Deployed 02ce9ce with MkDocs version: 1.6.0

404.html

@@ -12,7 +12,7 @@
 
 
       <link rel="icon" href="/assets/logo_circle.png">
-      <meta name="generator" content="mkdocs-1.6.0, mkdocs-material-9.5.19">
+      <meta name="generator" content="mkdocs-1.6.0, mkdocs-material-9.5.20">
 
 
 

MASTG/Android/0x05b-Android-Security-Testing/index.html

@@ -16,7 +16,7 @@
 
 
       <link rel="icon" href="../../../assets/logo_circle.png">
-      <meta name="generator" content="mkdocs-1.6.0, mkdocs-material-9.5.19">
+      <meta name="generator" content="mkdocs-1.6.0, mkdocs-material-9.5.20">
 
 
 
@@ -1249,15 +1249,6 @@
       </ul>
     </nav>
 
-</li>
-
-        <li class="md-nav__item">
-  <a href="#resources" class="md-nav__link">
-    <span class="md-ellipsis">
-      Resources
-    </span>
-  </a>
-
 </li>
 
     </ul>
@@ -11564,15 +11555,6 @@
       </ul>
     </nav>
 
-</li>
-
-        <li class="md-nav__item">
-  <a href="#resources" class="md-nav__link">
-    <span class="md-ellipsis">
-      Resources
-    </span>
-  </a>
-
 </li>
 
