Linking to, hinting at, suggesting etc pirated material in this thread, or even this forum, will likely get you a ban from XDA. Some of these resources are not free, in fact some are expensive, but free or cheap alternatives are listed.
This is not an exhaustive list. It is missing things that should be here, even things I have written myself. Please let me know if you have something to add.
Please send me more material to post (no pirated stuff!)
Books:
Android Internals:ower User's View
Android Security Internals
Android Hacker's Handbook
Trainings:
Practical Android Exploitation by Jon 'jcase' Sawyer
RedNaga Training by Tim 'diff' Strazzere, Caleb Fenton and Jon 'jcase' Sawyer
Write Ups:
Foxconn Bootloader Backdoor (Pork Explosion) by Jon 'jcase' Sawyer
Analyzing the WeakSauce Exploit by Jonathan Levin
TrustNone TrustZone Exploit by @beaups
SamDuck Samsung emmc/Bootloader Exploit by @beaups
HTC Desire 310 root backdoor by Tim 'diff' Strazzere and Jon 'jcase' Sawyer
Tools:
Frida - Free
Smali/baksmali - Free
APKTool - Free
JEB - $$
IDA Pro - $$
Binary Ninja - $
Write Up:
bits-please.blogspot.com - @laginimaineb's blog.
Great stuff on TrustZone and more.
Wiki:
droidsec.org/wiki has a ton of resources for Android security.
Hardened Android:
https://github.com/copperhead
https://github.com/copperheados
Maybe interesting for you:
https://github.com/android-security
Pure AOSP 4.4 & 5.1 patched until 2016-10-01 android security patch level (3 or 4 commits missing on 4.4 because of some libpng changes, need to take another look on it).
Bunch of kernel CVE fixes http://forum.xda-developers.com/showpost.php?p=69382178&postcount=2
http://elinux.org/Android_Portal
It is a good website ...please check it out , thanks.
-thecoolster
Another series for Android Security
https://github.com/ashishb/android-security-awesome
Great post. Thanks for resources.
Awesome post! Thanks!
It's a shame that stuff like IDA Pro is so expensive, if it was more accesible a lot more people will use it and we would get more interesting stuff I think
What about
https://mobilesecuritywiki.com/
RusherDude said:
Awesome post! Thanks!
It's a shame that stuff like IDA Pro is so expensive, if it was more accesible a lot more people will use it and we would get more interesting stuff I think
Click to expand...
Click to collapse
IDA Pro has a demo, but you can also look at hopper and binary ninja, both priced far lower.
radare2 is also an option, ive not used it so i havent listed it
Thank you for the excellent post jcase!! I have been looking to further my understanding of android security concepts for quite some time now, but never find I have enough time to scour the web for the solid resources I need. I have been engrossed in your 'Practical Android Exploitation' pdf for the past hour now. I hope you know how much this community appreciates your contributions!
Edit: sorry for the misleading comment!~
Do you guys have any recommend info on reverse engineering, particularly ARM disassembly?
I'll be looking for resources myself but was wondering if you've come across any good info in that area.
Awesome thanks
Thanks for the info!
Matt07211 said:
Do you guys have any recommend info on reverse engineering, particularly ARM disassembly?
I'll be looking for resources myself but was wondering if you've come across any good info in that area.
Click to expand...
Click to collapse
This is a fun tool but not exactly reverse engineering.
https://retdec.com/decompilation/
The official ARM resources are good for basics
http://infocenter.arm.com/help/?topic=/com.arm.doc.dui0068b/CIHEDHIF.html
Here is some latest collection on - Awesome Android Security (Books, bug bounty, courses, tools, labs, talks, write-ups, cheat sheet, blogs). Might by helpful for someone.
github.com/saeidshirazi/awesome-android-security
^nice collection reference!
Related
Android was announce as Open Source 6 hours ago.
Anybody now can download and work over Android.
http://source.android.com/
Let's work together to bring the Android to our loved Elf(in)!
