Mobile Hacking - Fundamentals
Mobile Hacking - Fundamentals
Mobile Hacking - Fundamentals
Fundamentals
Mobile Hacking -
The Mobile threat landscape
Android – 84.1%
IOS – 14.8%
Microsoft – 0.7%
RIM – 0.2%
http://www.statista.com/statistics/266136/global-market-
share-held-by-smartphone-operating-systems/
Mobile Hacking -
The Mobile threat landscape
https://www.blackhat.com/latestintel/05122016-mobile-hacking.html
Mobile Hacking -
Attack Vectors
Manual Installation
– Direct Access to the device
– Use of client-server programs – ex: ADB
Social Engineering
Text Messages – ex: stagefright
RCE vulnerabilities – ex: ADB
– exploit/android/adb/adb_server_exec
Etc.
Mobile Hacking -
Hacking Android – Example 1
Example 1
Manual Installation
Raw payload saved in apk format generated with
msfvenom
Standard reverse meterpreter
Mobile Hacking -
Hacking Android – Example 1
Mobile Hacking -
Hacking Android – Example 1
Mobile Hacking -
Hacking Android – Example 1
Mobile Hacking -
Hacking Android – Example 1
Mobile Hacking -
Hacking Android – Example 1
Mobile Hacking -
Hacking Android – Example 1
Mobile Hacking -
Hacking Android – Example 1
Mobile Hacking -
Hacking Android – Example 1
Mobile Hacking -
Hacking Android – Example 2
Install Applications
Bypass Android's lock screen - Pattern/PIN locks
Obtain Shells
Etc..
https://developer.android.com/studio/command-line/adb.html
Mobile Hacking -
Hacking Android – Example 2
Mobile Hacking -
Hacking Android – Example 3
Apktool - https://ibotpeaches.github.io/Apktool/
A tool for reverse engineering Android apk files
Manifest
Every application must have an AndroidManifest.xml file (with
precisely that name) in its root directory. The manifest file
provides essential information about your app to the Android
system, which the system must have before it can run any of the
app's code.
https://developer.android.com/guide/topics/manifest/manifest-intro.html
Smali
Smali/Baksmali is an assembler/disassembler for the dex format
used by dalvik, Android's Java VM implementation. The names
"Smali" and "Baksmali" are the Icelandic equivalents of
"assembler" and "disassembler" respectively.
https://www.youtube.com/watch?v=h98KtUgUOsg
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
HELP