ardui no pown android
play

Ardui-no pown Android A. Cervoise antoine.cervoise@gmail.com July - PowerPoint PPT Presentation

Oct 30, 2022 •464 likes •816 views

Ardui-no pown Android A. Cervoise antoine.cervoise@gmail.com July 6, 2016 RMLL Sec 2016 1 / 33 Summary Powning Android Arduino Enable mode debug Install APK Conclusion RMLL Sec 2016 2 / 33 Attacks against Android Interesting here

  1. Ardui-no pown Android A. Cervoise antoine.cervoise@gmail.com July 6, 2016 RMLL Sec 2016 1 / 33

  2. Summary Powning Android Arduino Enable mode debug Install APK Conclusion RMLL Sec 2016 2 / 33

  3. Attacks against Android Interesting here ◮ Attack through debug mode ◮ Installing APK Not interesting here ◮ Access through ClockworkMod ◮ Reading the RAM RMLL Sec 2016 3 / 33

  4. Debug Mode Attack Root the phone adb pull /data/system/gesture.key ./gesture.key adb pull /data/system/password.key ./password.key adb pull /data/data/com.android.providers.settings/ databases/settings.db ./settings.db adb pull /dbdata/databases/com.android.providers.settings /settings.db ./settings.db Extract gesture hash (not salt) or password/pin hash and salt Then john RMLL Sec 2016 4 / 33

  5. About Android Debug Mode Debug mode enable ◮ Before Android 4.2.2 : Allow debug mode ◮ Android 4.2.2-4.4.2 : Debug mode need validation (Secure USB), can be bypassed ◮ Since Android 4.4.3 : Secure USB debug mode RMLL Sec 2016 5 / 33

  6. About Android Debug Mode USB confirmation dialog on the emergency dialer (when phone is locked) https://labs.mwrinfosecurity.com/advisories/android-4-4-2-secure-usb-debugging-bypass/ RMLL Sec 2016 6 / 33

  7. About Android Debug Mode Samsung B7510 enable debug mode each time USB is plugged RMLL Sec 2016 7 / 33

  8. About installing apk ◮ On Play Store: is ”audited” by Google ◮ Directly with the APK: need to allow unknown sources RMLL Sec 2016 8 / 33

  9. Summary Powning Android Arduino Enable mode debug Install APK Conclusion RMLL Sec 2016 9 / 33

  10. Arduino Emulate keyboard ◮ https://github.com/samratashok/Kautilya ◮ https://github.com/offensive-security/hid-backdoor-peensy RMLL Sec 2016 10 / 33

  11. Summary Powning Android Arduino Enable mode debug Install APK Conclusion RMLL Sec 2016 11 / 33

  12. Open settings Samsung Galaxy S6 Polaroid Sony Xperia Z1 Android 5.1.1 PROS08BPR001 Compact Unknown Android Android 5.1.1 RMLL Sec 2016 12 / 33

