Android Tamer BH USA 2016 : Arsenal Presentation
-
Upload
anant-shrivastava -
Category
Technology
-
view
701 -
download
4
Transcript of Android Tamer BH USA 2016 : Arsenal Presentation
![Page 1: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/1.jpg)
ANDROID TAMER
![Page 2: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/2.jpg)
WHAT IS ANDROID TAMERSingle Point of Reference / Resources for Android
Contains
1. Virtual machine for Android (Security) Professionals2. Debian 8 Compatible Tools Repository3. Custom Emulator for arm devices (Work In Progress)4. f-droid repository of tools (Work in Progress)5. Documentation (tools.androidtamer.com) (ever evolving)6. KnowledgeBase (kb.androidtamer.com) (Work in Progress)
![Page 3: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/3.jpg)
WHO USES ANDROID TAMER1. Trainers2. Security professionals3. Developers4. iOT Hackers
Friendly Plug
Catch Sneha Rajguru using AndroidTamer atBSidesLV (whole day 3 Aug 2016)Defcon Workshop (5 Aug 2016 : 10 AM - 2 PM)
Catch Anto Joseph using AndroidTamer with Droid-FF atArsenal Booth (4 Aug 2016 - 2 PM - 3:50 PM)Defcon Workshop (6 Aug 2016 : 2 PM - 6 PM)
![Page 4: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/4.jpg)
OPENSOURCE ALL THE WAY1. Automated VM Building Process : Vagrant Ansible script
( )2. Automated Debian Package Building Scripts
( )3. Documentation source markdown ( )4. Open to all 5. To be added
1. APK repository2. apk building process3. emulator building process4. Live ISO Creation5. and more
https://github.com/AndroidTamer/VagrantBuild
https://github.com/AndroidTamer/Packaging_Toolshttps://github.com/AndroidTamer/Tools
https://github.com/AndroidTamer
![Page 5: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/5.jpg)
VIRTUAL MACHINESwiss Army knife for Android Security Professionals.
Supports
VirtualBoxVMWareVagrant / Ansible
![Page 6: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/6.jpg)
WHYSaves time while
Finding and installing toolsConfiguring themEnsuring all other tools are still workingMultiple language versions (java, python, perl, ruby more)Managing updates of each tool
![Page 7: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/7.jpg)
TOOLS INCLUDE1. adb / fastboot / android-sdk2. dex2jar / enjarify3. apktool4. jad / jd-gui / jadx / jadx-gui5. drozer / MobSF / jaadas6. DFF / ddrescueview7. SQLiteManager / SQLiteMan8. Burp Free / OWASP-ZAP9. pidcat
10. Droid-FF (Fuzzing Framework)11. dextra, simplify, imgtool12. and more....
![Page 8: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/8.jpg)
CUSTOM FEATURES1. Easy Management of multiple devices2. One liner commands (apk2java, drozer_start etc)3. Scripts for automated analysis4. So�ware update managed over apt-get repository (alpha phase)
( )5. All Tools pre-configured in PATH (no need to switch directories)6. ZSH with autosuggestion
http://repo.androidtamer.com/
![Page 9: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/9.jpg)
TOOLS REPOSITORY
![Page 10: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/10.jpg)
REPOSITORY IN USE
![Page 11: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/11.jpg)
THAT'S NOT IT
![Page 13: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/13.jpg)
FB/ANDROIDTAMER
![Page 14: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/14.jpg)
SECURITY ENHANCEMENTS
https://kb.androidtamer.com/android_security_enhancement/
![Page 15: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/15.jpg)
LEARN ANDROID
https://androidtamer.com/learn_android_security
![Page 16: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/16.jpg)
DEMO TIME1. Application decompiling2. Automated assessment (drozer_checks)3. Multi devices management (adb list)4. MobSF5. Droid Fuzzing Framework6. Build / Enhance your own Distro (Debian compatible Repository)
![Page 17: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/17.jpg)
DEMO: APK2JAVA
![Page 18: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/18.jpg)
DEMO: DROZER_CHECK
![Page 19: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/19.jpg)
DEMO: ADB LIST
1. Add entries in ~/.adb_list2. format of entries "ABC;SERIALNO"3. echo "abc;1234567890" >> ~/.adb_list
![Page 20: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/20.jpg)
DEMO: MOBSF
![Page 21: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/21.jpg)
DEMO: DROID-FF
![Page 22: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/22.jpg)
BUILD YOUR OWN
![Page 23: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/23.jpg)
PACKAGE REPOSITORY
![Page 24: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/24.jpg)
HOW TO CONTRIBUTE1. Test the tools, suggest changes or improvements / enhancements2. Use / Promote / Write about the tool3. Add tools : 4. Report / track / suggest / fix Issues5. Test Repo on ( ) other distributions (Kali /
Ubuntu / other pentest distro and more )
https://github.com/AndroidTamer/Packaging_Tools/Build
https://repo.androidtamer.com
Report all issues( )https://github.com/AndroidTamer/Tools_Repository/issues
How to setup : ( )https://tools.androidtamer.com/General/repo_configure/
![Page 25: Android Tamer BH USA 2016 : Arsenal Presentation](https://reader030.fdocuments.us/reader030/viewer/2022012313/58f275151a28ab734c8b45b5/html5/thumbnails/25.jpg)
THANKS
Follow @AndroidTamer for all Updates