Top Banner
Android Device Testing Framework Blackhat USA 2014 Arsenal Jake Valletta August 07, 2014 https://github.com/jakev/dtf
15

Android Device Testing Framework - Black Hat · Android Device Testing Framework Blackhat USA 2014 Arsenal ... –What changed in Android Open-Source Project ... –GUI? Blackhat

Apr 04, 2018

Download

Documents

vandiep
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Android Device Testing Framework - Black Hat · Android Device Testing Framework Blackhat USA 2014 Arsenal ... –What changed in Android Open-Source Project ... –GUI? Blackhat

Android Device Testing Framework

Blackhat USA 2014 Arsenal

Jake Valletta

August 07, 2014

https://github.com/jakev/dtf

Page 2: Android Device Testing Framework - Black Hat · Android Device Testing Framework Blackhat USA 2014 Arsenal ... –What changed in Android Open-Source Project ... –GUI? Blackhat

Who Am I

• Consultant at Mandiant/FireEye

• Mobile security research and tool development

– www.thecobraden.com/projects/

– www.github.com/jakev/

• @jake_valletta

Blackhat USA 2014 https://github.com/jakev/dtf 2

Page 3: Android Device Testing Framework - Black Hat · Android Device Testing Framework Blackhat USA 2014 Arsenal ... –What changed in Android Open-Source Project ... –GUI? Blackhat

What is dtf?

• “Android Device Testing Framework”

– Modular and extendable

• Written in Python and Bash

• Not a vulnerability scanner

• Think of it as “lead generation”

• Someone hands you a phone – Where are the vulnerabilities?

https://github.com/jakev/dtf 3 Blackhat USA 2014

Page 4: Android Device Testing Framework - Black Hat · Android Device Testing Framework Blackhat USA 2014 Arsenal ... –What changed in Android Open-Source Project ... –GUI? Blackhat

Example Vulnerabilities

• Information disclosure

– Can a malicious application or user “pillage” system or personal data?

• Privilege escalation

– Can a malicious application or user escalate their privileges on the device?

• Denial of service

– Can a malicious application cause denial of service like conditions to a device?

https://github.com/jakev/dtf 4 Blackhat USA 2014

Page 5: Android Device Testing Framework - Black Hat · Android Device Testing Framework Blackhat USA 2014 Arsenal ... –What changed in Android Open-Source Project ... –GUI? Blackhat

What it does Out of the Box

• Not much.

• Provides project management

• Package installer and module support

– Modules perform all the exciting functionality!

– dtf <module_name>

https://github.com/jakev/dtf 5 Blackhat USA 2014

Page 6: Android Device Testing Framework - Black Hat · Android Device Testing Framework Blackhat USA 2014 Arsenal ... –What changed in Android Open-Source Project ... –GUI? Blackhat

Modules?

• Python or Bash scripts

• I’ll be releasing my collection of modules for testing

• Can also write your own

https://github.com/jakev/dtf 6 Blackhat USA 2014

Page 7: Android Device Testing Framework - Black Hat · Android Device Testing Framework Blackhat USA 2014 Arsenal ... –What changed in Android Open-Source Project ... –GUI? Blackhat

My Modules…

• Collect information from device

• Unpack data and process into databases

• Provide APIs and modules to interact with the data

Blackhat USA 2014 https://github.com/jakev/dtf 7

• sysapps.db • frameworks.db • dev.db • services.db • appdexdbs/*.db • frameworkdexdbs/*.db

• APK Files • Framework files • Binaries • System Libraries

• Disassemble DEX • Decode manifests • Unpack resources

Page 8: Android Device Testing Framework - Black Hat · Android Device Testing Framework Blackhat USA 2014 Arsenal ... –What changed in Android Open-Source Project ... –GUI? Blackhat

What’s the Goal?

• Rapidly answer the questions:

– What changed in Android Open-Source Project (AOSP) applications?

– What is exposed in new OEM/carrier applications?

Blackhat USA 2014 https://github.com/jakev/dtf 8

Page 9: Android Device Testing Framework - Black Hat · Android Device Testing Framework Blackhat USA 2014 Arsenal ... –What changed in Android Open-Source Project ... –GUI? Blackhat

Blackhat Setup

• Two test devices

– ZTE Open C with ZTE Kit Kat 4.4.2

– Amazon Kindle HD with “FireOS 3.0”

• Physical access

• USB Debugging enabled

• No root access

Blackhat USA 2014 https://github.com/jakev/dtf 9

Page 10: Android Device Testing Framework - Black Hat · Android Device Testing Framework Blackhat USA 2014 Arsenal ... –What changed in Android Open-Source Project ... –GUI? Blackhat

Demos!

10 https://github.com/jakev/dtf Blackhat USA 2014

Page 11: Android Device Testing Framework - Black Hat · Android Device Testing Framework Blackhat USA 2014 Arsenal ... –What changed in Android Open-Source Project ... –GUI? Blackhat

Closing Thoughts

• Device OEMs and carriers have a lot to learn

– 1999 style issues

• Issues are extremely apparent, given the correct tools

• Be careful how much trust you put in your device!

Blackhat USA 2014 11 https://github.com/jakev/dtf

Page 12: Android Device Testing Framework - Black Hat · Android Device Testing Framework Blackhat USA 2014 Arsenal ... –What changed in Android Open-Source Project ... –GUI? Blackhat

Future Plans

• Remove Bash dependency

• Cross-platform support

• Continue to release modules and expand functionality

– More automation?

– GUI?

Blackhat USA 2014 12 https://github.com/jakev/dtf

Page 13: Android Device Testing Framework - Black Hat · Android Device Testing Framework Blackhat USA 2014 Arsenal ... –What changed in Android Open-Source Project ... –GUI? Blackhat

Questions?

https://github.com/jakev/dtf

Page 14: Android Device Testing Framework - Black Hat · Android Device Testing Framework Blackhat USA 2014 Arsenal ... –What changed in Android Open-Source Project ... –GUI? Blackhat

Contact

• Twitter: @jake_valletta

• Email: [email protected]

• Site: www.thecobraden.com

• Blog: blog.thecobraden.com

• GitHub: www.github.com/jakev/dtf

Blackhat USA 2014 14 https://github.com/jakev/dtf

Page 15: Android Device Testing Framework - Black Hat · Android Device Testing Framework Blackhat USA 2014 Arsenal ... –What changed in Android Open-Source Project ... –GUI? Blackhat

Thanks!

https://github.com/jakev/dtf