- Out-of-Stock
Products
Categories
- Main categories
-
- 3D PRINTING
- ARDUINO
- AUTOMATION
- BOOKS
- CYBERSECURITY
- EDUCATION
- ELECTRONICS
- Cables
- Cameras and accessories
- Communication
- Conductive materials
- Connectors
- ARK connectors (Terminal Block)
- Coaxial connectors (RF)
- Connectors
- Crocodile clip
- D-Sub drawer connectors
- DC power connectors
- FFC/FPC ZIF connectors
- Goldpin connectors
- IDC connectors
- JACK connectors
- JST connectors
- Jumpers
- Memory cards slots
- Other connectors
- Pogo pin
- RJ45 sockets
- Slip ring connector
- Supports
- Szybkozłącza
- USB connectors
- USB PD Adapters for Laptops
- Cooling
- Displays
- Electronic modules
- A/D and D/A converters
- Audio
- Barcode readers
- CAN converters
- Converters USB - UART / RS232
- Data logger
- DDS/PLL generators
- Digital potentiometers
- Encoders
- Expanders of the I/O
- Fingerprint readers
- HMI modules
- Image and video
- JTAG accessories
- Keyboards, buttons
- LED drivers
- Memory card readers
- Memory modules
- Modules with power outputs
- Motor controllers
- Power modules
- RS485 converters
- RTC modules
- Servo Controllers
- TSOP infrared receivers
- USB Converters - I2C / 1-Wire / SPI
- Voltage converters
- Gadgets
- GPS
- Intelligent clothes
- LED - diodes, displays, stripes
- Luminous wires and accessories
- Machine vission (MV)
- Memory cards and other data storages
- Passive elements
- PC accessories
- Printers
- Prototype boards
- Relays
- Semiconductors
- A/C converters (ADC)
- Analog systems
- Audio systems
- Bridge rectifiers
- Button
- D/A Converters (DAC)
- DDS synthesizers
- Digital circuits
- Diodes
- Drivers of motors
- DSP microprocessors
- Energy counters
- Energy harvesting
- ESD security
- IGBT drivers and bridges
- Interface systems
- LED drivers
- Logic converters
- Memory
- Microcontrollers
- Optotriacs and optocouplers
- Other
- PLL generators
- Power systems
- Programmable systems
- Resetting systems
- RF systems
- RTC systems
- Sensors
- SoC systems
- Timery
- Touch sensors
- Transistors
- Sensors
- Accelerometers
- Air humidity sensors
- Air quality sensors
- Current sensors
- Distance sensors
- Flow sensors
- Gas sensors
- Gyroscopes
- Hall sensors
- Humidity sensors
- Infrared sensors
- Light and color sensors
- Liquid level sensors
- Magnetic sensors (compasses)
- Medical sensors
- Motion sensors
- PH sensors
- Position sensors
- Pressure sensors
- Pressure sensors
- Reflection sensors
- Sensors 6DOF/9DOF/10DOF
- Sensors of liquid quality
- Temperature sensors
- Vibration sensors
- Sound transducers
- Switches and buttons
- Cables
- FPGA DEVELOPMENT KITS
- Measuring devices
- MECHANICS
- MINICOMPUTERS (SBC)
- POWER
- RASPBERRY PI
- Accessories for Raspberry Pi
- Audio video cables for Raspberry Pi
- Case Raspberry Pi
- Cooling for Raspberry Pi
- Displays for Raspberry Pi
- Extension modules for Raspberry Pi
- Memory cards for Raspberry Pi
- Power for Raspberry Pi
- Raspberry Pi 3 model A+
- Raspberry Pi 3 model B
- Raspberry Pi 3 model B+
- Raspberry Pi 4 model B
- Raspberry Pi 400
- Raspberry Pi 5
- Raspberry Pi 500
- Raspberry Pi cameras
- Raspberry Pi Compute Module
- Raspberry Pi model A/ B+/2
- Raspberry Pi Pico
- Raspberry Pi prototyping
- Raspberry Pi Zero
- Raspberry Pi Zero 2 W
- RETIRED PRODUCTS
- SALE
- STARTER KITS, PROGRAMMERS, MODULES
- Atmel SAM
- Atmel Xplain
- AVR
- Coral
- DFRobot FireBeetle
- ESP32
- ESP8266
- Feather / Thing Plus
- Freedom (Kinetis)
- M5Stack
- Micro:bit
- Nordic nRF
