canberk bolat - alice android diyarında
TRANSCRIPT
![Page 1: Canberk Bolat - Alice Android Diyarında](https://reader034.vdocuments.net/reader034/viewer/2022042607/55762378d8b42a4e1c8b4e59/html5/thumbnails/1.jpg)
Alice Android DiyarındaCANBERK BOLAT
CYPSEC ‘14
24 APR 2014
![Page 2: Canberk Bolat - Alice Android Diyarında](https://reader034.vdocuments.net/reader034/viewer/2022042607/55762378d8b42a4e1c8b4e59/html5/thumbnails/2.jpg)
whoami• Canberk Bolat
- Security Researcher (@adeosecurity)
- Reverse Engineering, Fuzzing, Pentest
- Blogger/Writer- http://cbolat.blogspot.com
- Contact
- @cnbrkbolat && [email protected]
![Page 3: Canberk Bolat - Alice Android Diyarında](https://reader034.vdocuments.net/reader034/viewer/2022042607/55762378d8b42a4e1c8b4e59/html5/thumbnails/3.jpg)
agenda• Introduction to Android
• Why Android Security?
• Common Android Application Vulnerabilities
• Exploiting addJavaScriptInterface Vulnerability
• Cross-compiling for Android
• Popping Shell on Android
• exit(0)
![Page 4: Canberk Bolat - Alice Android Diyarında](https://reader034.vdocuments.net/reader034/viewer/2022042607/55762378d8b42a4e1c8b4e59/html5/thumbnails/4.jpg)
introduction to android
![Page 5: Canberk Bolat - Alice Android Diyarında](https://reader034.vdocuments.net/reader034/viewer/2022042607/55762378d8b42a4e1c8b4e59/html5/thumbnails/5.jpg)
introduction to android• 49 Adımda Android’in uzmanı olun!
* NOT: İngiliz Köyü’nden "49 Steps" kapısıteşekkürler Kasım Erkan!
![Page 6: Canberk Bolat - Alice Android Diyarında](https://reader034.vdocuments.net/reader034/viewer/2022042607/55762378d8b42a4e1c8b4e59/html5/thumbnails/6.jpg)
introduction to android• Sandbox
• Application Framework
• Memory Management
• File System Security
• User-granted / App-specific Permissions
![Page 7: Canberk Bolat - Alice Android Diyarında](https://reader034.vdocuments.net/reader034/viewer/2022042607/55762378d8b42a4e1c8b4e59/html5/thumbnails/7.jpg)
why android security?• BYOD
• Çok popüler
• 1 yılda ortalama• 29,000,000,000 uygulama download ediliyor
• Cihaz başına 60~ uygulama
• Zayıf uygulama denetimi (Google Play)
• Platform güncelleme sorunsalı• KitKat’ı olmayanlar parmak kaldırsın!
![Page 8: Canberk Bolat - Alice Android Diyarında](https://reader034.vdocuments.net/reader034/viewer/2022042607/55762378d8b42a4e1c8b4e59/html5/thumbnails/8.jpg)
common android application vulnerabilities• Logging
• Unencrypted/Plain-text/Weak credentials
• Unsecure Communication• HTTP Traffic :(
• XSS (?)• WebView• setJavaScriptEnabled
• addJavaScriptInterface
![Page 9: Canberk Bolat - Alice Android Diyarında](https://reader034.vdocuments.net/reader034/viewer/2022042607/55762378d8b42a4e1c8b4e59/html5/thumbnails/9.jpg)
common android application vulnerabilities• Logging
• Unencrypted/Plain-text/Weak credentials
• Unsecure Communication• HTTP Traffic :(
• XSS (?)• WebView• setJavaScriptEnabled
• addJavaScriptInterface
![Page 10: Canberk Bolat - Alice Android Diyarında](https://reader034.vdocuments.net/reader034/viewer/2022042607/55762378d8b42a4e1c8b4e59/html5/thumbnails/10.jpg)
exploiting addJavaScriptInterface vulnerability• setJavaScriptEnabled
• addJavaScriptInterface
![Page 11: Canberk Bolat - Alice Android Diyarında](https://reader034.vdocuments.net/reader034/viewer/2022042607/55762378d8b42a4e1c8b4e59/html5/thumbnails/11.jpg)
exploiting addJavaScriptInterface vulnerability•
![Page 12: Canberk Bolat - Alice Android Diyarında](https://reader034.vdocuments.net/reader034/viewer/2022042607/55762378d8b42a4e1c8b4e59/html5/thumbnails/12.jpg)
exploiting addJavaScriptInterface vulnerability•
![Page 13: Canberk Bolat - Alice Android Diyarında](https://reader034.vdocuments.net/reader034/viewer/2022042607/55762378d8b42a4e1c8b4e59/html5/thumbnails/13.jpg)
exploiting addJavaScriptInterface vulnerability•
![Page 14: Canberk Bolat - Alice Android Diyarında](https://reader034.vdocuments.net/reader034/viewer/2022042607/55762378d8b42a4e1c8b4e59/html5/thumbnails/14.jpg)
cross-compiling for android• Android NDK
• ndk-build
• Kodu derlemek için aşağıdaki gibi bir klasör yapısı gerekiyor
![Page 15: Canberk Bolat - Alice Android Diyarında](https://reader034.vdocuments.net/reader034/viewer/2022042607/55762378d8b42a4e1c8b4e59/html5/thumbnails/15.jpg)
cross-compiling for android• Android.mk dosyasının içeriği• Works for me!
![Page 16: Canberk Bolat - Alice Android Diyarında](https://reader034.vdocuments.net/reader034/viewer/2022042607/55762378d8b42a4e1c8b4e59/html5/thumbnails/16.jpg)
cross-compiling for androidC:\Users\Canberk\helloworld\jni>ndk-build
[armeabi] Compile thumb : hello_world <= helloworld.c
[armeabi] Executable : hello_world
[armeabi] Install : hello_world => libs/armeabi/hello_world
C:\Users\Canberk\helloworld\jni>adb push ..\libs\armeabi\hello_world data
C:\Users\Canberk\helloworld\jni>adb shell chmod 777 /data/hello_world
C:\Users\Canberk\helloworld\jni>adb shell ./data/hello_world
hello arm!
![Page 17: Canberk Bolat - Alice Android Diyarında](https://reader034.vdocuments.net/reader034/viewer/2022042607/55762378d8b42a4e1c8b4e59/html5/thumbnails/17.jpg)
popping shell on android• cross-compile your reverse_connect_backdoor.c for ARM
• convert binary to \x02X format
• write converted binary to file system• mitm and manipulate HTTP traffic
• exploit addJavaScriptInterface vulnerability
• chmod 777 backdoor
• run backdoor
• pop the shell on android
![Page 18: Canberk Bolat - Alice Android Diyarında](https://reader034.vdocuments.net/reader034/viewer/2022042607/55762378d8b42a4e1c8b4e59/html5/thumbnails/18.jpg)
popping shell on android
![Page 19: Canberk Bolat - Alice Android Diyarında](https://reader034.vdocuments.net/reader034/viewer/2022042607/55762378d8b42a4e1c8b4e59/html5/thumbnails/19.jpg)
demo
![Page 20: Canberk Bolat - Alice Android Diyarında](https://reader034.vdocuments.net/reader034/viewer/2022042607/55762378d8b42a4e1c8b4e59/html5/thumbnails/20.jpg)
exit(0)• teşekkürler!