Abstract image of a woman sitting on books and studying on a laptop

Android Security Development - Part 2: Malicious Android App Dynamic Analyzing System

Cheng-Yi Yu, profile picture
Cheng-Yi Yu

The document is a detailed guide on dynamic analysis of malicious Android applications, specifically focusing on setting up a development environment and building the Android Open Source Project (AOSP). It provides step-by-step instructions for installing necessary software, downloading AOSP, and configuring the Nexus 5 device for testing. Additionally, it addresses monitoring and modifying Android code to assist in the analysis of app behavior and potential security threats.

Software
1 of 65
Downloaded 149 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Android Security Development PART 2 – Malicious Android App Dynamic Analyzing System SEAN
Sean • Developer • erinus.startup@gmail.com • https://www.facebook.com/erinus
You Need... • Hardware • Phone • Google Nexus 4 • Google Nexus 5 • Tablet • Google Nexus 7 • Google Nexus 9
You Still Need... • Software • Virtual Machine • VMware Workstation • VirtualBox • Operating System • Ubuntu Desktop14.04
Build Nexus 5 Image
[1] Install Ubuntu 14.04 # create user named "user" > sudo apt-get update > sudo apt-get install vim less gcc g++ make build- essential binutils wget ssh openssh-server openssh- client zip unzip perl python rsync git openssl > sudo apt-get upgrade > sudo apt-get dist-upgrade > sudo apt-get autoclean > sudo apt-get autoremove > sudo rm –f /var/cache/apt/archives/*.deb
[2] Build Environment for 4.x > sudo apt-get install git gnupg flex bison gperf build-essential zip curl libc6-dev libncurses5- dev:i386 x11proto-core-dev libx11-dev:i386 libreadline6-dev:i386 libgl1-mesa-glx:i386 libgl1-mesa-dev gcc-multilib g++-multilib mingw32 tofrodos python-markdown libxml2-utils xsltproc zlib1g-dev:i386 > sudo ln -s /usr/lib/i386-linux- gnu/mesa/libGL.so.1 /usr/lib/i386-linux- gnu/libGL.so > sudo apt-get install python-software-properties > sudo add-apt-repository ppa:webupd8team/java > sudo apt-get update > sudo apt-get install oracle-java6-installer
[2] Build Environment for 5.x > sudo apt-get install git gnupg flex bison gperf build-essential zip curl libc6-dev libncurses5- dev:i386 x11proto-core-dev libx11-dev:i386 libreadline6-dev:i386 libgl1-mesa-glx:i386 libgl1-mesa-dev gcc-multilib g++-multilib mingw32 tofrodos python-markdown libxml2-utils xsltproc zlib1g-dev:i386 > sudo ln -s /usr/lib/i386-linux- gnu/mesa/libGL.so.1 /usr/lib/i386-linux- gnu/libGL.so > sudo apt-get install openjdk-7-jdk
[3] AOSP Environment > cd ~ > mkdir ~/aosp > mkdir ~/aosp/bin > PATH=~/aosp/bin:$PATH > curl https://storage.googleapis.com/git-repo- downloads/repo > ~/aosp/bin/repo > chmod a+x ~/aosp/bin/repo > curl https://storage.googleapis.com/git-repo- downloads/repo > ~/aosp/bin/repo > chmod a+x ~/aosp/bin/repo > git config --global user.email "user@USER" > git config --global user.name "user"
[4] Download AOSP > mkdir ~/aosp/src > cd ~/aosp/src > repo init -u https://android.googlesource.com/platform/manifest -b android-4.4.4_r2.0.1 > sudo sysctl -w net.ipv4.tcp_window_scaling=0 # -j(?) means amount of thread(cores) used > repo sync -j1
[6] Download Nexus 5 Driver > cd ~/aosp/src > wget https://dl.google.com/dl/android/aosp/broadcom- hammerhead-ktu84p-5a5bf60e.tgz > wget https://dl.google.com/dl/android/aosp/lge- hammerhead-ktu84p-49419c39.tgz > wget https://dl.google.com/dl/android/aosp/qcom- hammerhead-ktu84p-f159eadf.tgz > tar xzvf broadcom-hammerhead-ktu84p-5a5bf60e.tgz > tar xzvf lge-hammerhead-ktu84p-49419c39.tgz > tar xzvf qcom-hammerhead-ktu84p-f159eadf.tgz
[7] Import Nexus 5 Driver > cd ~/aosp/src > ./extract-broadcom-hammerhead.sh > ./extract-lge-hammerhead.sh > ./extract-qcom-hammerhead.sh
