ANDROID TAMER
Slide 1
Slide 2
WHAT IS ANDROID TAMER Single Point of Reference / Resources for Android Contains 1. Virtual machine for Android (Security) Professionals 2. Debian 8 Compatible Tools Repository 3. Custom Emulator for arm devices (Work In Progress) 4. f-droid repository of tools (Work in Progress) 5. Documentation (tools.androidtamer.com) (ever evolving) 6. KnowledgeBase (kb.androidtamer.com) (Work in Progress)
Slide 3
WHO USES ANDROID TAMER 1. Trainers 2. Security professionals 3. Developers 4. iOT Hackers Friendly Plug Catch Sneha Rajguru using AndroidTamer at BSidesLV (whole day 3 Aug 2016) Defcon Workshop (5 Aug 2016 : 10 AM - 2 PM) Catch Anto Joseph using AndroidTamer with Droid-FF at Arsenal Booth (4 Aug 2016 - 2 PM - 3:50 PM) Defcon Workshop (6 Aug 2016 : 2 PM - 6 PM)
Slide 4
OPENSOURCE ALL THE WAY 1. Automated VM Building Process : Vagrant Ansible script (https://github.com/AndroidTamer/VagrantBuild) 2. Automated Debian Package Building Scripts (https://github.com/AndroidTamer/Packaging_Tools) 3. Documentation source markdown (https://github.com/AndroidTamer/Tools) 4. Open to all https://github.com/AndroidTamer 5. To be added 1. APK repository 2. apk building process 3. emulator building process 4. Live ISO Creation 5. and more
Slide 5
VIRTUAL MACHINE Swiss Army knife for Android Security Professionals. Supports VirtualBox VMWare Vagrant / Ansible
Slide 6
WHY Saves time while Finding and installing tools Configuring them Ensuring all other tools are still working Multiple language versions (java, python, perl, ruby more) Managing updates of each tool
Slide 7
TOOLS INCLUDE 1. adb / fastboot / android-sdk 2. dex2jar / enjarify 3. apktool 4. jad / jd-gui / jadx / jadx-gui 5. drozer / MobSF / jaadas 6. DFF / ddrescueview 7. SQLiteManager / SQLiteMan 8. Burp Free / OWASP-ZAP 9. pidcat 10. Droid-FF (Fuzzing Framework) 11. dextra, simplify, imgtool 12. and more….
Slide 8
CUSTOM FEATURES 1. Easy Management of multiple devices 2. One liner commands (apk2java, drozer_start etc) 3. Scripts for automated analysis 4. So ware update managed over apt-get repository (alpha phase) (http://repo.androidtamer.com/) 5. All Tools pre-configured in PATH (no need to switch directories) 6. ZSH with autosuggestion
Slide 9
TOOLS REPOSITORY
Slide 10
REPOSITORY IN USE
Slide 11
THAT’S NOT IT
Slide 12
@ TWITTER Follow Us @AndroidTamer to get Latest Android News
Slide 13
FB/ANDROIDTAMER
Slide 14
SECURITY ENHANCEMENTS https://kb.androidtamer.com/android_security_enhancement/
Slide 15
LEARN ANDROID https://androidtamer.com/learn_android_security
Slide 16
DEMO TIME 1. Application decompiling 2. Automated assessment (drozer_checks) 3. Multi devices management (adb list) 4. MobSF 5. Droid Fuzzing Framework 6. Build / Enhance your own Distro (Debian compatible Repository)
Slide 17
DEMO: APK2JAVA
Slide 18
DEMO: DROZER_CHECK
Slide 19
DEMO: ADB LIST
- Add entries in ~/.adb_list 2. format of entries “ABC;SERIALNO” 3. echo “abc;1234567890” >> ~/.adb_list
Slide 20
DEMO: MOBSF
Slide 21
DEMO: DROID-FF
Slide 22
BUILD YOUR OWN
Slide 23
PACKAGE REPOSITORY
Slide 24
HOW TO CONTRIBUTE 1. Test the tools, suggest changes or improvements / enhancements 2. Use / Promote / Write about the tool 3. Add tools : https://github.com/AndroidTamer/Packaging_Tools/Build 4. Report / track / suggest / fix Issues 5. Test Repo on (https://repo.androidtamer.com) other distributions (Kali / Ubuntu / other pentest distro and more ) Report all issues(https://github.com/AndroidTamer/Tools_Repository/issues) How to setup : (https://tools.androidtamer.com/General/repo_configure/)
Slide 25
THANKS Follow @AndroidTamer for all Updates
