ARM Android Xploitation Primer
Objective
Smart-phones, tablets and portable gadgets have become a must-have for
everyone for personal as well as official use. As people have started utilizing these
devices to frequently access the Internet, read important documents, carry out
financial transactions and so on and so forth, the bad guys have realized the shift
and have started to focus on exploiting these platforms for their gains. There has
been a lot of advancement in mobile malware and exploitation research.
These devices are computers running various operating systems on ARM processors
with hardware for telephony, wifi etc.
ARM Android Xploitation Primer takes up one of the finest operating system used for
these devices I.e. Android as the ARM based platform for the training and takes a
deep dive into ARM assembly, Android Native development components, buffer
overflows and shellcoding. The training introduces the attendees to the ARM
Android platform including the intrinsic technical details and security issues using a
balanced proportion of theory and extensive hands-on and exercises. It provides a
base for the attendees to develop security research expertise on the ARM based
platforms beyond the conventional Android application security testing skills.
Course Content
- Introduction to Android
- What is Android?
- The architecture
- Getting the Android source
- Setting up the environment
- Android Native Dev primer
- ADB
- NDK
- Compiling C code
- Assembly code
- Execution
- Debugging
- Android ARM Assembly primer
- ARM overview
- Processor Modes
- Registers
- Instruction set
- Stack implementation
- System call convention
- Procedure call convention
- Exercises
- ARM Shellcoding Primer
- Introduction
- System interaction
- Relative addressing
- Four byte Hell!
- Null byte Hell!
- ARM THUMB and the finger
- Exercises
- Indroid - Code Injection
- Introduction
- Borrowing from Windows
- Linux Ptrace
- Library Injection
- Indroid
- Memory Allocation and Execution
- Threadification
- Payload
- The API
- Putting it all together i.e. DIY injection
- ARM buffer overflow primer
- Buffer overflow 101
- The ARM/Linux stack
- Stack overflow
- Controlling the flow of execution
- Ret2Libc
- Exercises
Speaker Details
Aseem Jakhar
is the Director, research at Payatu Technologies Pvt Ltd
http://payatu.com a boutique security testing company. He has extensive
experience in system programming, security research, consulting and managing
security software development projects. He has worked on various security software
including IBM ISS Proventia UTM appliance, Mirapoint messaging/security appliance,
anti-spam engine, anti-virus software, multicast packet reflector, Transparent HTTPS
proxy with captive portal, bayesian spam filter to name a few. He is an active
speaker at security and open source conferences; some of the conferences he has
spoken at include AusCERT, Defcon, Hack.lu, Blackhat, Xcon, Cyber security summit,
Cocon, OSI Days, Clubhack, Gnunify. His research includes Linux remote thread
injection, automated web application detection and dynamic web filter. He is the
author of open source Linux thread injection kit - Jugaad and Indroid which
demonstrate a stealthy malware infection technique. He is well known in the
hacking and security community as the founder of null - The open security
community, registered not-for-profit organization http://null.co.in , the largest
security community in India and the founder of nullcon security conference
http://nullcon.net.
Duration
1 day (8 hrs)
Participants Requirements
- Bring your own laptop
- 15+ GB free hard disk space
- 2+ GB RAM
- VirtualBox installed on the system
Pre-requisite
- Basic Linux knowledge
- Programming, assembly knowledge will be a plus although not specifically required
- Passion to learn new security stuff
Who should attend?
- Information security professionals
- Security researchers and penetration testers
- Anyone with interest in Android security
- Android developers/QA
What to Expect
- Interactive hands-on training session
Code analysis, trial and errors
- Getting familiar with the Android platform
What not to Expect
Becoming an ARM or Android hacker overnight. Use the knowledge gained and
research further to master the platform. This training acts as a base to quickly kick
start your research into ARM/Android security.