[5] Build AOSP > cd ~/aosp/src > source build/envsetup.sh > lunch aosp_hammerhead-userdebug > make –j1
[8] Download Android SDK • Android SDK Platform-tools • SDK Build-tools
[9] Flash Image Onto Device > export ANDROID_PRODUCT_OUT=/home/user/aosp/src/out/target /product/hammerhead > fastboot erase boot > fastboot erase cache > fastboot erase recovery > fastboot erase system > fastboot erase userdata > fastboot flash boot boot.img > fastboot flash cache cache.img > fastboot flash recovery recovery.img > fastboot flash system system.img > fastboot flash userdata userdata.img
The Walking Deadveloper Orz...
Find Java Base Class Library libcore/luni/src/main/java
Find Android Base Class Library frameworks/base/core/java
Find Android ADB system/core/adb
Android Image Modification > source build/envsetup.sh > lunch aosp_hammerhead-userdebug > make update-api > make –j1
Android ADB Modification # Build for Windows > sudo apt-get install mingw-w64 > cd ~/aosp/src > make USE_MINGW=yes adb showcommands # Build for Linux > cd ~/aosp/src > make adb showcommands
Customize Logcat
[1] Start... 1. Android developers use "Log.d / Log.e / ..." to read messages. http://developer.android.com/reference/android/ util/Log.html 2. So, monitor "Log.d / Log.e / ..."? No, it's not enough! Why?
[2] Base Knowledge 3. Android Architecture Log.d ?
[3] View Source Code 4. Android Source Online https://android.googlesource.com 5. Search Android Source Online http://code.metager.de/source/xref/android/4.4/ http://grepcode.com/project/repository.grepcode .com/java/ext/com.google.android/android
[4] Where? 6. Search Possible Occurrence
[4] Where? 7. System.java
[4] Where? 7. System.java CLICK
[5] Got You! 8. System.java
[6] Java – JNI – C++ 9. Java /libcore/luni/src/main/java/java/ JNI /libcore/luni/src/main/native/
[7] JNI – C++ 10. java_lang_System.cpp
[8] Modify... 11. Patch java_lang_System.cpp
[8] Modify... 11. Patch java_lang_System.cpp ADD
[8] Modify... 11. Patch java_lang_System.cpp ADD
[8] Modify... 11. Patch java_lang_System.cpp MODIFY MODIFY
[8] Modify... 11. Patch java_lang_System.cpp
[9] Modify... 12. Patch System.java
[9] Modify... 12. Patch System.java ADD ADD
[9] Modify... 12. Patch System.java Create Customized Function: appsandbox(String) ADD
[10] Output > adb logcat –v long appsandbox:V *:S > adb.log # appsandbox:V means "Verbose for Tag:appsandbox“ # *:S means "Silence for Other Tags"
Dive Into Source
First
PID
[1] Why I Need PID? 1. When you try to get package, you get the package name where your called. It's not package name of app! com.td.bookshelf.provider com.td.bookshelf
[2] Get PID 2. import android.os.Process; /frameworks/base/core/java/android/os/Process.j ava
[2] Get PID 3. Process.myPid();
[2] Get PID 3. Process.myPid();
[3] Application 4. import android.app.Application; /frameworks/base/core/java/android/app/Applicat ion.java
[3] Inject Code 5. Monitor onCreate()
[3] Inject Code 6. Monitor onTerminate()
Second
IO Stream
[1] Find Base Class 1. import java.io.InputStream; /libcore/luni/src/main/java/java/io/InputStream .java 2. import java.io.OutputStream; /libcore/luni/src/main/java/java/io/OutputStrea m.java
[2] What Is Necessary? 3. Monitor InputStream
[2] What Is Necessary? 4. Monitor OutputStream
Third
Network
[1] Find Base Class 1. import java.net.URL; /libcore/luni/src/main/java/java/net/URL.java 2. import java.net.URI; /libcore/luni/src/main/java/java/net/URI.java
[2] What Is Necessary? 3. Monitor URL Hook Constructor
[2] What Is Necessary? 3. Monitor URL Hook Constructor
[2] What Is Necessary? 4. Monitor URI Hook Constructor
Demo
Interested On This? Join Me!
Next Part
Malicious Android App Static Analysis