     </ul>
@@ -11671,9 +11653,9 @@ <h1 id="android-security-testing">Android Security Testing<a class="headerlink"
 <h2 id="android-testing-setup">Android Testing Setup<a class="headerlink" href="#android-testing-setup" title="Permanent link">&para;</a></h2>
 <p>You can set up a fully functioning test environment on almost any machine running Windows, Linux, or macOS.</p>
 <h3 id="host-device">Host Device<a class="headerlink" href="#host-device" title="Permanent link">&para;</a></h3>
-<p>At the very least, you'll need <a href="/MASTG/Tools/0x08a-Testing-Tools#android-studio">Android Studio</a> (which comes with the <a href="/MASTG/Tools/0x08a-Testing-Tools#android-sdk" title="Android SDK">Android SDK</a> "Android SDK") platform tools, an emulator, and an app to manage the various SDK versions and framework components. Android Studio also comes with an Android Virtual Device (AVD) Manager application for creating emulator images. Make sure that the newest <a href="https://developer.android.com/studio/releases/sdk-tools">SDK tools</a> and <a href="https://developer.android.com/studio/releases/platform-tools">platform tools</a> packages are installed on your system.</p>
-<p>In addition, you may want to complete your host setup by installing the <a href="/MASTG/Tools/0x08a-Testing-Tools#android-ndk">Android NDK</a> if you're planning to work with apps containing native libraries.</p>
-<p>Sometimes it can be useful to display or control devices from the computer. To achieve this, you can use <a href="/MASTG/Tools/0x08a-Testing-Tools#scrcpy">Scrcpy</a>.</p>
+<p>At the very least, you'll need <a href="0x08a-Testing-Tools.md#android-studio">Android Studio</a> (which comes with the <a href="0x08a-Testing-Tools.md#android-sdk" title="Android SDK">Android SDK</a>) platform tools, an emulator, and an app to manage the various SDK versions and framework components. Android Studio also comes with an Android Virtual Device (AVD) Manager application for creating emulator images. Make sure that the newest <a href="https://developer.android.com/studio/releases/sdk-tools">SDK tools</a> and <a href="https://developer.android.com/studio/releases/platform-tools">platform tools</a> packages are installed on your system.</p>
+<p>In addition, you may want to complete your host setup by installing the <a href="0x08a-Testing-Tools.md#android-ndk">Android NDK</a> if you're planning to work with apps containing native libraries.</p>
+<p>Sometimes it can be useful to display or control devices from the computer. To achieve this, you can use <a href="0x08a-Testing-Tools.md#scrcpy">Scrcpy</a>.</p>
 <h3 id="testing-device">Testing Device<a class="headerlink" href="#testing-device" title="Permanent link">&para;</a></h3>
 <p>For dynamic analysis, you'll need an Android device to run the target app on. In principle, you can test without a real Android device and use only the emulator. However, apps execute quite slowly on a emulator, and simulators may not give realistic results. Testing on a real device makes for a smoother process and a more realistic environment. On the other hand, emulators allow you to easily change SDK versions or create multiple devices. A full overview of the pros and cons of each approach is listed in the table below.</p>
 <table>
@@ -11752,7 +11734,7 @@ <h4 id="testing-on-a-real-device">Testing on a Real Device<a class="headerlink"
 <p>The best candidates are flagship Google pixel devices built for developers. These devices typically come with an unlockable bootloader, opensource firmware, kernel, radio available online and official OS source code. The developer communities prefer Google devices as the OS is closest to the android open source project. These devices generally have the longest support windows with 2 years of OS updates and 1 year of security updates after that.</p>
 <p>Alternatively, Google's <a href="https://www.android.com/one/" title="Android One">Android One</a> project contains devices that will receive the same support windows (2 years of OS updates, 1 year of security updates) and have near-stock experiences. While it was originally started as a project for low-end devices, the program has evolved to include mid-range and high-end smartphones, many of which are actively supported by the modding community.</p>
 <p>Devices that are supported by the <a href="https://lineageos.org/" title="LineageOS">LineageOS</a> project are also very good candidates for test devices. They have an active community, easy to follow flashing and rooting instructions and the latest Android versions are typically quickly available as a Lineage installation. LineageOS also continues support for new Android versions long after the OEM has stopped distributing updates.</p>
-<p>When working with an Android physical device, you'll want to enable Developer Mode and USB debugging on the device in order to use the <a href="/MASTG/Tools/0x08a-Testing-Tools#adb">ADB</a> debugging interface. Since Android 4.2 (API level 16), the <strong>Developer options</strong> sub menu in the Settings app is hidden by default. To activate it, tap the <strong>Build number</strong> section of the <strong>About phone</strong> view seven times. Note that the build number field's location varies slightly by device. For example, on LG Phones, it is under <strong>About phone</strong> -&gt; <strong>Software information</strong>. Once you have done this, <strong>Developer options</strong> will be shown at bottom of the Settings menu. Once developer options are activated, you can enable debugging with the <strong>USB debugging</strong> switch.</p>
+<p>When working with an Android physical device, you'll want to enable Developer Mode and USB debugging on the device in order to use the <a href="0x08a-Testing-Tools.md#adb">ADB</a> debugging interface. Since Android 4.2 (API level 16), the <strong>Developer options</strong> sub menu in the Settings app is hidden by default. To activate it, tap the <strong>Build number</strong> section of the <strong>About phone</strong> view seven times. Note that the build number field's location varies slightly by device. For example, on LG Phones, it is under <strong>About phone</strong> -&gt; <strong>Software information</strong>. Once you have done this, <strong>Developer options</strong> will be shown at bottom of the Settings menu. Once developer options are activated, you can enable debugging with the <strong>USB debugging</strong> switch.</p>