- Other development kits
- Particle Photon
- Peripheral modules
- PIC
- Raspberry Pi RP2040
- RFID
- RISC-V
- Seeed Studio LinkIt
- Segger programmers
- SOFTWARE
- Sparkfun MicroMod
- STM32
- STM32 Discovery
- STM32 MP1
- STM32 Nucleo boards
- STM8
- Teensy
- Universal programmers
- WRTNode
- XIAO/Qt PY
- Atmel SAM
- WORKSHOP
- Adhesives and gluers
- Chemistry
- CNC milling machines
- Crimping tools
- Dispensing needles
- Heat-shrink tubing
- Insulation strippers
- Knives and scissors
- Laboratory power supplies
- Mikroskopy
- Mini drills and grindrers
- Organizers
- Power strips
- Power tools
- Safety glasses
- Soldering
- Antistatic mats and accessories (ESD)
- BGA balls
- BGA rework stations
- Brushes and ESD brushes
- Desoldering Wick
- Handles, magnifiers
- Heat guns
- Heaters and soldering irons
- Laminates
- Portable soldering irons
- Silicone Soldering Mats
- SMD Accessories
- Soldering accessories
- Soldering chemistry
- Soldering irons
- Soldering pastes
- Soldering pots
- Soldering stations
- Soldering tips
- Sponges and cleaners
- Stand for soldering irons
- Tin
- Tin extractors
- Ultrasonic cleaners
- Tapes (aluminum, kapton, copper, insulating)
- Tools
- Tweezers
- Vices
- 3D PRINTING
New products
New products
Android. Hacker's guide
Joshua J. Drake, Zach Lanier, Collin Mulliner, Pau Oliva Fora, Stephen A. Ridley, Georg Wicherski
Free shipping
free shipping in Poland for all orders over 500 PLN
Same day shipping
If your payment will be credited to our account by 11:00
14 days for return
Each consumer can return the purchased goods within 14 days
Original title: Android Hacker's Handbook
Translation: Andrzej Stefański
ISBN: 978-83-246-9940-7
Date of issue: 2015-01-23
Number of pages: 520
Format: 168x237 mm
Defend your system against attack!
The Android system is an undeniable leader among operating systems for mobile devices. However, being a leader has one major disadvantage - everyone wants to break his security. If you are a specialist responsible for network security, if you are an administrator responsible for the security of mobile devices, then you've come across a book that will become your obligatory reading for the next few days!
Thanks to it, you will learn about the operation of the Android system and the security architecture implemented in it. In the following chapters, you will learn to recognize the details of security implementation and the complications resulting from the fact that Android is an open system. Once you've acquired solid theoretical foundations, you'll go on to analyze the various attack techniques for devices running Android. In addition, you will learn the possible attack planes, publicly available exploits and the weaknesses of the system's kernel. This book must be on the shelf of everyone who is not indifferent to the security of the Android platform!
With this book you will learn:
- Recognize the details of the security implementation and the complications resulting from the openness of Android.
- Avoid frequent security traps and follow the latest smartphone hacking strategies.
- Analyze all kinds of successful attacks on the Android operating system.
- Obtain full access to the device and recognize the partition layout and the device start-up process.
- Understand the complex nature of the Android ecosystem, including the importance of various device manufacturers and software developers
Mandatory reading of specialists responsible for the security of the Android platform!