More Related Content

PDF
Network Device Development - Part 4: Firewall 103 ~ Protocol Filter & Payload...
Cheng-Yi Yu
 
PDF
Network Device Development - Part 5: Firewall 104 ~ Packet Splitter
Cheng-Yi Yu
 
PDF
2015.10.05 Updated > Network Device Development - Part 1: Switch
Cheng-Yi Yu
 
PDF
2015.10.05 Updated > Network Device Development - Part 2: Firewall 101
Cheng-Yi Yu
 
PDF
Securing the Socks Shop
Jason Smith
 
PPTX
Kali net hunter
Prashanth Sivarajan
 
PPT
Learning AOSP - Android Linux Device Driver
Nanik Tolaram
 
PDF
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)
FFRI, Inc.
 
Network Device Development - Part 4: Firewall 103 ~ Protocol Filter & Payload...
Cheng-Yi Yu
 
Network Device Development - Part 5: Firewall 104 ~ Packet Splitter
Cheng-Yi Yu
 
2015.10.05 Updated > Network Device Development - Part 1: Switch
Cheng-Yi Yu
 
2015.10.05 Updated > Network Device Development - Part 2: Firewall 101
Cheng-Yi Yu
 
Securing the Socks Shop
Jason Smith
 
Kali net hunter
Prashanth Sivarajan
 
Learning AOSP - Android Linux Device Driver
Nanik Tolaram
 
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)
FFRI, Inc.
 

What's hot (20)

PPTX
UEFI Firmware Rootkits: Myths and Reality
Sally Feller
 
PPTX
Доставка зловредов через облака
Positive Hack Days
 
PPT
Android booting sequece and setup and debugging
Utkarsh Mankad
 
PPT
Bigger On The Inside
Michael Carson
 
PPTX
Manage kernel vulnerabilities in the software development lifecycle
SZ Lin
 
PDF
The Dark Side of PowerShell by George Dobrea
EC-Council
 
PDF
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
Sam Bowne
 
PDF
How to Connect MQTT Broker on ESP8266 WiFi
Naoto MATSUMOTO
 
PPTX
System hardening - OS and Application
edavid2685
 
PDF
Firmware hacking, slash the pineapple for fun
idsecconf
 
PPTX
Android Booting Sequence
Jayanta Ghoshal
 
PDF
How to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDK
Naoto MATSUMOTO
 
PDF
Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...
FFRI, Inc.
 