Good luck!
Sry for the english.
Android is now available as open source
Oct 21, 2008 7:52 AM posted by Dave Bort [updated Oct 21, 2008 9:59 AM by Dave Bort]
Today is a big day for Android, the Open Handset Alliance, and the open-source community. All of the work that we've poured into the mobile platform is now officially available, for free, as the Android Open Source Project.
You'll be hearing a lot about Android devices. We've all put a lot of effort into the first Android device, and I'm really happy with the way it turned out. But one device is just the beginning.
Android is not a single piece of hardware; it's a complete, end-to-end software platform that can be adapted to work on any number of hardware configurations. Everything is there, from the bootloader all the way up to the applications. And with an Android device already on the market, it has proven that it has what it takes to truly compete in the mobile arena.
Even if you're not planning to ship a mobile device any time soon, Android has a lot to offer. Interested in working on a speech-recognition library? Looking to do some research on virtual machines? Need an out-of-the-box embedded Linux solution? All of these pieces are available, right now, as part of the Android Open Source Project, along with graphics libraries, media codecs, and some of the best development tools I've ever worked with.
Have a great idea for a new feature? Add it! As an open source project, the best part is that anyone can contribute to Android and influence its direction. And if the platform becomes as ubiquitous as I hope it will, you may end up influencing the future of mobile devices as a whole.
This is an exciting time for Android, and we're just getting started. It takes a lot of work to keep up with the changes in the mobile industry. But we want to do more than just keep up; we want to lead the way, to try things out, to add the new features that everyone else is scrambling to keep up with. But we can't do it without your help.
What will you do with Android?
Damn....i read a bit and then realised this is not gonna work for the Elf
Elfin users yes but not elf......... maybe someone can hack it for elf users or provide a workaround
Please maintain subject line as per posting policy in the announcement. I have edited the same right now in spirit of this discussion. Please bear in mind for further times
Is this just another Siri clone or is it closer to "AI" (define as you will). Is anyone here involved in this?
http://www.kickstarter.com/projects/cogcode/silvia-for-android
I searched "silvia" and "silvia for android" before posting this thread. If this question or topic has been posted before, or if this is in the wrong place, I apologize.
MichaelHaley said:
Is this just another Siri clone or is it closer to "AI" (define as you will). Is anyone here involved in this?
...
I searched "silvia" and "silvia for android" before posting this thread. If this question or topic has been posted before, or if this is in the wrong place, I apologize.
Click to expand...
Click to collapse
Hi Michael,
Prior to our launch of our SILVIA for Android Kickstarter project this past Friday (May 25th), we have been fairly quiet about SILVIA for Android.
So, you may not find much 3rd party information on SILVIA for Android, at least for a while.
However, we will be happy to answer your questions as best we can.
First off, we think that Siri is a fine product.
Of course, we feel we have something different and unique to offer with our technology, otherwise we would not be doing what we're doing.
We think that our context sensitive conversational approach to the user experience is very compelling for many reasons, and we also think it is an important difference that our technology runs natively on mobile devices.
For developers, we are offering an SDK with a rich API, a graphical content development system, and a runtime engine that will allow developers to create new conversational applications for Android that run right on the device. For smaller developers, this is very important because there is no requirement for additional (and expensive) server infrastructure to host the AI.
We think that another important feature is the compactness and efficiency of our runtime. The average SILVIA for Android end-user application clocks in at about 7 or 8 megabytes on the device, and is efficient enough to run in the background without disrupting the performance of most other applications.
We will continue to release more details for developers over the next few weeks as our Kickstarter campaign progresses.
I hope this information helps.
Right on, looks pretty interesting, hope to see it available soon!
CogCode said:
Hi Michael,
Prior to our launch of our SILVIA for Android Kickstarter project this past Friday (May 25th), we have been fairly quiet about SILVIA for Android.
So, you may not find much 3rd party information on SILVIA for Android, at least for a while.
