Getting Started with Android

Tools for Passive Reconnaissance on Kali

Posted by Kulani Mahadewa on March 16, 2021
Posted in: Getting Started with Android. Leave a comment

Hi 🙂

Disclaimer: Ethical Hacking should be always performed on services that provide permissions on doing so, otherwise it cause legal issues and cost you. Generally, ethical hacking is performed to find vulnerabilities of a service by its owner or an authorized party.

To perform ethical hacking on a service that welcomes it, the first step is to gather information about the service. In particular, passive reconnaissance is the process of information gathering about a target service such as a web application. This could include personal or social information such as

  • textual data: name, email, phone number, and job information
  • image data: computer and desk at the office/home (could leak applications/tools used by a target person)

or location information (mostly physical).

Following are some tools that can be used on Kali Linux for passive reconnaissance.

  • theHarvester (built-in to Kali)

For a given domain, it searches information on sources such as google, twitter and yahoo

Command: theHarvster -d <domain> -b <source>

  • sublist3r

For a given domain (e.g., example.com) this tool finds subdomain (e.g., sub.example.com) information. It can be installed by command apt install sublist3r. Additionally, this is another online tool that can be used to perform similar information gathering.

Command: sublist3r -d <domain>

  • Wappalyzer (Browser add-on)

This tool provides meta information about the implementation of a web application such as version numbers, frameworks used, programming language used, content management used, etc.

  • Google Search

It is possible to perform effective search on Google by using specific keywords such as to find for particular type of files at a website you can use

site:<domain> filetype: <file type e.g., pdf, docx, etc>

Cheers !

Why Smart Homes Require Integration Analysis?

Posted by Kulani Mahadewa on May 24, 2020
Posted in: Article, Getting Started with Android. Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , . Leave a comment

In the HomeScan[2]  paper (in ICECCS 2018),  we highlight the importance of the security analysis of a smart home system from the integration perspective and propose a semi-automatic approach to perform the integration analysis. Later, an extended version [1] of this work was published in the 2019 TSE journal.

Why integration analysis?

Unlike the traditional ubiquitous smart home systems, the IoT (Internet of Things) driven smart home systems are more complex with the inherent attributes of IoT such as heterogeneity in technologies, standards, protocols, and platforms they are built upon while supporting a low-cost and a low-power system over the Internet.

Screenshot 2020-05-25 03.23.52

The Figure shows the diversity of communication protocols and smart devices by different manufacturers supported by a smart home system that uses Smarthings hub.

The HomeScan paper suggests two factors which make securing of a smart home system challenging as incompatibilities and invalidated assumptions exist in a smart home system due to its complexity. Therefore, it highlights the requirement of analyzing the security of a smart home system from the integration perspective to discover insecurities arrises due to the challenges in providing security for smart home systems.

How to perform integration analysis?

The paper proposes HomeScan, a semi-automatic approach to perform a security analysis of a smart home system from the integration perspective. The idea is that, if you have a model (a finite state diagram) of the integrated system, you can perform model checking against different attack models to find security problems in the integrated system. Hence, the paper first provides a set of techniques to extract the model of the integrated system as a Labeled Transition System (LTS) from the available implementations. Next, it shows that reachability checking over the generated integrated system model can be used to find security problems in the smart home integration. For more information please refer to the Homescan [2] paper or its extended version [1].

References

[1] Scrutinizing Implementations of Smart Home Integrations. Kulani Mahadewa, Kailong Wang, Guangdong Bai, Ling Shi, Yan Liu, Jin Song Dong, and Zhenkai Liang. IEEE Transactions on Software Engineering, TSE 2019

[2] HOMESCAN: Scrutinizing Implementations of Smart Home Integrations. Kulani Mahadewa, Kailong Wang, Guangdong Bai, Ling Shi, Jin Song Dong and Zhenkai Liang. 23rd International Conference on Engineering of Complex Computer Systems, ICECCS 2018, Melbourne, Australia, December 12-14, 2018

Running Xposed Module: “Default Activity not Specified” error

Posted by Kulani Mahadewa on April 19, 2019
Posted in: Getting Started with Android, xposed. Tagged: , , . Leave a comment

Hi! When you try to run the xposed module on Android Studio, at the build configuration select the “Nothing” from the drop down list of “Launch Options” to avoid the “Default Activity not specified” error.