PPTX
IOS Security Basics - NULL/ OWASP/G4H Meet
Anthony Jose
 
PDF
install mosquitto-auth-plug - cheat sheet -
Naoto MATSUMOTO
 
PPT
Learning AOSP - Android Booting Process
Nanik Tolaram
 
PDF
[ELCE] Activities of super long term support kernel workgroup in civil infras...
SZ Lin
 
PDF
CentOS Linux Server Hardening
MyOwn Telco
 
PDF
Learning notes on Open Source License
SZ Lin
 
DOC
Taishaun_OwnensCNS-533_Lab
Taishaun Owens
 
UEFI Firmware Rootkits: Myths and Reality
Sally Feller
 
Доставка зловредов через облака
Positive Hack Days
 
Android booting sequece and setup and debugging
Utkarsh Mankad
 
Bigger On The Inside
Michael Carson
 
Manage kernel vulnerabilities in the software development lifecycle
SZ Lin
 
The Dark Side of PowerShell by George Dobrea
EC-Council
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
Sam Bowne
 
How to Connect MQTT Broker on ESP8266 WiFi
Naoto MATSUMOTO
 
System hardening - OS and Application
edavid2685
 
Firmware hacking, slash the pineapple for fun
idsecconf
 
Android Booting Sequence
Jayanta Ghoshal
 
How to Install nRF51 IPv6 over Bluetooth using MDK-ARM+IoT SDK
Naoto MATSUMOTO
 
Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...
FFRI, Inc.
 
IOS Security Basics - NULL/ OWASP/G4H Meet
Anthony Jose
 
install mosquitto-auth-plug - cheat sheet -
Naoto MATSUMOTO
 
Learning AOSP - Android Booting Process
Nanik Tolaram
 
[ELCE] Activities of super long term support kernel workgroup in civil infras...
SZ Lin
 
CentOS Linux Server Hardening
MyOwn Telco
 
Learning notes on Open Source License
SZ Lin
 
Taishaun_OwnensCNS-533_Lab
Taishaun Owens
 
Ad

Viewers also liked (20)

PDF
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthinkspa
 
PDF
2015.04.24 Updated > Android Security Development - Part 1: App Development
Cheng-Yi Yu
 
PDF
Deep Dive Into Android Security
Marakana Inc.
 
PDF
Testing Android Security Codemotion Amsterdam edition
Jose Manuel Ortega Candel
 
PDF
Brief Tour about Android Security
National Cheng Kung University
 
PDF
Android Security Development
hackstuff
 
PPTX
Understanding android security model
Pragati Rai
 
PPTX
Android security
Midhun P Gopi
 
PPTX
Owasp web security
Pankaj Kumar Sharma
 
PPTX
Web application Security
Lee C
 
PDF
OWASP Top 10 Overview
PiTechnologies
 
PDF
Application Security around OWASP Top 10
Sastry Tumuluri
 
PDF
Web application security (RIT 2014, rus)
Maksim Kochkin
 
PDF
End to end web security
George Boobyer
 
PDF
Web security: OWASP project, CSRF threat and solutions
Fabio Lombardi
 
PDF
Secure Password Storage & Management
Sastry Tumuluri
 
PDF
Threat Modeling for Web Applications (and other duties as assigned)
Mike Tetreault
 
PPTX
[Wroclaw #1] Android Security Workshop
OWASP
 
PPT
Owasp Top 10
Shivam Porwal
 
PPTX
Security threats in Android OS + App Permissions
Hariharan Ganesan
 
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthinkspa
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
Cheng-Yi Yu
 
Deep Dive Into Android Security
Marakana Inc.
 
Testing Android Security Codemotion Amsterdam edition
Jose Manuel Ortega Candel
 
Brief Tour about Android Security
National Cheng Kung University
 
Android Security Development
hackstuff
 
Understanding android security model
Pragati Rai
 
Android security
Midhun P Gopi
 
Owasp web security
Pankaj Kumar Sharma
 
Web application Security
Lee C
 
OWASP Top 10 Overview
PiTechnologies
 
Application Security around OWASP Top 10
Sastry Tumuluri
 
Web application security (RIT 2014, rus)
Maksim Kochkin
 
End to end web security
George Boobyer
 
Web security: OWASP project, CSRF threat and solutions
Fabio Lombardi
 
Secure Password Storage & Management
Sastry Tumuluri
 
Threat Modeling for Web Applications (and other duties as assigned)
Mike Tetreault
 
[Wroclaw #1] Android Security Workshop
OWASP
 
Owasp Top 10
Shivam Porwal
 
Security threats in Android OS + App Permissions
Hariharan Ganesan
 
Ad

Similar to Android Security Development - Part 2: Malicious Android App Dynamic Analyzing System (20)

PDF
Working with the AOSP - Linaro Connect Asia 2013
Opersys inc.
 