 <h4 id="testing-on-an-emulator">Testing on an Emulator<a class="headerlink" href="#testing-on-an-emulator" title="Permanent link">&para;</a></h4>
 <p>Multiple emulators exist, once again with their own strengths and weaknesses:</p>
 <p>Free emulators:</p>
@@ -11775,7 +11757,7 @@ <h4 id="testing-on-an-emulator">Testing on an Emulator<a class="headerlink" href
 <li><a href="https://github.com/MobSF/Mobile-Security-Framework-MobSF" title="MobSF">MobSF</a></li>
 <li><a href="https://github.com/mseclab/nathan" title="Nathan">Nathan</a> (not updated since 2016)</li>
 </ul>
-<p>Please also verify the <a href="/MASTG/Tools/0x08a-Testing-Tools">Testing Tools</a> chapter at the end of this book.</p>
+<p>Please also verify the <a href="0x08a-Testing-Tools.md">"Testing Tools"</a> chapter at the end of this book.</p>
 <h4 id="getting-privileged-access">Getting Privileged Access<a class="headerlink" href="#getting-privileged-access" title="Permanent link">&para;</a></h4>
 <p><em>Rooting</em> (i.e., modifying the OS so that you can run commands as the root user) is recommended for testing on a real device. This gives you full control over the operating system and allows you to bypass restrictions such as app sandboxing. These privileges in turn allow you to use techniques like code injection and function hooking more easily.</p>
 <p>Note that rooting is risky, and three main consequences need to be clarified before you proceed. Rooting can have the following negative effects:</p>
@@ -11792,29 +11774,10 @@ <h5 id="which-mobiles-can-be-rooted">Which Mobiles Can Be Rooted<a class="header
 <h5 id="rooting-with-magisk">Rooting with Magisk<a class="headerlink" href="#rooting-with-magisk" title="Permanent link">&para;</a></h5>
 <p>Magisk ("Magic Mask") is one way to root your Android device. Its specialty lies in the way the modifications on the system are performed. While other rooting tools alter the actual data on the system partition, Magisk does not (which is called "systemless"). This enables a way to hide the modifications from root-sensitive applications (e.g. for banking or games) and allows using the official Android OTA upgrades without the need to unroot the device beforehand.</p>
 <p>You can get familiar with Magisk reading the official <a href="https://topjohnwu.github.io/Magisk/" title="Magisk Documentation">documentation on GitHub</a>. If you don't have Magisk installed, you can find installation instructions in <a href="https://topjohnwu.github.io/Magisk/" title="Magisk Documentation">the documentation</a>. If you use an official Android version and plan to upgrade it, Magisk provides a <a href="https://topjohnwu.github.io/Magisk/ota.html" title="OTA Installation">tutorial on GitHub</a>.</p>
-<p>Furthermore, developers can use the power of Magisk to create custom modules and <a href="https://github.com/Magisk-Modules-Repo/submission" title="Submission">submit</a> them to the official <a href="https://github.com/Magisk-Modules-Repo" title="Magisk-Modules-Repo">Magisk Modules repository</a>. Submitted modules can then be installed inside the Magisk Manager application. One of these installable modules is a systemless version of the famous <a href="/MASTG/Tools/0x08a-Testing-Tools#xposed">Xposed Framework</a> (available for SDK versions up to 27).</p>
+<p>Furthermore, developers can use the power of Magisk to create custom modules and <a href="https://github.com/Magisk-Modules-Repo/submission" title="Submission">submit</a> them to the official <a href="https://github.com/Magisk-Modules-Repo" title="Magisk-Modules-Repo">Magisk Modules repository</a>. Submitted modules can then be installed inside the Magisk Manager application. One of these installable modules is a systemless version of the famous <a href="0x08a-Testing-Tools.md#xposed">Xposed Framework</a> (available for SDK versions up to 27).</p>
 <h5 id="root-detection">Root Detection<a class="headerlink" href="#root-detection" title="Permanent link">&para;</a></h5>
 <p>An extensive list of root detection methods is presented in the "Testing Anti-Reversing Defenses on Android" chapter.</p>
 <p>For a typical mobile app security build, you'll usually want to test a debug build with root detection disabled. If such a build is not available for testing, you can disable root detection in a variety of ways that will be introduced later in this book.</p>
-<h2 id="resources">Resources<a class="headerlink" href="#resources" title="Permanent link">&para;</a></h2>
-<ul>
-<li><a href="https://www.android.com/one/" title="Android One">Android One</a></li>
-<li><a href="https://www.android-x86.org/" title="Android X86">Android X86</a></li>
-<li><a href="https://corellium.com/" title="Corellium">Corellium</a></li>
-<li><a href="https://developer.android.com/studio/run/managing-avds.html" title="Create and Manage Virtual Devices">Create and Manage Virtual Devices</a></li>
-<li><a href="https://developer.android.com/studio/run/advanced-emulator-usage#extended" title="Extended Controls">Extended Controls</a></li>
-<li><a href="https://www.genymotion.com/download/" title="Genymotion">Genymotion</a></li>
-<li><a href="https://lineageos.org/" title="LineageOS">LineageOS</a></li>
-<li><a href="https://topjohnwu.github.io/Magisk/" title="Magisk Documentation">Magisk Documentation</a></li>
-<li><a href="https://github.com/Magisk-Modules-Repo" title="Magisk-Modules-Repo">Magisk-Modules-Repo</a></li>
-<li><a href="https://github.com/MobSF/Mobile-Security-Framework-MobSF" title="MobSF">MobSF</a></li>
-<li><a href="https://github.com/mseclab/nathan" title="Nathan">Nathan</a></li>
-<li><a href="https://topjohnwu.github.io/Magisk/ota.html" title="OTA Installation">OTA Installation</a></li>
-<li><a href="https://developer.android.com/studio/releases/sdk-tools">SDK tools</a></li>
-<li><a href="https://github.com/Magisk-Modules-Repo/submission" title="Submission">Submission</a></li>
-<li><a href="https://developer.android.com/guide/topics/sensors/sensors_overview#test-with-the-android-emulator" title="Testing motion sensors on emulators">Testing motion sensors on emulators</a></li>
-<li><a href="https://developer.android.com/studio/releases/platform-tools">platform tools</a></li>
-</ul>