安卓黑客手册Android Hacker's Handbook

Androidhacker'sHandbook ffirsindd0150:14PM02/28/2014 ffirsindd01:50:14:PM02/28/2014Pageii Androidhackers Handbook JoshuaDrake Pauolivafora Zachlanier Collinmulliner StephenA.ridley y Georgwicherski WILEY ffirsindd01:50:14:PM02/28/2014Pageiii Handbook Publishedby ntboulevard Ind C ghto2014byjohnwileys ISBN:978-1-118-608647 ISBN:978-1-118-60861-6(ebk) ISBN:978-1-118-92225-5(ebk) edintheUnitedStatesofal 10987654321 Nopartofthispublicationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeans, electronic,mechanical,photocopying,recording,scanningorotherwise,exceptaspermittedunderSections107or 108ofthe1976UnitedStatesCopyrightAct,withouteitherthepriorwrittenpermissionofthePublisher,orautho rizationthroughpaymentoftheappropriateper-copyfeetotheCopyrightClearanceCenter,222RosewoodDrive, Danvers,MA01923,(978)750-8400,fax(978)646-8600RequeststothePublisherforpermissionshouldbeaddressed tothePermissionsDepartment,JohnWileySons,Inc,111RiverStreet,Hoboken,NJ07030,(201)748-6011,fax(201) 748-6008,oronlineat LimitofLiability/DisclaimerofWarranty:Thepublisherandtheauthormakenorepresentationsorwarrantieswith especttotheaccuracyorcompletenessofthecontentsofthisworkandspecificallydisclaimallwarranties,including withoutlimitationwarrantiesoffitnessforaparticularpurpose.Nowarrantymaybecreatedorextendedbysalesor promotionalmaterials.Theadviceandstrategiescontainedhereinmaynotbesuitableforeverysituation.Thiswork issoldwiththeunderstandingthatthepublisherisnotengagedinrenderinglegal,accounting,orotherprofessional services.Ifprofessionalassistanceisrequired,theservicesofacompetentprofessionalpersonshouldbesought Neitherthepublishernortheauthorshallbeliablefordamagesarisingherefrom.Thefactthatanorganizationor Websiteisreferredtointhisworkasacitationand/orapotentialsourceoffurtherinformationdoesnotmeanthat theauthororthepublisherendorsestheinformationtheorganizationorWebsitemayprovideorrecommendations itmaymake.Further,readersshouldbeawarethatInternetWebsiteslistedinthisworkmayhavechangedordisap pearedbetweenwhenthisworkwaswrittenandwhenitisread ForgeneralinformationonourotherproductsandservicespleasecontactourCustomerCareDepartmentwithinthe UnitedStatesat(877)762-2974,outsidetheUnitedStatesat(317)572-3993orfax(317)572-4002 Wileypublishesinavarietyofprintandelectronicformatsandbyprint-on-demand.Somematerialincludedwith standardprintversionsofthisbookmaynotbeincludedine-booksorinprint-on-demand.Ifthisbookreferstomedia suchasaCDordvdthatisnotincludedintheversionyoupurchased,youmaydownloadthismaterialat FormoreinformationaboutWileyproducts,visit LibraryofCongressControlNumber:2013958298 Trademarks:WileyandtheWileylogoaretrademarksorregisteredtrademarksofJohnWiley&zSons,Incand/or itsaffiliates,intheUnitedStatesandothercountries,andmaynotbeusedwithoutwrittenpermission.Androidisa trademarkofGoogle,Inc.Allothertrademarksarethepropertyoftheirrespectiveowners.JohnWileySons,Inc isnotassociatedwithanyproductorvendormentionedinthisbook ffirsindd01:50:14:PM02/28/2014Pageiv Abouttheauthors JoshuaJ.DrakeisaDirectorofResearchScienceatAccuvantLABSJoshua focusesonoriginalresearchinareassuchasreverseengineeringandtheanaly- sis,discovery,andexploitationofsecurityvulnerabilities.Hehasover10years ofexperienceintheinformationsecurityfieldincludingresearchinglinux securitysince1994,researchingAndroidsecuritysince2009,andconsulting withmajorAndroidOEMssince2012.Inpriorroles,heservedatMetasploit andVeriSignsiDefenseLabsAtBlackHatUSA2012,GeorgandJoshuado stratedsuccessfullyexploitingtheAndroid4.0.1browserviaNFC.Joshuaspoke REcon,CanSecWest,RSA,R /Breakpoint,Toorcon,andderbyConhe wonpwn2Ownin2013andwontheDefCon18CTFwiththeaCmePharm teamin2010 PauolivaForaisaMobilesecurityEngineerwithviaForensics.Hehaspre viouslyworkedasR+DEngineerinawirelessprovider.Hehasbeenactively researchingsecurityaspectsontheandroidoperatingsystemsinceitsdebut withtheT-MobileG1onOctober2008.Hispassionforsmartphonesecurityhas