PDF
An Introduction To Android
natdefreitas
 
PPTX
Android build on windows
Addweup
 
PDF
Discover System Facilities inside Your Android Phone
National Cheng Kung University
 
PDF
Android Platform Debugging & Development
Qualcomm Developer Network
 
PDF
Deep Dive into the AOSP
Dr. Ketan Parmar
 
PDF
Inside Android's UI at AnDevCon IV
Opersys inc.
 
PDF
Core Android
Dominik Helleberg
 
PDF
Android 5.0 Lollipop platform change investigation report
hidenorly
 
PDF
Droidcon uk2012 androvm
dfages
 
PDF
Android Internals
Opersys inc.
 
PDF
Android Platform Debugging and Development
Opersys inc.
 
PDF
Android Platform Debugging and Development at ABS 2014
Opersys inc.
 
PDF
Building aosp
gvercoutere
 
PDF
Introduction to Android ROM cooking, part of my AnDevCon workshop (AnDevCon S...
Ron Munitz
 
PDF
Android OS Porting: Introduction
Jollen Chen
 
PDF
Android Platform Debugging and Development at ELCE 2013
Opersys inc.
 
PDF
Android Platform Debugging and Development
Opersys inc.
 
PDF
Android Platform Debugging and Development
Opersys inc.
 
PDF
Lecture02web 140phpapp01
letuan9999
 
Working with the AOSP - Linaro Connect Asia 2013
Opersys inc.
 
An Introduction To Android
natdefreitas
 
Android build on windows
Addweup
 
Discover System Facilities inside Your Android Phone
National Cheng Kung University
 
Android Platform Debugging & Development
Qualcomm Developer Network
 
Deep Dive into the AOSP
Dr. Ketan Parmar
 
Inside Android's UI at AnDevCon IV
Opersys inc.
 
Core Android
Dominik Helleberg
 
Android 5.0 Lollipop platform change investigation report
hidenorly
 
Droidcon uk2012 androvm
dfages
 
Android Internals
Opersys inc.
 
Android Platform Debugging and Development
Opersys inc.
 
Android Platform Debugging and Development at ABS 2014
Opersys inc.
 
Building aosp
gvercoutere
 
Introduction to Android ROM cooking, part of my AnDevCon workshop (AnDevCon S...
Ron Munitz
 
Android OS Porting: Introduction
Jollen Chen
 
Android Platform Debugging and Development at ELCE 2013
Opersys inc.
 
Android Platform Debugging and Development
Opersys inc.
 
Android Platform Debugging and Development
Opersys inc.
 
Lecture02web 140phpapp01
letuan9999
 

Recently uploaded (20)

PPTX
CNN LeNet5 Architecture: Neural Networks
DrRPonnusamyCIT
 
PPTX
Matchmaking for JVMs: How to Pick the Perfect GC Partner
Tier1 app
 
PDF
The Dynamic Duo Transforming Financial Accounting Systems Through Modern Expe...
Triforce Global
 
PPTX
Tech Workshop Escape Room Tech Workshop
muthuiyad
 
PDF
How Tridens DevSecOps Ensures Compliance, Security, and Agility
Tridens
 
PDF
Type Class Derivation in Scala 3 - Jose Luis Pintado Barbero
José Luis Pintado Barbero
 
PPTX
Full-Stack Developer Courses That Actually Land You Jobs
Ask the C Expert
 
DOCX
How to Use SharePoint as an ISO-Compliant Document Management System
Sharepoint Designs
 
PPTX
Python is a high-level, interpreted programming language
kesavansa2002
 
PDF
AI/ML Infra Meetup | LLM Agents and Implementation Challenges
Alluxio, Inc.
 
