One Root To Own Them All Black Hat US 2013 Jeff Bluebox 1.

Slides:



Advertisements
Similar presentations
Introduction to Java 2 Programming Lecture 4 Writing Java Applications, Java Development Tools.
Advertisements

Introduction to Java 2 Programming Lecture 3 Writing Java Applications, Java Development Tools.
1 G54PRG Programming Lecture 1 Amadeo Ascó Adam Moore 29 Organising Code: Packages & Archives.
Introduction to Maven 2.0 An open source build tool for Enterprise Java projects Mahen Goonewardene.
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication (Part B)
Creating Jar Files Jin Hung, Gregory Olds, George Blank, Sun Java Web Site.
DEPARTMENT OF COMPUTER ENGINEERING
Presented by IBM developer Works ibm.com/developerworks/ 2006 January – April © 2006 IBM Corporation. Making the most of Creating Eclipse plug-ins.
This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit
Basic, Basic, Basic Android. What are Packages? Page 346 in text Package statement goes before any import statements Indicates that the class declared.
Android Programming Beomjoo Seo Sep., 12 CS5248 Fall 2012.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Android Programming Day best Android Apps Lzo&feature=fvwrel.
Android Programming. Outline Preparation Create new project Build and Run a project Debug a project Deploy on devices.
Android Introduction Platform Overview.
Chapter 3 Navigating a Project Goals & Objectives 1.Get familiar with the navigation of the project. How is everything structured? What settings can you.
Introduction to Android Swapnil Pathak Advanced Malware Analysis Training Series.
© Keren Kalif Intro to Android Development Written by Keren Kalif, Edited by Liron Blecher Contains slides from Google I/O presentation.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Creating.NET Add-ins.
Implementation Yaodong Bi. Introduction to Implementation Purposes of Implementation – Plan the system integrations required in each iteration – Distribute.
APKInspector -Static Analysis of Android Applications Student: Yuan Tian Mentor: Cong Zheng Backup Mentor: Anthony Kara Jianwei 08/22/2012.
1 Programming in Android. 2 Outline 3 What you get from Android An Android Application is a Loosely-Coupled Software System The Project Structure The.
Copyright© Jeffrey Jongko, Ateneo de Manila University Android.
Ali Shahrokni Application Components Activities Services Content providers Broadcast receivers.
Security in Java Sunesh Kumra S
Rajab Davudov. Agenda Eclipse, ADT and Android SDK APK file Fundamentals – Activity – Service – Content Provider – Broadcast Receiver – Intent Hello World.
Android for Java Developers Denver Java Users Group Jan 11, Mike
Chapter 12: Finale! Publishing Your Android App
.NET Framework Danish Sami UG Lead.NetFoundry
How to publish your app 1 CS440. Step 1: Remove any debug logging  Good practice: comment out any debug logging  Why? CS440 2.
Overview of Android Application Development
Deployment via jars and Webstart. How do we distribute our application? Lab says you need to submit CD Lab says you need to submit CD Limitations of CD.
JAVA SECURITY BASIC NETWORKING MULTITHREATING Deniz HASTORUN
Liang, Introduction to Java Programming, Eighth Edition, (c) 2011 Pearson Education, Inc. All rights reserved Introduction to Android (Part.
Treasure Hunt - project development overall status - November 2011.
Ant & Jar Ant – Java-based build tool Jar – pkzip archive, that contains metadata (a manifest file) that the JRE understands.
1 Java applications reverse engineering Antoni Bertel AUGUST 4, 2015.
Csci5931 Web Security1 Java Security Model (GS: Ch. 7)
Mobile Application Security on Android Originally presented by Jesse Burns at Black Hat
 Installation of Android Development Environment  Creating the App with OpenGL ES API  Running the App on Emulator Android App Development.
Java Security Session 19. Java Security / 2 of 23 Objectives Discuss Java cryptography Explain the Java Security Model Discuss each of the components.
Canh Le My  Motivation  Android app packing  How android execute your application  Available tools  Demonstration 2.
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Android Boot Camp.
Trust Bundle Publisher Create Unsigned Trust BundleCreate Signed Trust Bundle C:\TrustAnchors Trust Anchor Directory Create Bundle Browse … Optional Meta.
Android By Collin Donaldson With Strong Contributions From: Anthony Kopczyk.
LAB#8 PKI & DIGITAL CERTIFICATE CPIT 425. Public Key Infrastructure PKI 2  Public key infrastructure is the term used to describe the laws, policies,
Maven. Introduction Using Maven (I) – Installing the Maven plugin for Eclipse – Creating a Maven Project – Building the Project Understanding the POM.
INTRODUCTION TO ANDROID. Slide 2 Introduction I take a top-down approach to describing an application’s anatomy.
Android apps development - Eclipse, Android SDK, and ADT plugin Introduction of.
3 rd -party APIs Kalin Kadiev Astea Solutions AD.
Presented by : Piero Milani ( InfoCamere - Italy)Piero Milani InfoCamere - Italy VCD Signature & VCD Verification strategy as seen by InfoCamere ( WP1.
Android. Android An Open Handset Alliance Project A software platform and operating system for mobile devices Based on the Linux kernel Developed by Google.
Introduction to Android Programming
Introduction to Android Chapter 1 1. Objectives Understand what Android is Learn the differences between Java and Android Java Examine the Android project.
The Basics of Android App Development Sankarshan Mridha Satadal Sengupta.
A presentation on Android and Android project Around Me
Intro To Android Programming
5/7/2018 Java Security and a Firewall Extension for Authenticity Control of Java Applets.
Android Development.
Obtaining the Required Tools
Android Runtime – Dalvik VM
Java Import Statement Copyright © Curt Hill
Clarification of CSAR format Thinh Nguyenphu, Nokia thinh
TOSCA-Metadata (directory )
TOSCA-Metadata (directory )
Java External Libraries & Case Study
How Java Program Executes
Background For security point of view, AGL would need frame work to grant access right to system resources. A window A Audio sink A file system ,,,,,
Getting Started with Android…
Working with Libraries
Presentation transcript:

One Root To Own Them All Black Hat US 2013 Jeff Bluebox 1

Outline Introduction Android APK Overview Jar and Jar Signer Exploit Analyze APK Install Process – Normal Case – Abnormal Case Vulnerability Point Patch Similar Approach Conclusion Reference 2

Introduction 3

Vulnerability Description 4

Attack Surface 5

Android APK Overview 6

Android APK APK stands for Android application package file. Just a Jar file with some other new files that Android need. 7

Android APK Content Package resource files: – Android Manifest – Some Pictures, Audio files…. – Etc… classes.dex META-INF/Manifest.MF 8

Compile Android APK What we usually do: – 1. writing code in Eclipse/ Android Studio – 2. press compile button – Simple and Easy 9

Compile Android APK 10

Compile Android APK 1. aapt will create R.java according to the following files: – Android Manifest – Recourses – Assets 2. use javac to compile source code with some libraries -> generate many *.class files. 3. use dx to transform Java bytecode into Dalvik bytecode -> many *.class files will be merged into 1 classes.dex 4. use apkbuilder to generate unsigned APK with following files: – classes.dex – Package Resources Files 5. use jarsigner to signed the unsigned APK into signed APK – E(unsigned APK, Key) = signed APK 11

Jar and JarSigner 12

Jar Jar stands for Java Archive Jar File Format is Same as Zip file File Contents: – *.classes – Resources – META-INF/Manifest.MF 13

Jar 14 Android APK

JarSigner Generate Signature for JAR (Java Archive) Verify Signature for Signed JAR file. Two Additional file placed in META-INF directory: – signature file with.SF as extension – signature block file with.DSA extension 15

JarSigner - Signing 16 aapt jarsigner

JarSigner - Signing 17 Integrity

JarSigner - Signing 18 Integrity

JarSigner - Signing 19 Identity

JarSigner - Signing 20 Identity

JarSigner - Signing 21 Certificate

22 Public Key Digital Signature for the Certificate

Attempts 23

Attempts 24

Attempts 25

APK Install Process 26

Overview 27

PackageManager 28 PackageParser Installer PackageHandler Parsing Package And Verify Sending Command to installd Handle Event

Overview Parsing Verify Install 29

Parsing 30 JarFile.Class JarEntry.Class Android APK File 1 File 2 File 3 File 4 Central Directory

Parsing 31 JarFile.Class JarEntry.Class Android APK File 1 File 2 File 3 File 4 Central Directory File 1 Meta-Data File 2 Meta-Data File 3 Meta-Data File 4 Meta-Data End of Central Directory

Parsing, Verify and Install 1. Get entries list from Central Directory. 2. Create JarEntry object for each entry and put into mEntries HashMap. – The index is calculate by : secondHash(String entry name) 4. JarVerifier will verify each entries according to the mEntries. 5. After Verify, find classes.dex entry and install it. 32

Parsing, Verify and Install 1. Get entries list from Central Directory. 2. Create JarEntry object for each entry and put into mEntries HashMap. – The index is calculate by : secondHash(String entry name) 4. JarVerifier will verify each entries according to the mEntries. 5. After Verify, find classes.dex entry and install it. 33

Parsing, Verify and Install 1. Get entries list from Central Directory. 2. Create JarEntry object for each entry and put into mEntries HashMap. – The index is calculate by : secondHash(String entry name) 4. JarVerifier will verify each entries according to the mEntries. 5. After Verify, find classes.dex entry and install it. 34

Parsing, Verify and Install 1. Get entries list from Central Directory. 2. Create JarEntry object for each entry and put into mEntries HashMap. – The index is calculate by : secondHash(String entry name) 4. JarVerifier will verify each entries according to the mEntries. 5. After Verify, find classes.dex entry and install it. 35

Normal Case 36

37 Manife st.xml ZipEntry object Classes.dex META- INF res …….. mEntries 1. Manifest.xml Meta-Data 2. META-INF Meta-Data 3. classes.dex Meta-Data 4. res Meta-Data End of Central Directory Android APK Manifest.xml META-INF res Central Directory classes.dex Parsing

38 Manife st.xml ZipEntry object Classes.dex META- INF res …….. mEntries Verify

Install Manifest.xml Meta-Data 2. META-INF Meta-Data 3. classes.dex Meta-Data 4. res Meta-Data End of Central Directory Android APK Manifest.xml META-INF res Central Directory installd classes.dex

What If … 40 Android APK Manifest.xml META-INF res Central Directory classes.dex res Central Directory Manifest.xml META-INF classes.dex

41 Manife st.xml ZipEntry object Classes.dex META- INF res …….. mEntries Parsing classes.dex res Central Directory Manifest.xml META-INF classes.dex 1. Manifest.xml Meta-Data 2. META-INF Meta-Data 3. classes.dex Meta-Data 5. res Meta-Data End of Central Directory 4. classes.dex Meta-Data Classes.dex

42 Manife st.xml ZipEntry object Classes.dex META- INF res …….. mEntries Classes.dex Verify !!!!!!

Install 43 classes.dex res Central Directory Manifest.xml META-INF classes.dex 1. Manifest.xml Meta-Data 2. META-INF Meta-Data 3. classes.dex Meta-Data 5. res Meta-Data End of Central Directory 4. classes.dex Meta-Data installd !!!!!!

44

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.