Table of Contents
About the authors (13)
About the content-related corrector (15)
Thanks (17)
Introduction (19)
- Book and technology overview (20)
- How is this book divided (20)
- Who should read this book (22)
- Tools needed (22)
- What's on the website (23)
- Good luck! (23)
Chapter 1. A Look at the Ecosystem (25)
- The roots of Android (25)
- Company history (25)
- Revision history (26)
- Available devices (28)
- Open (mostly) sources (29)
- Android shareholders (31)
- Google (32)
- Equipment manufacturers (33)
- Operators (35)
- Developers (35)
- Users (36)
- Image of the complexity of the ecosystem (38)
- Fragmentation (38)
- Compatibility (40)
- Problems related to the update (41)
- Security versus openness (43)
- Information disclosure (44)
- Summary (45)
Chapter 2. Android security design and architecture (47)
- Android system architecture (47)
- Limitations and protection (49)
- Android isolated environment (49)
- Android permissions (52)
- More detailed analysis of layers (55)
- Android Apps (55)
- Android Framework (59)
- Virtual Dalvik machine (60)
- Native user code (62)
- Kernel (67)
- Complicated security, a complicated exploit (74)
- Summary (75)
Chapter 3. Unlocking the device (77)
- Partition layout (78)
- Determining the partition layout (79)
- System startup process (80)
- Access the download mode (81)
- Blocked and unblocked loading programs (82)
- Original and modified rescue images (83)
- Getting full access with unlocked loader (85)
- Getting full access when the loader is blocked (87)
- Accessing on a running system (88)
- NAND locks, temporary root, persistent root (89)
- Fixing the software root (91)
- Stories of known attacks (92)
- Nucleus: Wunderbar / asroot (92)
- Rescue mode: Volez (93)
- Udev: Exploid (93)
- Adbd: RageAgainstTheCage (94)
- Zygote: Zimperlich and Zysploit (94)
- Ashmem: KillingInTheNameOf and psneuter (95)
- Vold: GingerBreak (95)
- PowerVR: levitator (96)
- Libsysutils: zergRush (96)
- Kernel: mempodroid (97)
- Attacks related to file permissions and symbolic links (97)
- Adb restore (98)
- Exynos4: exynos-abuse (99)
- Diag: lit / diaggetroot (99)
- Summary (100)
Chapter 4. Application security overview (101)
- Common errors (101)
- Problems with application permissions (102)
- Unsecured transfer of sensitive data (103)
- Storage of unsecured data (104)
- Information leaks through logs (105)
- Unsecured IPC terminations (106)
- Case study: Mobile Security App (108)
- Profiling (108)
- Static analysis (110)
- Dynamic analysis (124)
- Attack (132)
- Case study: SIP Client (134)
- Drozer (134)
- Diagnosis (134)
- Snarfing (136)
- Injecting (138)
- Summary (140)
Chapter 5. Android attack planes (141)
- Basics of terminology (141)
- Attacks Vectors (142)
- Attack planes (143)
- Classification of attack surfaces (144)
- Properties of the plane (144)
- Classification method (145)
- Attack planes available remotely (145)
- Network Issues (146)
- Network stacks (150)
- Shared network services (151)
- Mobile technologies (152)
- Attack level on the user's side (153)
- Google infrastructure (158)
- Physical neighborhood (164)
- Wireless communication (164)
- Other technologies (170)
- Local attack planes (170)
- Viewing the file system (171)
- Finding other local attack planes (172)
- Physical attack planes (176)
- Disassembling the device (177)
- USB (178)
- Other physical levels of attacks (181)
- External modifications (182)
- Summary (182)
Chapter 6. Searching for weaknesses using fuzzing (183)
- The origin of fuzzing (183)
- Identifying the goal (185)
- Creating distorted input data (185)
- Processing of input data (186)
- Monitoring results (187)
- Fuzzing on Android (187)
- Fuzzing recipients of messages (188)
- Goal identification (189)
- Generating input data (190)
- Providing input data (190)
- Test monitoring (191)
- Fuzzing Chrome for Android (193)
- Target selection (193)
- Generating input data (195)
- Processing of input data (197)
- Test monitoring (199)
- USB attack plane fuzzing (201)
- Challenges of USB fuzzing (202)