PDF
Ableton Live Suite for MacOS Crack Full Download (Latest 2025)
hashmi66g66
 
PDF
Introduction to Ragic - #1 No Code Tool For Digitalizing Your Business Proces...
Ragic
 
PPTX
Plex Media Server 1.28.2.6151 With Crac5 2022 Free .
cariaelif911
 
PPTX
Airline CRS | Airline CRS Systems | CRS System
yugababu033
 
PPTX
Computer Software - Technology and Livelihood Education
ShielaGuevarra6
 
PPTX
Cybersecurity: Protecting the Digital World
SURULIAPPANPREMKMAR
 
PPTX
Trending Python Topics for Data Visualization in 2025
IT IDOL Technologies
 
PPTX
Download Adobe Photoshop Crack 2025 Free
kokilasc86
 
PDF
AI-Powered Threat Modeling: The Future of Cybersecurity by Arun Kumar Elengov...
Arun Kumar Elengovan
 
DOC
UTEP毕业证学历认证,宾夕法尼亚克拉里恩大学毕业证未毕业
oqwcyqe
 
CNN LeNet5 Architecture: Neural Networks
DrRPonnusamyCIT
 
Matchmaking for JVMs: How to Pick the Perfect GC Partner
Tier1 app
 
The Dynamic Duo Transforming Financial Accounting Systems Through Modern Expe...
Triforce Global
 
Tech Workshop Escape Room Tech Workshop
muthuiyad
 
How Tridens DevSecOps Ensures Compliance, Security, and Agility
Tridens
 
Type Class Derivation in Scala 3 - Jose Luis Pintado Barbero
José Luis Pintado Barbero
 
Full-Stack Developer Courses That Actually Land You Jobs
Ask the C Expert
 
How to Use SharePoint as an ISO-Compliant Document Management System
Sharepoint Designs
 
Python is a high-level, interpreted programming language
kesavansa2002
 
AI/ML Infra Meetup | LLM Agents and Implementation Challenges
Alluxio, Inc.
 
Ableton Live Suite for MacOS Crack Full Download (Latest 2025)
hashmi66g66
 
Introduction to Ragic - #1 No Code Tool For Digitalizing Your Business Proces...
Ragic
 
Plex Media Server 1.28.2.6151 With Crac5 2022 Free .
cariaelif911
 
Airline CRS | Airline CRS Systems | CRS System
yugababu033
 
Computer Software - Technology and Livelihood Education
ShielaGuevarra6
 
Cybersecurity: Protecting the Digital World
SURULIAPPANPREMKMAR
 
Trending Python Topics for Data Visualization in 2025
IT IDOL Technologies
 
Download Adobe Photoshop Crack 2025 Free
kokilasc86
 
AI-Powered Threat Modeling: The Future of Cybersecurity by Arun Kumar Elengov...
Arun Kumar Elengovan
 
UTEP毕业证学历认证,宾夕法尼亚克拉里恩大学毕业证未毕业
oqwcyqe
 

Android Security Development - Part 2: Malicious Android App Dynamic Analyzing System

