Terry D. Clark - Hacking Android
Here you can read online Terry D. Clark - Hacking Android full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2020, genre: Home and family. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
![No cover](/templates/la/images/nocover.jpg)
- Book:Hacking Android
- Author:
- Genre:
- Year:2020
- Rating:4 / 5
- Favourites:Add to favourites
- Your mark:
- 80
- 1
- 2
- 3
- 4
- 5
Hacking Android: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "Hacking Android" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
Hacking Android — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Hacking Android" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Font size:
Interval:
Bookmark:
Every effort has been made in preparing this book to ensure the accuracy of the information provided. However, the information in this book is sold without warranty, whether express or implied.
Unsolved for an anonymous person Any damages caused or alleged by this book to have occurred directly or indirectly.
An TERRY D.CLARK sought to provide trademark information about all companies and products mentioned in this book through appropriate use of capitals.
![Preface ix i Listing the packages 43 Pushing files to the device 44 - photo 1](/uploads/posts/book/245599/image_rsrc303.jpg)
Pushing files to the device 44
Pulling files from the device 44
Installing apps using adb 45
Troubleshooting adb connections 46
Summary 46
Chapter 2: Android Rooting 47
What is rooting? 47
Why would we root a device? 48
Advantages of rooting 49
Unlimited control over the device 49
Installing additional apps 49
More features and customization 50
Disadvantages of rooting 50
It compromises the security of your device 50
Bricking your device 51
Voids warranty 51
Locked and unlocked boot loaders 52
Determining boot loader unlock status on Sony devices 52
Unlocking boot loader on Sony through a vendor specified method 55
Rooting unlocked boot loaders on a Samsung device 58
Stock recovery and Custom recovery 58
Prerequisites 60
Rooting Process and Custom ROM installation 62
Installing recovery softwares 62
Using Odin 63
Using Heimdall 66
Rooting a Samsung Note 2 68
Flashing the Custom ROM to the phone 71
Summary 79
Chapter 3: Fundamental Building Blocks of Android Apps 81
Basics of Android apps 81
Android app structure 82
How to get an APK file? 83
Storage location of APK files 83
/data/app/ 84
/system/app/ 85
/data/app-private/ 86
Android app components 89
Activities 90
Services 90
Broadcast receivers 91
Content providers 91
Android app build process 92
Building DEX files from the command line 95
What happens when an app is run? 98
ART the new Android Runtime 99
Understanding app sandboxing 99
UID per app 99
App sandboxing 103
Is there a way to break out of this sandbox? 105
Summary 106
Chapter 4: Overview of Attacking Android Apps 107
Introduction to Android apps 108
Web Based apps 108
Native apps 108
Hybrid apps 108
Understanding the app's attack surface 109
Mobile application architecture 109
Threats at the client side 111
Threats at the backend 112
Guidelines for testing and securing mobile apps 113
OWASP Top 10 Mobile Risks (2014) 114
M1: Weak Server-Side Controls 115
M2: Insecure Data Storage 115
M3: Insufficient Transport Layer Protection 115
M4: Unintended Data Leakage 116
M5: Poor Authorization and Authentication 116
M6: Broken Cryptography 117
M7: Client-Side Injection 117
M8: Security Decisions via Untrusted Inputs 117
M9: Improper Session Handling 118
M10: Lack of Binary Protections 118
Automated tools 118
Drozer 119
Performing Android security assessments with Drozer 120
Installing testapp.apk 120
Listing out all the modules 120
Retrieving package information 121
[ iii ]
Identifying and exploiting Android app vulnerabilities using Drozer 123
QARK (Quick Android Review Kit) 126
Running QARK in interactive mode 126
Reporting 133
Running QARK in seamless mode: 134
Summary 137
Chapter 5: Data Storage and Its Security 139
What is data storage? 139
Android local data storage techniques 141
Shared preferences 142
SQLite databases 142
Internal storage 142
External storage 142
Shared preferences 144
Real world application demo 145
SQLite databases 147
Internal storage 150
External storage 152
User dictionary cache 154
Insecure data storage NoSQL database 155
NoSQL demo application functionality 155
Backup techniques 158
Backup the app data using adb backup command 159
Convert .ab format to tar format using Android backup extractor 161
Extracting the TAR file using the pax or star utility 163
Analyzing the extracted content for security issues 164
Being safe 167
Summary 167
Chapter 6: Server-Side Attacks 169
Different types of mobile apps and their threat model 170
Mobile applications server-side attack surface 170
Mobile application architecture 171
Strategies for testing mobile backend 172
Setting up Burp Suite Proxy for testing 172
Proxy setting via APN 173
Proxy setting via Wi-Fi 175
Bypass certificate warnings and HSTS 176
Bypassing certificate pinning 184
Bypass SSL pinning using AndroidSSLTrustKiller 185
Setting up a demo application 186
Threats at the backend 187
Relating OWASP top 10 mobile risks and web attacks 188
Authentication/authorization issues 189
Session management 193
Insufficient Transport Layer Security 194
Input validation related issues 194
Improper error handling 194
Insecure data storage 194
Attacks on the database 195
Summary 196
Attacking application components 198
Attacks on activities 198
Intent filters 204
Attacks on services 205
Extending the Binder class: 205
Using a Messenger 205
Using AIDL 205
Attacking AIDL services 206
Attacks on broadcast receivers 206
Attacks on content providers 210
Querying content providers: 211
Exploiting SQL Injection in content providers using adb 214
Testing for Injection: 215
Finding the column numbers for further extraction 217
Running database functions 218
Finding out SQLite version: 218
Finding out table names 219
Static analysis using QARK: 220
Summary 224
Automated Android app assessments using Drozer 226
Listing out all the modules 226
Retrieving package information 228
Finding out the package name of your target application 229
Getting information about a package 229
Dumping the AndroidManifes.xml file 230
Finding out the attack surface: 232
Attacks on activities 232
[ v ]
Broadcast receivers 237
Content provider leakage and SQL Injection using Drozer 239
Attacking SQL Injection using Drozer 242
Path traversal attacks in content providers 246
Reading /etc/hosts 249
Reading kernel version 249
Exploiting debuggable apps 250
Introduction to Cydia Substrate 252
Runtime monitoring and analysis using Introspy 254
Hooking using Xposed framework 259
Dynamic instrumentation using Frida 270
What is Frida? 270
Prerequisites 270
Steps to perform dynamic hooking with Frida 272
Logging based vulnerabilities 274
WebView attacks 277
Accessing sensitive local resources through file scheme 277
Font size:
Interval:
Bookmark:
Similar books «Hacking Android»
Look at similar books to Hacking Android. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Discussion, reviews of the book Hacking Android and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.