- Mode selection (202)
- Generating input data (203)
- Processing of input data (205)
- Test monitoring (206)
- Summary (207)
Chapter 7. Searching for errors and analyzing weaknesses (209)
- Collection of all available information (209)
- Choosing a tool kit (211)
- Debugging erroneous ending (212)
- System logs (212)
- Tombstone (213)
- Remote debugging (214)
- Debugging Dalvik Virtual Machine Code (215)
- Debugging the example application (216)
- Displaying the Android Framework source code (218)
- Debugging the existing code (220)
- Debugging the native code (224)
- Debugging with NDK (224)
- Debugging with Eclipse (228)
- Debugging with AOSP (230)
- Increasing automation (235)
- Debug with symbols (237)
- Debug device not supported by AOSP (243)
- Debug in mixed mode (244)
- Alternative debugging techniques (244)
- Expressions for debugging (244)
- Debugging on the device (245)
- Dynamic modification of binaries (246)
- Vulnerability analysis (247)
- Determining the root cause (247)
- Assessment of use (260)
- Summary (261)
Chapter 8. Using software running in the user space (263)
- Basics of memory errors (263)
- Stack buffer overflow (264)
- Using the heap (267)
- History of publicly known exploits (274)
- GingerBreak (275)
- zergRush (278)
- mempodroid (281)
- Using the Android browser (282)
- Understanding the error (283)
- Heap Control (285)
- Summary (288)
Chapter 9. Return Oriented Programming (289)
- History and justification (289)
- Separate data and instruction cache (290)
- Basis of ROP in ARM (292)
- Invoking subroutines in ARM (293)
- Combining gadgets in a chain (295)
- Identification of potential gadgets (296)
- Case study: Android 4.0.1 linker (297)
- Stack pointer modification (298)
- Execution of arbitrary code from allocated memory (300)
- Summary (304)
Chapter 10. Hacking and attacking the kernel (317)
- Linux kernel on Android (317)
- Extracting the kernel (318)
- Extracting from the factory software (319)
- Download from device (321)
- Downloading the kernel from the boot image (323)
- Unpacking the kernel (323)
- Running the modified kernel code (324)
- Acquisition of source code (324)
- Preparing the build environment (327)
- Configuring the kernel (328)
- Using your own kernel modules (329)
- Compilation of the modified kernel (332)
- Creating a boot image (335)
- Running a modified kernel (337)
- Debugging the kernel (342)
- Kernel Error Reports (342)
- Understanding Oops (344)
- Live debugging with KGDB (348)
- Using the kernel (352)
- Typical Android kernels (352)
- Extracting addresses (354)
- Case studies (356)
- Summary (367)
Chapter 11. Attacking RIL (311)
- Introduction to RIL (312)
- RIL architecture (312)
- Smartphone architecture (313)
- Phone stack on Android (313)
- Adjusting the phone stack (315)
- RIL Services (rild) (315)
- The vendor-ril API (318)
- SMS (Short Message Service) (319)
- Sending and receiving SMS messages (319)
- SMS format (319)
- Communication with the modem (322)
- Emulation of a modem for fuzzing (322)
- Fuzzing Android SMS (324)
- Summary (331)
Chapter 12. Mitigation Mechanisms (333)
- Classification (334)
- Code signing (334)
- Heap curing (336)
- Overflow protection of an integer variable (336)
- Preventing the execution of data (338)
- Randomization of the address space (340)
- Stack protection (342)
- Security for formatting strings (343)
- Read-Only Relocations (345)
- Environmental isolation (346)
- Securing the source code (346)
- Access control mechanisms (348)
- Securing the kernel (349)
- Limits of indicators and logs (350)
- Zero page protection (351)
- Read-only memory areas (351)
- Other security features (352)
- Summary of mechanisms limiting the operation of exploits (354)
- Disabling restrictions (356)
- Change of identity (356)
- Binary Swap (357)
- Modifying the Kernel (357)
- Overcoming mechanisms limiting the operation of exploits (358)
- Overcoming stack security (358)
- Overcoming ASLR (359)
- Overcoming security measures against data execution (359)
- Overcoming kernel limitations (359)