  • 1. Android Security Development PART 2 – Malicious Android App Dynamic Analyzing System SEAN
  • 2. Sean • Developer • [email protected] https://www.facebook.com/erinus
  • 3. You Need... • Hardware • Phone • Google Nexus 4 • Google Nexus 5 • Tablet • Google Nexus 7 • Google Nexus 9
  • 4. You Still Need... • Software • Virtual Machine • VMware Workstation • VirtualBox • Operating System • Ubuntu Desktop14.04
  • 6. [1] Install Ubuntu 14.04 # create user named "user" > sudo apt-get update > sudo apt-get install vim less gcc g++ make build- essential binutils wget ssh openssh-server openssh- client zip unzip perl python rsync git openssl > sudo apt-get upgrade > sudo apt-get dist-upgrade > sudo apt-get autoclean > sudo apt-get autoremove > sudo rm –f /var/cache/apt/archives/*.deb
  • 7. [2] Build Environment for 4.x > sudo apt-get install git gnupg flex bison gperf build-essential zip curl libc6-dev libncurses5- dev:i386 x11proto-core-dev libx11-dev:i386 libreadline6-dev:i386 libgl1-mesa-glx:i386 libgl1-mesa-dev gcc-multilib g++-multilib mingw32 tofrodos python-markdown libxml2-utils xsltproc zlib1g-dev:i386 > sudo ln -s /usr/lib/i386-linux- gnu/mesa/libGL.so.1 /usr/lib/i386-linux- gnu/libGL.so > sudo apt-get install python-software-properties > sudo add-apt-repository ppa:webupd8team/java > sudo apt-get update > sudo apt-get install oracle-java6-installer
  • 8. [2] Build Environment for 5.x > sudo apt-get install git gnupg flex bison gperf build-essential zip curl libc6-dev libncurses5- dev:i386 x11proto-core-dev libx11-dev:i386 libreadline6-dev:i386 libgl1-mesa-glx:i386 libgl1-mesa-dev gcc-multilib g++-multilib mingw32 tofrodos python-markdown libxml2-utils xsltproc zlib1g-dev:i386 > sudo ln -s /usr/lib/i386-linux- gnu/mesa/libGL.so.1 /usr/lib/i386-linux- gnu/libGL.so > sudo apt-get install openjdk-7-jdk
  • 9. [3] AOSP Environment > cd ~ > mkdir ~/aosp > mkdir ~/aosp/bin > PATH=~/aosp/bin:$PATH > curl https://storage.googleapis.com/git-repo- downloads/repo > ~/aosp/bin/repo > chmod a+x ~/aosp/bin/repo > curl https://storage.googleapis.com/git-repo- downloads/repo > ~/aosp/bin/repo > chmod a+x ~/aosp/bin/repo > git config --global user.email "user@USER" > git config --global user.name "user"
  • 10. [4] Download AOSP > mkdir ~/aosp/src > cd ~/aosp/src > repo init -u https://android.googlesource.com/platform/manifest -b android-4.4.4_r2.0.1 > sudo sysctl -w net.ipv4.tcp_window_scaling=0 # -j(?) means amount of thread(cores) used > repo sync -j1
  • 11. [6] Download Nexus 5 Driver > cd ~/aosp/src > wget https://dl.google.com/dl/android/aosp/broadcom- hammerhead-ktu84p-5a5bf60e.tgz > wget https://dl.google.com/dl/android/aosp/lge- hammerhead-ktu84p-49419c39.tgz > wget https://dl.google.com/dl/android/aosp/qcom- hammerhead-ktu84p-f159eadf.tgz > tar xzvf broadcom-hammerhead-ktu84p-5a5bf60e.tgz > tar xzvf lge-hammerhead-ktu84p-49419c39.tgz > tar xzvf qcom-hammerhead-ktu84p-f159eadf.tgz
  • 12. [7] Import Nexus 5 Driver > cd ~/aosp/src > ./extract-broadcom-hammerhead.sh > ./extract-lge-hammerhead.sh > ./extract-qcom-hammerhead.sh
  • 13. [5] Build AOSP > cd ~/aosp/src > source build/envsetup.sh > lunch aosp_hammerhead-userdebug > make –j1
  • 14. [8] Download Android SDK • Android SDK Platform-tools • SDK Build-tools