manifesteditselfnotjustinthenumerousexploitsandtoolshehasauthored butinotherways,suchasservingasamoderatorfortheverypopularXda Developersforumevenbeforeandroidexisted.Inhiswork,hehasprovided consultationtomajorAndroidoEMs.Hiscloseinvolvementwithandobserva- tionofthemobilesecuritycommunitieshashimparticularlyexcitedtobea partofpullingtogetherabookofthisnature ZachLanierisaSeniorSecurityresearcheratduoSecurity.Zachhas beeninvolvedinvariousareasofinformationsecurityforover10years.He hasbeenconductingmobileandembeddedsecurityresearchsince2009, ffirsindd01:50:14:PM02/28/2014Pagev Abouttheauthors rangingfromappsecurity,toplatformsecurity(especiallyAndroid),todevice, network,andcarriersecurity.Hisareasofresearchinterestincludeboth offensiveanddefensivetechniquesaswellasprivacy-enhancingtechnologies Hehaspresentedatvariouspublicandprivateindustryconferences,such asBlackHat,DEFCON,ShmooCon,RSA,IntelSecurityConference,Amazon ZonCon,andmore CollinMullinerisapostdoctoralresearcheratNortheasternUniversity.His maininterestliesinsecurityandprivacyofmobileandembeddedsystemswith anemphasisonmobileandsmartphoneshisearlyworkdatesbackto1997,when hedevelopedapplicationsforPalmOS.Collinisknownforhisworkonthe(in) securityoftheMultimediaMessagingService(MMS)andtheShortMessage Service(SMS).Inthepasthewasmostlyinterestedinvulnerabilityanalysisand offensivesecuritybutrecentlyswitchedhisfocusthedefensivesidetodevelop mitigationsandcountermeasures.Collinreceivedaph.D.incomputerscience fromTechnischeUniversitatBerlin;earlierhecompletedhisM.S.andB.s.in computerscienceatuCsantabarbaraandfhdarmstadt Ridley(ashiscolleaguesrefertohim)isasecurityresearcherandauthorwith morethan10yearsofexperienceinsoftwaredevelopment,softwaresecurity,and reverseengineering.InthatlastfewyearsStephenhaspresentedhisresearch andspokenaboutreverseengineeringandsoftwaresecurityoneverycontinent (exceptAntarctica).PreviouslyStephenservedastheChiefInformationSecurity Officerofsimple.comanewkindofonlinebank.beforethatstephenwas seniorresearcheratmatasanoSecurityandafoundingmemberofthesecurity andMissionAssurance(SMa)groupatamajorU.sdefensecontractor,where hespecializedinvulnerabilityresearch,reverseengineering,and"offensive software"insupportoftheU.S.DefenseandIntelligencecommunity.Atpres- ent,StephenisprincipalresearcheratXipiter(aninformationsecurityr&D firmthathasalsodevelopedanewkindoflow-powersmart-sensordevice) Recently,StephenandhisworkhavebeenfeaturedonNPRandNBCandin Wired,theWashingtonPost,FastCompany,VentureBeat,Slashdot,TheRegister,and otherpublications GeorgWicherskiisSeniorSecurityResearcheratCrowdStrikeGeorg particularlyenjoystinkeringwiththelow-levelpartsincomputersecurity hand-tuningcustom-writtenshellcodeandgettingthelastpercentinexploit reliabilitystable.BeforejoiningCrowdStrike,GeorgworkedatKasperskyand McAfee.AtBlackHatUSA2012,Joshuaandgeorgdemonstratedsuccessfully exploitingtheAndroid4.0.1browserviaNFC.HespokeatREcon,SyScan, BlackHatUSAandJapan,26C3,ph-Neutral,INBOT,andvariousotherconfer ences.WithhislocalctfteamOldEurOpe,heparticipatedincountlessandwon numerouscompetitions ffirsindd01:50:14:PM02/28/2014Pagevi Aboutthetechnicaleditor Robshimonski( )isabest-sellingauthorandeditorwith over15yearsexperiencedeveloping,producinganddistributingprintmedia intheformofbooks,magazines,andperiodicals.Todate,robhassuccessfully createdover100booksthatarecurrentlyincirculation.Robhasworkedfor countlesscompaniesthatincludeCompTIA,Microsoft,Wiley,McGrawHill Education,Cisco,theNationalSecurityAgency,anddigidesign Robhasover20yearsexperienceworkinginIT,networking,systems,and security.HeisaveteranoftheUSmilitaryandhasbeenentrenchedinsecurity topicsforhisentireprofessionalcareer.Inthemilitaryrobwasassignedtoa communications(radio)battalionsupportingtrainingeffortsandexercises Havingworkedwithmobilephonespracticallysincetheirinception,Robisan expertinmobilephonedevelopmentandsecurity ffirsindd01:50:14PM02/28/2014 ffirsindd01:50:14:PM02/28/2014Pageviii