  13. Open settings RMLL Sec 2016 13 / 33

  14. About phone RMLL Sec 2016 14 / 33

  15. Activate developper mode RMLL Sec 2016 15 / 33

  16. Developper mode RMLL Sec 2016 16 / 33

  17. Activate debug mode RMLL Sec 2016 17 / 33

  18. Debug mode warning RMLL Sec 2016 18 / 33

  19. MDM RMLL Sec 2016 19 / 33

  20. Summary Powning Android Arduino Enable mode debug Install APK Conclusion RMLL Sec 2016 20 / 33

  21. URL https://docs.google.com/uc?id=[...]&export=download RMLL Sec 2016 21 / 33

  22. Choose browser RMLL Sec 2016 22 / 33

  23. Open file application RMLL Sec 2016 23 / 33

  24. Open file application RMLL Sec 2016 24 / 33

  25. File application RMLL Sec 2016 25 / 33

  26. Find your apk RMLL Sec 2016 26 / 33

  27. Try to install it RMLL Sec 2016 27 / 33

  28. Activate unknown sources RMLL Sec 2016 28 / 33

  29. Last warning RMLL Sec 2016 29 / 33

  30. Summary Powning Android Arduino Enable mode debug Install APK Conclusion RMLL Sec 2016 30 / 33

  31. Conlusion Faster ◮ For some specific task (get the URL) ◮ Or if you really know the target RMLL Sec 2016 31 / 33

  32. Conlusion For other kind of attacks ◮ Fuzz Android ◮ Bruteforce PIN Code, password, pattern https://github.com/cervoise/Hardware-Bruteforce- Framework-2 RMLL Sec 2016 32 / 33

  33. Questions? RMLL Sec 2016 33 / 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2 Anthony Morris Jan-Felix Schmakeit Tech Lead, Android Maps API Android Developer Relations Code, Slides, Worksheet: http://goo.gl/MfY67 Welcome!

687 views • 49 slides
Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to use operating system that powers more than a billion devices across the globe - from phones and tablets to watches, TV, cars and more to come.

464 views • 21 slides
CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest

CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest

Project #1: Color Guess Game CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="net.cserna.bence.colorguess

201 views • 3 slides
What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4

What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4

What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4 Development, Meier, Ch 11, pg 437 Speech recognition: Accept inputs as speech (instead of typing) e.g. dragon dictate app? Note: Google

333 views • 16 slides
Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android

Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android

Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android which gives us the liberty to perform heavy tasks in the background and keep the UI thread light thus making the application more responsive. Basic

240 views • 5 slides
Android Android Application Development - Ashwin Agenda Android Platform Overview

Android Android Application Development - Ashwin Agenda Android Platform Overview

Android Android Application Development - Ashwin Agenda Android Platform Overview Installation Building Blocks Application Development Development Tools Source walk through Introduction to Android Open software

978 views • 49 slides
CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

583 views • 31 slides
CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

1.49k views • 70 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle

CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle

CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle Emmanuel Agu Android UI Design Example GeoQuiz App Reference: Android Nerd Ranch, pgs 1 32 App presents questions to test users knowledge

1k views • 96 slides
Services Android Services A Service is an application component that runs in the background, not

Services Android Services A Service is an application component that runs in the background, not

Lesson 22 Lesson 22 Android Android Services Victor Matos Cleveland State University Cleveland State University Notes are based on: Android Developers http://developer.android.com/index.html Portions of this page are reproduced from work

692 views • 26 slides
Android Pre-requisites 1 Android To Dos Make sure you have working

Android Pre-requisites 1 Android To Dos Make sure you have working

Android Pre-requisites 1 Android To Dos Make sure you have working install of Android Studio Make sure it works by running Hello, world App On emulator

666 views • 24 slides
Android Michael Greifeneder Image source: Android homepage Inhalt Overwiew Hardware

Android Michael Greifeneder Image source: Android homepage Inhalt Overwiew Hardware

Android Michael Greifeneder Image source: Android homepage Inhalt Overwiew Hardware Software Development Tools Basics Debugging/Emulator Location Demo Android And Me Why I like Android Blend of Linux

1.01k views • 25 slides
CS 528 Mobile and Ubiquitous Computing Lecture 2: Android Introduction and Setup Emmanuel Agu

CS 528 Mobile and Ubiquitous Computing Lecture 2: Android Introduction and Setup Emmanuel Agu

CS 528 Mobile and Ubiquitous Computing Lecture 2: Android Introduction and Setup Emmanuel Agu What is Android? Android is worlds leading mobile operating system Google: Owns Android, maintains it, extends it Distributes Android

388 views • 38 slides
CS 403X Mobile and Ubiquitous Computing Lecture 2: Introduction to Android Emmanuel Agu What is

CS 403X Mobile and Ubiquitous Computing Lecture 2: Introduction to Android Emmanuel Agu What is