  • 15. [9] Flash Image Onto Device > export ANDROID_PRODUCT_OUT=/home/user/aosp/src/out/target /product/hammerhead > fastboot erase boot > fastboot erase cache > fastboot erase recovery > fastboot erase system > fastboot erase userdata > fastboot flash boot boot.img > fastboot flash cache cache.img > fastboot flash recovery recovery.img > fastboot flash system system.img > fastboot flash userdata userdata.img
  • 17. Find Java Base Class Library libcore/luni/src/main/java
  • 18. Find Android Base Class Library frameworks/base/core/java
  • 20. Android Image Modification > source build/envsetup.sh > lunch aosp_hammerhead-userdebug > make update-api > make –j1
  • 21. Android ADB Modification # Build for Windows > sudo apt-get install mingw-w64 > cd ~/aosp/src > make USE_MINGW=yes adb showcommands # Build for Linux > cd ~/aosp/src > make adb showcommands
  • 23. [1] Start... 1. Android developers use "Log.d / Log.e / ..." to read messages. http://developer.android.com/reference/android/ util/Log.html 2. So, monitor "Log.d / Log.e / ..."? No, it's not enough! Why?
  • 24. [2] Base Knowledge 3. Android Architecture Log.d ?
  • 25. [3] View Source Code 4. Android Source Online https://android.googlesource.com 5. Search Android Source Online http://code.metager.de/source/xref/android/4.4/ http://grepcode.com/project/repository.grepcode .com/java/ext/com.google.android/android
  • 26. [4] Where? 6. Search Possible Occurrence
  • 29. [5] Got You! 8. System.java
  • 30. [6] Java – JNI – C++ 9. Java /libcore/luni/src/main/java/java/ JNI /libcore/luni/src/main/native/
  • 31. [7] JNI – C++ 10. java_lang_System.cpp
  • 32. [8] Modify... 11. Patch java_lang_System.cpp
  • 33. [8] Modify... 11. Patch java_lang_System.cpp ADD
  • 34. [8] Modify... 11. Patch java_lang_System.cpp ADD
  • 35. [8] Modify... 11. Patch java_lang_System.cpp MODIFY MODIFY
  • 36. [8] Modify... 11. Patch java_lang_System.cpp
  • 37. [9] Modify... 12. Patch System.java
  • 38. [9] Modify... 12. Patch System.java ADD ADD
  • 39. [9] Modify... 12. Patch System.java Create Customized Function: appsandbox(String) ADD
  • 40. [10] Output > adb logcat –v long appsandbox:V *:S > adb.log # appsandbox:V means "Verbose for Tag:appsandbox“ # *:S means "Silence for Other Tags"
  • 42. First
  • 43. PID
  • 44. [1] Why I Need PID? 1. When you try to get package, you get the package name where your called. It's not package name of app! com.td.bookshelf.provider com.td.bookshelf
  • 45. [2] Get PID 2. import android.os.Process; /frameworks/base/core/java/android/os/Process.j ava
  • 46. [2] Get PID 3. Process.myPid();
  • 47. [2] Get PID 3. Process.myPid();
  • 48. [3] Application 4. import android.app.Application; /frameworks/base/core/java/android/app/Applicat ion.java
  • 49. [3] Inject Code 5. Monitor onCreate()
  • 50. [3] Inject Code 6. Monitor onTerminate()
  • 53. [1] Find Base Class 1. import java.io.InputStream; /libcore/luni/src/main/java/java/io/InputStream .java 2. import java.io.OutputStream; /libcore/luni/src/main/java/java/io/OutputStrea m.java
  • 54. [2] What Is Necessary? 3. Monitor InputStream
  • 55. [2] What Is Necessary? 4. Monitor OutputStream
  • 56. Third
  • 58. [1] Find Base Class 1. import java.net.URL; /libcore/luni/src/main/java/java/net/URL.java 2. import java.net.URI; /libcore/luni/src/main/java/java/net/URI.java
  • 59. [2] What Is Necessary? 3. Monitor URL Hook Constructor
  • 60. [2] What Is Necessary? 3. Monitor URL Hook Constructor
  • 61. [2] What Is Necessary? 4. Monitor URI Hook Constructor
  • 62. Demo