Screenshot from 2019-04-20 01-10-16

Cheers!

4. Install chaos_calmer on OpenWRT device TP-Link WR841n router

Posted by Kulani Mahadewa on January 26, 2018
Posted in: Getting Started with Android. Leave a comment

Hi, in this guide I will explain how to re-flash chaos_calmer on an open WRT device with Barrier Breaker installed. The router I refer is tplink WR841n, which is of hardware version v11. In the official website of OpenWRT, it specifies that the chaos_calmer (15.05.1) of v10 image is compatible with the v11. Therefore, v10 of chaos_calmer image is used in this tutorial.

  1. Download tl-wr841n-v10-squashfs-factory.bin on to Windows and rename as wr841nv10_tp_recovery.bin.
  2. As explained in post (no.2 under Security –>ethical hacking of this blog ), use WinSCP software to transfer this file to the router. Then flash the image using 
    sysupgrade -F -v wr841nv10_tp_recovery.bin
  3. Now, wait until the router reboots. Once rebooted you can see the lights of router as shown in the below image.IMG_5523[1]
  4. If you try to connect to the router through SSH at this moment, it will ask for a password. Although the default setting has no password, you will get permission denied.
  5. Therefore, first use the LuCi GUI comes with chaos_calmer firmware, to set a password.
  6. Open the browser –> visit 192.168.1.1 –> You can login to the root user account without a password.screenshot-from-2018-01-26-16-42-29.png
  7. Next, click on the “password configuration link” on message at the top. Set a new password, and also select the SSH access interface to lan.–> Save and apply. (Do not open the GUI on more than one tab on the browser. It will avoid saving the settings.)screenshot-from-2018-01-26-16-56-301.png
  8. Again, if you try to connect to through ssh. You can use the updated password to login.screenshot-from-2018-01-26-16-57-22.png

Cheers !!! 🙂

Install JD_GUI on Kali

Posted by Kulani Mahadewa on January 15, 2018
Posted in: Getting Started with Android. Tagged: , , , . Leave a comment

You can use jd-gui on Kali with just two steps.

  1. Download jd-gui repo for Kali from : Kali Git Repositories .
  2.  Unzip the repository. You can see the jd-gui-1.4.0.jar. Just run the jar file from command prompt.
unzip <path to  jd-gui-917bcbf.tar.gz>

files

java -jar <path to jd-gui-1.4.0.jar>

run

Cheers !!! 🙂

Android security model (4.2 and earlier)

Posted by Kulani Mahadewa on May 18, 2016
Posted in: Android Security Model, Getting Started with Android. Tagged: , , , , , , , , , , , . Leave a comment

Android Sandboxing and Permission Model

The Android OS versions 4.2 and earlier were based on the Discretionary Access Control (DAC) with Sandboxing model. I will explain here how the security was designed with this  initial approach and shortcomings associate with DAC.

The Android kernel is a modified version of Linux Kernel in order to adopt the specific requirements of a mobile device. The multi-user system used in desktop Linux is adopted to Android as each application as a unique user. Thus the user based isolation is followed as application based isolation with Android . Consequently, each application has got a unique UserID (UID). With the isolation, each application is run within its own Dalivk VM and within its own process.

By default, an application process runs within this sandbox can only access its own private data. Thus inter-application communication is not allowed by default.

1

However, applications may required to access other system resources. For instance GPS, Network, Bluetooth, Contacts, etc. In order to access these resources application will have to go through the permission model. The owner of the system resources is the device user. According to the Discretionary Access Control (DAC), the owner of the resource controls access permissions related to it. Thus, a permission request list will be prompted at the installation time of the application for the user or the device owner to accept it or denied. Once the application granted the permissions they can have access to particular set of system resources.