CS 403X Mobile and Ubiquitous Computing Lecture 2: Introduction to Android Emmanuel Agu What is Android? Android is worlds leading mobile operating system Google: Owns Android, maintains it, extends it Distributes Android OS,

589 views • 35 slides
CS 528 Mobile and Ubiquitous Computing Lecture 1b: Introduction to Android Emmanuel Agu What is

CS 528 Mobile and Ubiquitous Computing Lecture 1b: Introduction to Android Emmanuel Agu What is

CS 528 Mobile and Ubiquitous Computing Lecture 1b: Introduction to Android Emmanuel Agu What is Android? Android is worlds leading mobile operating system Open source (https://source.android.com/setup/) Google: Owns Android,

652 views • 43 slides
POAD: The Process Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical

POAD: The Process Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical

POAD Book: Chapter 7 POAD: The Process Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU Goals Pattern Integration: Present two different ways for gluing patterns To introduce the process aspects

762 views • 28 slides
!"#!$ n

!"#!$ n

!"#!$ n %&!$!'(&!)!!!*

200 views • 3 slides
A diagrammatic approach to information flow in encrypted communication Z p Peter M. Hines Z p Z p

A diagrammatic approach to information flow in encrypted communication Z p Peter M. Hines Z p Z p

A diagrammatic approach to information flow in encrypted communication Z p Peter M. Hines Z p Z p Y.C.C.S.A. ,

780 views • 39 slides
Interactive Proof for Diagrammatic Languages Aleks Kissinger SamsonFest 2013 June 3, 2013 So

Interactive Proof for Diagrammatic Languages Aleks Kissinger SamsonFest 2013 June 3, 2013 So

Interactive Proof for Diagrammatic Languages Aleks Kissinger SamsonFest 2013 June 3, 2013 So monoids... So monoids... Consider a monoid ( A , , e ) : ( a b ) c = a ( b c ) a e = a = e a and So monoids... Consider

1.36k views • 77 slides
Web Security: Authentication & UI-based attacks CS 161: Computer Security Prof. Raluca Ada

Web Security: Authentication & UI-based attacks CS 161: Computer Security Prof. Raluca Ada

Web Security: Authentication & UI-based attacks CS 161: Computer Security Prof. Raluca Ada Popa April 12, 2016 Credit: some slides are adapted from previous offerings of this course or from CS 241 of Prof. Dan Boneh Authentication &

1.11k views • 73 slides
The Future Needs Everyone: Promoting Workplace Success for Millennials with Disabilities will

The Future Needs Everyone: Promoting Workplace Success for Millennials with Disabilities will

1/17/2017 The Future Needs Everyone: Promoting Workplace Success for Millennials with Disabilities will begin at 2 pm ET Listening to the Webinar Online: Please make sure your computer speakers are turned on or your headphones are

389 views • 24 slides
01 Introduction CS 2043: Unix Tools and Scripting, Spring 2019 [1] Matthew Milano January

01 Introduction CS 2043: Unix Tools and Scripting, Spring 2019 [1] Matthew Milano January

01 Introduction CS 2043: Unix Tools and Scripting, Spring 2019 [1] Matthew Milano January 23, 2019 Cornell University 1 Table of Contents 1. Welcome 2. Why are you here? 3. The command line feels unapproachable. But it doesnt have

413 views • 12 slides
SEEKING GOD TOGETHER INTRODUCTORY POWERPOINT OVERVIEW OF EACH SLIDE WITH SPEAKER NOTES 1. Front

SEEKING GOD TOGETHER INTRODUCTORY POWERPOINT OVERVIEW OF EACH SLIDE WITH SPEAKER NOTES 1. Front

SEEKING GOD TOGETHER INTRODUCTORY POWERPOINT OVERVIEW OF EACH SLIDE WITH SPEAKER NOTES 1. Front Cover image SGT is a resource for the Pastoral Accompaniment of Families - The clue is in the Title and the picture We are SEEKING GOD TOGETHER

213 views • 9 slides

More recommend