- A look into the future (360)
- Officially developed projects (360)
- Community curing of the testicle (361)
- A bit of speculation (362)
- Summary (362)
Chapter 13. Hardware attacks (363)
- Communication with hardware (364)
- UART serial interfaces (364)
- Interfaces I2C, SPI and One-Wire (368)
- JTAG (370)
- Finding Interfaces for Debugging (381)
- Component identification (392)
- Acquiring Specifications (392)
- Difficulties in identifying components (394)
- Capturing, monitoring and injecting data (395)
- USB (395)
- Serial interfaces I2C, SPI and UART (399)
- Data and software theft (404)
- Getting discreet access (405)
- Invasive methods of access to software (407)
- What to do with data dump? (410)
- Traps (414)
- Unusual interfaces (414)
- Binary data and closed protocols (414)
- Defective interfaces for debugging (415)
- System passwords (415)
- Loader passwords, key combinations and silent terminals (415)
- Modified start sequences (416)
- Hidden address lines (416)
- Protective resin (416)
- Image encryption, obfuscation and hindering debugging (417)
- Summary (417)
Appendix A. Tools (419)
- Development tools (419)
- Android SDK (419)
- Android NDK (420)
- Eclipse (420)
- ADT plugin (420)
- ADT package (420)
- Android Studio (420)
- Tools for acquiring factory software and modifying memory (421)
- Binwalk (421)
- fastboot (421)
- Samsung (421)
- NVIDIA (422)
- LG (422)
- HTC (423)
- Motorola (423)
- Android native tools (424)
- BusyBox (424)
- setpropex (425)
- SQLite (425)
- strace (425)
- Hooking and modifying tools (425)
- ADBI framework (425)
- ldpreloadhook (426)
- Framework XPosed (426)
- Cydia Substrate (426)
- Static analysis tools (426)
- Smali and Baksmali (427)
- Androguard (427)
- apktool (427)
- dex2jar (427)
- poison (428)
- JD-GUI (428)
- JEB (428)
- Radare2 (428)
- IDA Pro and Hex-Rays decompiler (429)
- Application testing tools (429)
- Framework Drozer (Mercury) (429)
- iSEC Intent Sniffer and Intent Fuzzer (429)
- Hardware hacking tools (430)
- Segger J-Link (430)
- JTAGulator (430)
- OpenOCD (430)
- Saleae (430)
- Bus Pirate (430)
- GoodFET (431)
- TotalPhase Beagle USB (431)
- Facedancer21 (431)
- TotalPhase Aardvark I2C (431)
- Chip Quik (431)
- Heat gun (431)
- Xeltek SuperPro (432)
- IDA (432)
Appendix B. Open source code repositories (433)
- Google (433)
- AOSP (433)
- Gerrit code control system (434)
- SoC manufacturers (434)
- AllWinner (435)
- Intel (435)
- Marvell (435)
- MediaTek (435)
- Nvidia (436)
- Texas Instruments (436)
- Qualcomm (436)
- Samsung (437)
- Device manufacturers (OEM) (437)
- ASUS (438)
- HTC (438)
- LG (438)
- Motorola (439)
- Samsung (439)
- Sony Mobile (439)
- Sources of external projects (440)
- Other sources (440)
- Modified factory software (440)
- Linaro (441)
- Replicant (441)
- Code indexes (441)
- Freelancers (441)
Appendix C. Sources (443)
Index (501)
Other products in the same category (16)
No product available!
Stephen Forte, Thomas Howe, Kurt Wall, Paul Kimmel, Russ Mullen
No product available!
No product available!
Li-Ion battery type 18650 with a nominal voltage of 3.6 V and a capacity of 3200 mAh. Akyga AKY0926
No product available!
Atmel SMART SAM V71 Xplained Ultra development kit with ATSAMV71Q21 microcontroller with ARM Cortex-M7 core. ATSAMV71-XULT
No product available!
No product available!
Starter kit with Raspberry Pi Zero 2 W and official accessories
No product available!
No product available!
This fully-featured UDA1334A I2S Stereo DAC breakout is a perfect match for any I2S-output audio interface. It\'s affordable but sounds great! The NXP UDA1334A is a jack-of-all-I2S-trades: you can use 3.3V - 5V logic levels (a rarity), and can process multiple different formats by setting two pins to high or low. Adafruit 3678
No product available!
Universal power supply 5-14vdc / 1a - set for self-assembly
No product available!
No product available!
8x2 Character LCD - Black Bezel (Parallel Interface)
No product available!
No product available!
No product available!
No product available!
No product available!