2

Shortcomings of DAC

If somehow malicious application got the root access, which is also called su, superuer or UID=root, then the sandboxing model can be easily bypassed and it is no longer applicable. Because with this security model super user or root user has given absolute power over the device.Thus can access any system resource and even resources belong to the other 3-rd party applications. Moreover, it can perform all privilege actions including;

-read, write private files of any app.

-Can read, write or change permission bits of any file/directry

-Kill any process,  change system configurations, starting/stopping system services

-Remove core system apps etc.

In the next post I will explain how the Security Enhanced Linux was adopted to Android to further improve the security of the OS.

Cheers !! 🙂

2015 in review

Posted by Kulani Mahadewa on December 30, 2015
Posted in: Getting Started with Android. Leave a comment

The WordPress.com stats helper monkeys prepared a 2015 annual report for this blog.

Here’s an excerpt:

The concert hall at the Sydney Opera House holds 2,700 people. This blog was viewed about 19,000 times in 2015. If it were a concert at Sydney Opera House, it would take about 7 sold-out performances for that many people to see it.

Click here to see the complete report.

Create a Simple Menu

Posted by Kulani Mahadewa on August 1, 2012
Posted in: Getting Started with Android. Tagged: , , . Leave a comment

Hi, Today i’ll explain  how to create a Menu Page by using the default resources available with android. This is the easiest way to create a menu. You can use the ListView widget to create the menu list.

Layout page Design

    1. Goto res-> layout-> Right click on the layout folder and add a new Android XML file.
    2. Now select the “Graphical Layout” view and drag and drop the ListView widget available under “Composite”.

The menu.xml file is generated as follows.

<?xml version=”1.0″ encoding=”utf-8″?>
<LinearLayout xmlns:android=”http://schemas.android.com/apk/res/android&#8221;
android:layout_width=”fill_parent”
android:layout_height=”fill_parent”
android:orientation=”vertical” >
<ListView
android:id=”@+id/listView1″
android:layout_width=”fill_parent”
android:layout_height=”wrap_content” >
</ListView>
</LinearLayout>

Things to consider when implementing

  1. Create a String array including the list of items of the menu.
  2. Use the simple_list_item_1 when creating the ArrayAdapter.
  3. ** Change the id of the ListView at the XML file as android:id=”@android:id/list”. Otherwise you’ll get a RuntimeException.

Implementation of ListActivity

public class HelloWorldActivity extends ListActivity {
/** Called when the activity is first created. */
static final String[] s = new String[] { “Service1″,”Service2″,”Service3″,”Service4″,”Service5” };
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
setListAdapter(new ArrayAdapter<String>(this,android.R.layout.simple_list_item_1, s));
getListView().setTextFilterEnabled(true);
}
protected void onListItemClick(ListView l, View v, int position, long id) {
super.onListItemClick(l, v, position, id);
Object o = this.getListAdapter().getItem(position);
String s2 = o.toString();
Toast.makeText(this, “You have chosen the service:” + “” + s2,
Toast.LENGTH_LONG).show();

if (position == 0) {
Intent intent = new Intent(HelloWorldActivity.this,
AnotherService.class);
startActivity(intent);
}
}
}

Creating an Emulator

Posted by Kulani Mahadewa on July 26, 2012
Posted in: Getting Started with Android, Testing with the AVD. Tagged: , . Leave a comment

The (Android Virtual Device) AVD Manager downloaded with the SDK can be used to create virtual devices to test the android applications. First, run the AVD Manager icon in the Eclipse IDE. Now you can create an Emulator by giving the following attributes.

  1. Name : Device-1
  2. Target : Android 2.3.3(API Level 10)
  3. SD Card Size : 64 MiB
  4. Skin : Default(WVGA800)
  5. You can change the ram size, density and heap or add any new property in Hardware as you wish.

Run an application on the Emulator

Select the application and choose the “Run Configuration” from the menu item “Run”. Now you can select a virtual device which is compatible with the target SDK version, from the list of devices available. The devices you have created using the AVD Manager will be added to this list.