However, we will be happy to answer your questions as best we can.
First off, we think that Siri is a fine product.
Of course, we feel we have something different and unique to offer with our technology, otherwise we would not be doing what we're doing.
We think that our context sensitive conversational approach to the user experience is very compelling for many reasons, and we also think it is an important difference that our technology runs natively on mobile devices.
For developers, we are offering an SDK with a rich API, a graphical content development system, and a runtime engine that will allow developers to create new conversational applications for Android that run right on the device. For smaller developers, this is very important because there is no requirement for additional (and expensive) server infrastructure to host the AI.
We think that another important feature is the compactness and efficiency of our runtime. The average SILVIA for Android end-user application clocks in at about 7 or 8 megabytes on the device, and is efficient enough to run in the background without disrupting the performance of most other applications.
We will continue to release more details for developers over the next few weeks as our Kickstarter campaign progresses.
I hope this information helps.
Click to expand...
Click to collapse
We are definitely covering SILVIA and this project
http://www.androrev.com/2012/05/31/...-why-she-may-just-be-androids-answer-to-siri/
Developer Update!
Just a quick update, we have some more information for Android developers on our Kickstarter project page.
Unfortunately, due to the low post count, we can't post links yet. But a quick look at the first post in this thread should get you there.
In particular, we think there is some great opportunity for game developers, as our SILVIA Core has already been deployed as a conversational intelligence system in 3D training systems for the US Army. But even casual game and apps developers can quickly integrate SILVIA for Android into their projects.
The SILVIA for Android library can be used directly in just about any native Java or Mono for Android project, but as a bonus for you Unity 3D developers, we will be including a Unity 3D compatible version of our SILVIA for Android runtime library as part of the SDK package.
All the best,
The SILVIA for Android Team
what happened?
Sent from my GT-N7000 using Tapatalk 2
Good day community,
Over the past several months, a few of us have been working on a projerct some may be familiar with. We have bundled an add-on to specific BlueStacks versions to allow for a complete Operating System environment, full of communications tools.
We didn't "develop", any of it. We have taken the time to scour the internet and primarily this site to garner the education, information and knowledge to actually bring it to fruition. We would like to say a big THANK YOU to the entire community here. We feel this is am important piece to a software life-cycle where developed information is compiled into a fully functioning system, exposing your people's craftsmanship.
The motive here is a moral one. I have been a communications engineer for 22 years and have seen and done things I thought weren't possible. I have been tasked with trying to develop an education platform technology matrix for schools. Specifically using my innovation abilities to solve problems. I am not a coder, I am more of a script writer. I have found success in making disparate hardware and software work together, and producing middle-ware scripts and functions to technologically solve challenges. In every sector.
I believe I have identified one of the major issues related to student success rates. Basic communications is hindered in many schools, internet cut out, and dictator like classroom regime. I feel communications is the king of industry and whomever has the information the fastest, cheapest, and accurate, wins. This is proven time and time again in capitalism. I feel students should be able to sms, or exchange pictures and peruse social networks, both to each other and their teachers. These are real-world tools, and the primary back-bone of a child's social life. But students need to learn to be accountable for they digital actions,
This "OS" changes things ever so slightly., not every student can afford the gear required to have that type of communication. If every kid could afford an iphone and ipad, than I don't need to do this project. Android on the other hand, little or no cost at all.
I will be deploying Android for Windows across the board. Students will have to setup a Google account and online storage. Copies of AW can be had for their home computer. The environment is the environment kids all love and use, the emulated touch interface is "cool" and the kids can support it and maintain it mostly themselves, and sync it to their PC phones or other devices, but those are NOT required. And no need to upgrade the PC's for a while, BlueStacks is Linux(ish), it's hardware demands are low, and I can keep the PC's at there current level.
I distribute it on thepratebay, another long story for another day, but this is the best way to ensure it stays out there, and the price is right to be able to push it out to the world. We have tirelessly worked to ensure compatibility with the apps the devs release and I know this particular release of AW has restored many of the items BlueStacks cripples
We have started a mini marketing campaign to drum up interest, although modest. And for you devs, this open an ENTIRE new revenue stream you didn't even have before. Making Android the primary OS used.
---------------------------
That's the agenda, I would like to open a support thread for it somewhere on here. I have an armada of info, tools, rootkits, tricks and troubleshooting information that we feel can be valuable to the community. I'll get things posted here ASAP. Anyone that has played with this at all before will be able to appreciate all of the challenges we had to solve.
We did not knowingly disassemble or modify any of the original distribution files of any applications, staying in accordance with about every license agreement on earth.
--------------------------
Looking for some feedback, questions, thoughts, ideas.. have to get 10 posts or something anyway...
Thank you to everyone!
-js
What's the difference between your project and the Android x86 project?
syung said:
What's the difference between your project and the Android x86 project?
Click to expand...
Click to collapse
AFAIK Bluestacks has its own VM, so you doesn't need to install Virtual Machine any more.
I used this for a several months and it helps me to try an application without to send it to any Android device.
If you use Android x86 project, yo need to install it inside a Virtual Machine or make a USB Bootable, and as far I know it has limitations in the Play Store. Only some application that supports the architecture can be downloaded..
The Android x86 project is a piece of this absolutely. What BlueStacks is and what they have done is this:
Taken x86 gingerbread and ad an arm translator inside there. This is very unique, all of the other arm emulations fail out there after you even try to put them to the test with heavier use or apps. Basically the compatibility is just not there.
BlueStacks then added the vm player which is the most sophisticated player there is. Network mounts to shared fordler without installing drivers, and opengl support for limited HD graphics.
What we did
BlueStacks also crippled the hell out of the original ROM. All kinds of things missing that had to be put back in piece by piece, and still ensure compatibility. Some things fine to leave out, other maybe useful.
poring over the information, rooting bluestacks came easy, so we rooted every single v7.x of bluestacks, and began the mountain task of building compatibility. The winners are 7.4 for SD and 7.8 for HD. 7.8 handle the interface scrolling operations WAY better than later revisions. I can tell it was after this rev they forced on Surface Pro support, not back checking compatibility. And 7.4 installs on any machine but drops the arm translator. Still a nice product to put on an old machine, but little support for modern apps, and there won't be
Then doing a fair assessment of applications to do all the tasks one needs, file manipulation, printing, music, calling etc, We've spent over 200 hours trying to get a reliable lock screen, failed on that But we got most of it.
Finally adding and getting gapps to fully function was about like trying to drink a beer while standing on your head, it was like a marathon game of whack mole, we'd fix something, then something else friggen slam us over the head. Then we got to writing script, and adding widows apps like virtual keyboards and mouse to basically be able to run the entire OS with 1 finger as if you were Stephen Hawking.
We had an excellent response to the initial concept stuff version 1.1. It held on to around 400 seeders and 1000 user swam for about a week then began to fizzle. We expect that to triple and estimate 100,000 downloads in the first week. It is my opinion thepiratebay is the most accurate source for demand of anything digital, people that keep a copy and seed, actually really like something, versus an artificial "like" that other sites have and profit from. That's all Trip9d0zen stuff, about removing fake values and replacing it with real information exchange freedoms, so actually all financial can get to a creator, don't want to digress to far in this thread, but there is an ideology we have in common with thee twitters and thepitatebay's who have just the extreme basics of censorship, only to ensure safety, but never manipulated the information. We have evidence and models to change current businesses, and put the devs out in-front of these projects (or the artist selected agents). The more systems Android runs on, more success one can have. And Windows being the biggest, hands down, why not?
We feel this is by far the most compatible Android environment one can use, and can actually be used by anyone as an effective tool.
We know full well that once released, the ungodly amount of app work requests will be at its highest, but that's why I am here, where the devs are.. is this a revenue stream they want to suppport,?
I am personally using it exclusively for all my communications, social media and document creation, I only use windows for video playing files.
Hope that helps answer, here is the info to commercials for it, as our lil-1337s eloquently cranked out, smartasses...
youtube search for js99912
-js
It looks interesting, i'll check that up!
Dexcellium said:
It looks interesting, i'll check that up!
Click to expand...
Click to collapse
Me too. Thanks
Android for Windows 2.0
new version just went live..... can someone reply with a hot-link, thanks
thepiratebay.sx
/torrent/8440340
Adding Game Data / Mount SDcard.sparse BlueStacks
Ok, I have been asked about this more than anything,
Used to be the SDcard was a .fs file and could be manipulated easy, now it's a bit more involved, but none to difficult.
You need to download:
thepiratebay.sx/
torrent/8453985
This will get you to be able to mount the SDcard.sparsefs as a drive letter in windows... Nothing new, just consolidating info as I have been requested for this more than anything else. Enjoy!
-js
I have an HTML 5 app built with Sencha Touch + Cordova. The app works ok and is already in production, but I want more in terms of performance for the future, so I'm thinking about rewriting it in another framework.
On propertycross.com some of the most used cross-platform frameworks have been compared... I went through all of them and for me the winner is with no doubt NeoMAD. The approach seems the right one: write in one language (Java) and have the native app generated for each platform.
I saw no difference in terms of performance between the native one and the one built with NeoMAD, also the app was only a bit larger (1.2mb the native one, 1.9mb the one built with NeoMAD), with Titanium and Xamarin I get an app 10 times bigger, not to mention the increased startup time.
By doing some research on the web though, NeoMAD doesn't seem much used... on stackoverflow I get only 5 questions with the neomad tag.
So why so few people use this framework? Seems to me the perfect one... Does anyone have any experience with it?
Hello Emanuele,
First of all, as one of the NeoMAD founders I was very happy to read your post!
To answer your question, I think there are 3 explanations:
1/ NeoMAD is available on the market since 2012 only and this is a first objective reason why we do not have a lot of users at the moment.
2/ Neomades is a small company with limited marketing resources compared to our main competitors.
3/ The Neomades team is mainly a tech one and we have not been so efficient until now in business dev.
However, NeoMAD is used for mobile developments by major french organizations such as CROUS, L'Oréal and TNS Sofres / WPP Group. Some of these applications are available on the app stores, you can find more information about it in the References section of our website.
We hope that comments like yours will catch the community's attention and increase the visibility of NeoMAD… without users and the developer community we will not succeed !
Fill free to contact us for any questions a [email protected]
Best regards.
Hey @memanuele
First of all, you need to choose the framework according to your specific project needs. It's really hard to name the one-fits-all framework. If you're in no hurry, you can spend some time trying different ones and thus deciding what will be the best variant for you.
If you don't have time, you can get initial information from the blogs, for example, here or here, to name a few. Google it, there's alot of interesting going on.
Edit: Ddamn, just noticed the date of the initial post...
Cannot delete.
AlexCoetzee said:
I am tired of playing games and have really been interested in tinkering with them for a while now. I don't plan on doing this for illicit purposes but I wish to learn to modify games and tweak values in IDA Pro with hexedit so that I can do more than what things like gamekiller allow me. Anyone know any good places to start learning?
Click to expand...
Click to collapse
Despite your stated positive intentions, I would say as a general answer that this is not the place to be seeking such information. While you may be looking to expand a game, or simply make harmless mods for your personal entertainment, this process generally involves reverse engineering and violating the terms set forth by the developer(s) for fair and legal use of their publication.
That being said, you should start your learning with a good understanding of Java, coding for the Android platform, smali code, and arm/arm64 assembly, as well as a basic understanding of c# and actionscript. These were the foundations of knowledge for successful apk modification for me in my self-education process. Google is infinitely helpful! Just be sure to respect the wishes of developers with regard to working with their releases, especially closed-source applications.