dex2jar (427)
    • venom (428)
    • JD-GUI (428)
    • JEB (428)
    • Radare2 (428)
    • IDA Pro and Hex-Rays decompiler (429)
  • Application testing tools (429)
    • Framework Drozer (Mercury) (429)
    • iSEC Intent Sniffer and Intent Fuzzer (429)
  • Tools for hacking equipment (430)
    • Segger J-Link (430)
    • JTAGulator (430)
    • OpenOCD (430)
    • Saleae (430)
    • Bus Pirate (430)
    • GoodFET (431)
    • TotalPhase Beagle USB (431)
    • Facedancer21 (431)
    • TotalPhase Aardvark I2C (431)
    • Chip Quik (431)
    • Fuel tank (431)
    • Xeltek SuperPro (432)
    • IDA (432)

Appendix B. Open source code repositories (433)

  • Google (433)
    • AOSP (433)
    • Gerrit code control system (434)
  • SoC producers (434)
    • AllWinner (435)
    • Intel (435)
    • Marvell (435)
    • MediaTek (435)
    • Nvidia (436)
    • Texas Instruments (436)
    • Qualcomm (436)
    • Samsung (437)
  • Equipment manufacturers (OEMs) (437)
    • ASUS (438)
    • HTC (438)
    • LG (438)
    • Motorola (439)
    • Samsung (439)
    • Sony Mobile (439)
  • Sources of external projects (440)
  • Other sources (440)
    • Modified factory software (440)
    • Linaro (441)
    • Replicant (441)
    • Code indices (441)
    • Freelancers (441)

Appendix C. Sources (443)

Scorch (501)
Book - Author Joshua J. Drake, Zach Lanier, Collin Mulliner, Pau Oliva Fora, Stephen A. Ridley, Georg Wicherski
Book - ISBN 978-83-246-9940-7
Book - Binding miękka
Book - Publisher Helion
Package width 0.001 cm
Package height 0.001 cm
Package depth 0.001 cm
Package weight 0.001 kg
Send us your question

Be the first to ask a question about this product!

Customers who bought this product also bought:

Products from the same category: