Android Forensics, how the police investigates your device
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
Title |
| |
Title of Series | ||
Number of Parts | 46 | |
Author | ||
License | CC Attribution 3.0 Unported: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
Identifiers | 10.5446/47181 (DOI) | |
Publisher | ||
Release Date | ||
Language |
Content Metadata
Subject Area | ||
Genre | ||
Abstract |
|
droidcon Berlin 201519 / 46
5
7
10
13
16
18
20
21
23
26
31
34
35
36
41
42
45
00:00
Computer forensicsGame theoryPoint (geometry)Level (video gaming)Slide ruleLecture/Conference
00:22
Android (robot)MaizeGoogolInternetworkingInformation securitySlide ruleComputing platformMeeting/InterviewLecture/Conference
00:48
Software developerAndroid (robot)Expert systemMobile WebComputing platformComputer forensicsSoftware developerExpert systemAndroid (robot)Mobile appUltraviolet photoelectron spectroscopyMobile WebInformationLevel (video gaming)Computing platformCASE <Informatik>Meeting/InterviewComputer animation
01:11
Computing platformType theoryBitAndroid (robot)Lecture/Conference
01:34
CodeCodeAndroid (robot)Lecture/Conference
01:55
Android (robot)CodeAndroid (robot)Machine visionBit ratePoint (geometry)Sign (mathematics)Multiplication signMathematicsLecture/ConferenceMeeting/Interview
02:22
Multiplication signCartesian coordinate systemDigitizingAndroid (robot)Level (video gaming)Information securityNumberMereologyDirection (geometry)Software developerMobile appMeeting/InterviewLecture/Conference
02:49
Android (robot)Mobile appComputing platformAndroid (robot)MereologyLatent heatMeeting/Interview
03:10
CuboidTopological vector spaceRevision controlSet (mathematics)Software developerDirection (geometry)Cycle (graph theory)Android (robot)Bit
03:45
Bit error rateBitInformation securityArithmetic meanMultiplication signAndroid (robot)Order (biology)Cellular automatonLecture/ConferenceXMLComputer animation
04:13
Service (economics)Element (mathematics)Point (geometry)Physical systemLecture/ConferenceMeeting/Interview
04:32
MKS system of unitsBit error ratePerturbation theoryMobile appWorld Wide Web ConsortiumSinePoint (geometry)Computer filePhysical systemMobile appSoftware developerComputing platformForm (programming)MaizeLevel (video gaming)Lecture/ConferenceComputer animation
05:04
WordBitComputer fileMobile appCuboidPlotterLecture/Conference
05:39
Mobile appSineWorld Wide Web ConsortiumData miningMultiplication signLecture/Conference
06:00
Line (geometry)CASE <Informatik>HTTP cookieAxiom of choiceForm (programming)MereologyInformationMeeting/InterviewLecture/Conference
06:22
Virtual machineMassMereologyInformationSlide ruleComputing platformElement (mathematics)Kernel (computing)InterprozesskommunikationMathematicsData managementPower (physics)Revision controlAndroid (robot)Pattern languageCommunications systemProcess (computing)Physical systemTelecommunicationMessage passingComputer clusterPort scannerSpeech synthesisStandard deviationLecture/ConferenceProgram flowchart
07:22
Service (economics)Android (robot)Bound stateObject (grammar)InterprozesskommunikationFunction (mathematics)Process (computing)Android (robot)GoogolSpecial unitary groupOrbitProjective planeLecture/ConferenceComputer animation
07:52
Block (periodic table)Read-only memoryShared memorySimilarity (geometry)Java appletAndroid (robot)Process (computing)Kernel (computing)Database normalizationPressureInformation securityInterprozesskommunikationQuicksortInformationSemiconductor memoryKeyboard shortcutComputer fileComputer animation
08:18
Interior (topology)Android (robot)Physical systemPoint (geometry)Multiplication signInformationForm (programming)GoogolComputing platformRootComputer fileAndroid (robot)Reading (process)Formal languageMotherboardInternetworkingAdditionGastropod shellLecture/Conference
09:05
Interior (topology)Physical systemService (economics)BootingForm (programming)WeightProcess (computing)MereologyJava appletMemory managementSurfacePlanningLecture/ConferenceMeeting/Interview
09:32
Android (robot)Interior (topology)Computer fileSocial classService (economics)Physical systemMultiplication sign
10:02
Service (economics)Physical systemInformationOrder (biology)Multiplication signComputing platformSet (mathematics)Meeting/Interview
10:30
Interior (topology)RootComputing platformProcess (computing)System callSoftwareLecture/Conference
10:57
DialectAndroid (robot)WritingDialerComputing platformJava appletControl flowDependent and independent variablesComputing platformService (economics)MereologySymbol tableClique problemAlgebraMultiplication signData storage deviceMobile appDependent and independent variablesSoftware developerTelecommunicationIntelLattice (order)Condition numberComputing platformDialerSystem callCartesian coordinate systemKernel (computing)Android (robot)Computer animationMeeting/Interview
11:54
Computing platformTelecommunicationForm (programming)Set (mathematics)System callMobile appUniformer RaumLecture/Conference
12:14
Android (robot)DialectWritingDialerComputing platformJava appletControl flowDependent and independent variablesComputing platformService (economics)System callClient (computing)Interface (computing)Service (economics)Ideal (ethics)Set (mathematics)Mobile appPoint (geometry)Water vaporCartesian coordinate systemOrder (biology)Computer animation
12:49
DialerDialectWritingComputing platformAndroid (robot)Java appletControl flowDependent and independent variablesComputing platformService (economics)Computing platformCartesian coordinate systemService (economics)Android (robot)Keyboard shortcutLecture/ConferenceComputer animation
13:19
DialerDialectWritingAndroid (robot)Computing platformJava appletControl flowDependent and independent variablesComputing platformService (economics)Physical lawCivil engineeringService (economics)Goodness of fitComputer forensicsAndroid (robot)Lecture/ConferenceComputer animation
13:40
MIDIInformationRule of inferenceSpeech synthesisOpen setProof theoryComputer forensicsLecture/ConferenceMeeting/Interview
14:04
UsabilityMereologyMultiplication signSource code
14:23
Multiplication signMereologyGroup actionAuthorizationSource codeLecture/Conference
14:43
Computer forensicsGroup actionTheoryTracing (software)Information securityLecture/ConferenceComputer animationMeeting/Interview
15:20
Dew pointMIDISimulationBinary fileCovering spaceTesselationData storage deviceInformation securityCASE <Informatik>Lecture/Conference
15:43
CASE <Informatik>Computer forensicsType theoryQuantum stateNeuroinformatikXML
16:03
CASE <Informatik>CodeLecture/Conference
16:27
LogicCodeSoftwarePhysicalismAndroid (robot)Information security
16:48
LaceData miningSoftware testingPattern languageLecture/Conference
17:20
PasswordAsynchronous Transfer ModeBootingComputer-generated imageryData recoveryGastropod shellInformationCombinational logicComputer hardwareSoftwareDigital electronicsData storage devicePhysicalismSheaf (mathematics)Lecture/ConferenceComputer animation
17:54
LogicPhysical systemIntrusion detection systemBlock (periodic table)String (computer science)BackupPartition (number theory)Form (programming)Computer animation
18:24
Newton's law of universal gravitationString (computer science)Partition (number theory)Android (robot)Normal (geometry)CuboidProcess (computing)Lecture/ConferenceMeeting/Interview
19:01
InternetworkingMoment of inertiaBlock (periodic table)LogicGastropod shellPhysical systemDatabaseAndroid (robot)Web browserCache (computing)GoogolUser profileEmailTable (information)HypermediaAsynchronous Transfer ModeAddress spaceFreewarePartition (number theory)Point (geometry)Android (robot)DatabaseRootCartesian coordinate systemParameter (computer programming)Utility softwareNumberComputer-assisted translationPhysical lawInternet service providerInformationMessage passingPhysical systemRoutingLecture/ConferenceComputer animation
20:11
Control flowSimultaneous localization and mappingContent (media)LogicCursor (computers)Axonometric projectionQuery languageInformationKernel (computing)InformationParameter (computer programming)Message passingContent (media)Software developerInternet service providerLecture/Conference
20:33
BackupLogicContent (media)TouchscreenFunctional (mathematics)Android (robot)PasswordCartesian coordinate systemInformationWebsiteComputer animation
20:58
LogicBackupContent (media)TouchscreenPasswordDatabaseCartesian coordinate systemComputer animationLecture/Conference
21:19
BackupInformationFacebookRoutingPhysical systemBlogMobile appLecture/Conference
21:41
LogicPasswordPartition (number theory)Suite (music)BootingBootingMathematicsPartition (number theory)System callPattern languagePasswordLecture/ConferenceComputer animation
22:06
Partition (number theory)CASE <Informatik>InformationPasswordMoving averageLecture/ConferenceMeeting/Interview
22:31
Mobile appGraphical user interfaceOpen setComputer fileSocial classCodeOrder (biology)Parameter (computer programming)Cartesian coordinate systemMereologyCheat <Computerspiel>Core dumpComputer animation
23:08
Coma BerenicesProduct (business)Lecture/ConferenceMeeting/Interview
23:30
Social classCASE <Informatik>MereologyInformationLecture/Conference
23:50
Computing platformWater vaporInformationDatabasePattern languageWindowSequelContext awarenessLecture/ConferenceMeeting/Interview
24:17
Mobile appBinary fileLine (geometry)DatabaseAndroid (robot)CodeProgrammable read-only memoryDatabaseContext awarenessSoftware developerProcess (computing)MereologyPoint (geometry)Cartesian coordinate systemPublic key certificateAndroid (robot)Set (mathematics)Lecture/ConferenceProgram flowchart
24:57
Mathematical analysisInstallable File SystemComputer forensicsComputer-generated imageryCache (computing)FreewareInformationProjective planeSource codeMereologyCuboidComputer animation
25:25
JSONXMLUMLLecture/Conference
Transcript: English(auto-generated)
00:05
So let me ask you first, did you find the stage very easy? Because I was thinking at some point nobody will be here because it's so far away from the stage one. So welcome. I have around 30 minutes and around 55 slides. So I'm going to start really slow.
00:22
So let me ask you some questions here. How many of you attended the Google IO this year? Cool. There was a session on Google IO about the security, which will probably not be going to be published on the website, but probably the slides will be available. It's called Security Update.
00:42
Search on the internet is the most important update every year about the security of the platform. So let's start like this. So I'm Arno Smailat. I'm a Google Developer Expert since this year. I'm the CTO of my company, which is AppsRise. We do hand-crafted mobile apps.
01:01
I trained around 500 developers on Android in the whole world, now running a Romanian community for Android. Now what you are going to discuss today is first, why this crazy topic? I changed this in the morning because I was asked really for a lot of people, what is the motivation to do something like this?
01:20
Makes no sense. How you get in contact with this type of information? And then I'm going to show you a little bit about the Android platform, how the platform works, and then some really hands-on data, how you can extract data from your phone, or at least how the police is doing that. So why this crazy topic? Mainly because we all code Android, hopefully.
01:41
Who is coding Android here? Okay, cool. The whole house. Basically, because we do this and we do this probably, let's ask again, who is coding Android since 2011? Cool. So almost one third of the room,
02:00
which is quite a lot mainly. Now, when we started all on Android, there was only the phones, but I think some of us already understand at that point the vision of Android, to bring Android in a lot of devices. And this doesn't matter if the Android is Android TV or is Android Auto and so on. Now, think about an Android Nexus player cost like $79.
02:24
And the time to bring your application on the Android TV is just like maybe one week, where we can do some user experience changes. Now, and this evolved in like digital signage and wear and so on. Now, Android is existing not only in the phones,
02:41
also wearables, and most important in embedded devices. Now, if you think about embedded devices, then it's another level of security. And because the platform evolved in that direction, I think also our understanding of what is possible when Android is growing. I'm not sure how many of you are interested in the Android internals platform,
03:01
but beside developing apps and using material design to develop cool apps, there is also another part of Android, and that's the platform itself, which you can take it, you can do your custom ROM and deploy a version of Android on a specific device. And doesn't matter if it's a phone, a player, a set of box and so on.
03:20
There are now two TV producer in the market which are producing Android TVs with Android insight direct out of the fabric, and these are Sony and Philips. And why they are doing that? Because usually a cycle of development for TVs, like maybe one year, and they reduce it to a few months
03:41
because they just develop a custom ROM, and basically the Android TV is that. Now, probably you are still not convinced. Now, let me give you just a little bit of taste of what this can means, and what to, a little bit to bring in the security aspects of Android. Now, I had the pleasure to travel a lot last year,
04:02
and I travel like four times in China, and this is one of the, let's say, popular Chinese devices, like 80 million pre-order for this device, only pre-orders, and the sales were about 20, and it is using a custom ROM, Flyme OS, which is, in fact, the Android customized
04:22
with some elements and stripped down from all the Google services stuff. Now, so I bought such a device from China, and I was playing inside of it, and at some point in the system folder where the apps are located, I saw a file which was networked text, and I just became curious
04:42
what should be, what can be in such a file. Now, this is a custom ROM, somebody created this. Of course, a developer. And what the guys are doing there is really easy. They just log every traffic you do on the phone. So basically, they sniff your traffic in the phone, and they log everything.
05:01
And they do this on a low-level platform. Now, we're talking about a device which is sold in 20 million PCs, and you can do an app, just a simple flashlight app, whatever, which is reading this file, because this file is available for all the apps to read. Now, at that point, I informed the Meizu, and only three months after that, they fix it.
05:22
But meanwhile, I went public with this, so I have no idea if somebody used it. But just to get you a little bit of idea when you customize a ROM, and you customize the platform, these are the risks. And I'm really sorry, but it's not here visible, but how many of you are using the x, x, x word when they write debug code?
05:42
Like when you log something and you write the tag, who is using x, x, x? Every time I find three people, so I'm using two. So I can relate with this guy, because he's also like, he left this, unintentionally probably, hopefully. But he did exactly something like this.
06:00
Now, let's take a just a hypothetical case. Let's say he did something like this. He did something wrong. So if we have a choice as police, what we are going to do? So probably we are going to snoop in his phone, snoop in his laptop, and so on.
06:20
And if we are going to snoop in his phone, let's see how we can get some information. Now, this will be the boring part, so this will be no show. I'm just going to show you like four slides about the platform, just introduce you some elements, and then we get the fun part. So first, you already know this. Probably most of you know already this picture,
06:41
more or less. Now, when we talk about the platform, and the Android, we all know this is based on the Linux kernel. And Android did a lot of changes in the Linux kernel to make it like a mobile version. So basically, most of the changes are located in the IPC, in the power management. And there are some other one, of course.
07:02
But basically, I think, and this is my opinion, the IPC, the binder, is the place, is the place which makes the Android working. So without the inter-process communication system, the system, the whole pattern will not work. Everything you do is basically wrapped over the IPC. So it doesn't matter if it's a handler,
07:22
a message, an intent, and so on. All are based over the inter-process communication, because you have the sandbox, and you have to communicate from one process to another. Now, Android is an orbit-oriented OS, and binder was initially not developed by Google, as you probably know. It was developed by BOS, and was a lady,
07:42
was hired by Google, and she brought the project into the Google. Now, like two years ago, Google rewrote completely the binder in something new, which is, again, the same binder at the end. Now, we have, for example, in Android, anonymous shared memory, where you can basically share a file descriptor to a memory.
08:02
So you can, and if you can catch that shared memory, then you can also get some information. Now, these are just some ideas. I'm not going to teach you nothing, more or less, but these are some of the how you can get to some information in the phone. And then maybe another point,
08:21
which all the time I try to discuss about, is the init startup. So there is almost zero information out there from Google, how the platform works, how you can compile the platform, and how the whole platform starts. Now, the init, the initialization of the system is an interesting thing. So if you open your phone,
08:40
you do adb shell, and you go in the root of your phone, you are going to have an init dot, will be the mainboard name, and the RC. And there you find the whole setup of the platform. And it has a name, and it is a language, in fact. It's Android init language. It's a documentation on the internet,
09:00
search after Android init language, and then read me text, because it's a read me text file. It's an initialization system where we can start the system and all services inside. And just to give you just a small idea, so you can, when you boot the device, you just boot a kernel, and after that you have the installed initd,
09:22
and then you get the zygote, which starts all the other Java services, and some other normal services. But basically, if you want to attack a phone, basically you start with this part. So this is the first thing which is starting, and then we have the init process, which starts all the other ones. So I will take them one by one.
09:41
Now, if somebody hypothetically will ask me, how will it be the way you're going to attack a phone from outside, I will say, I will just create a service who is sniffing whatever, he's sniffing the platform, and I'm going to edit really fast in the init RC of the phone. Just edit the file and say something like,
10:00
start service, path name, and then class, class main. That means we'll be started with the whole other services in the same time. So that's it, just create a simple service with sniffing data or whatever he's doing, with the system permissions, copy there, modify the init, then you have it.
10:22
Now, in order to do this, you have to understand the platform, and this is just a start to understand the platform. I'm not going to give you more information than that because I have like 30 minutes and there is no time for that. But just to give you an idea, here is the place where you can modify, and go in your phone, take a look on init dot, I have no idea, dot RC file, just in the root of the phone,
10:40
you're going to see exactly the startup of the platform. Now, so basically, what I told you is already here, you have the init process, which is the first one, which is exactly after the kernel, and you can initialize the network, initialize some folders and so on. Now, you are already bored, yes? I know, so we have to do this
11:01
because otherwise, it will be hard. Now, let's get to the fun part. I got this question in Russia. One developer from Intel, somebody from Intel here? Oh, nobody. Okay, so Pavel is working on the kernel in Russia, in OBS, and he asked me
11:21
if it's possible to create a dialer with one click. Now, technically, there is no application in the App Store which is doing that. You start, you push a button, and you choose two contacts, and we'll call two person in the same time. There is nothing like this. Now, all the time when you are asking Android
11:41
if something is possible, you have to be careful because if you say it's not possible, it will be hard. So my response to him was like, give me until tomorrow, I will look in the platform. Now, the platform, and this is the way I've learned what the platform is doing, and this is the way I've learned all the other stuff I'm going to show. This is just an example how we learned
12:01
what the platform is doing, because there is no documentation about that. There is no such documentation about the platform. We cannot learn how the APIs are created, what are the services, how is the communication there. So now, this get released in a form of, I look in the settings app, because in the call app, you can do this, basically.
12:21
So this is the app here, in call Y, and the call command client is called there. Then, I went a little bit further, and at the end, I saw at some point, okay, this is using ideal. Please use with the ideal concept. So like, four, five people.
12:42
So basically, if you want to expose a service to a third-party application, you have to describe an interface of your service, and to allow other application to use your service. But, the platform itself is doing the same thing. So you can basically access all the service,
13:01
most of the service in the platform, jumping the whole API. And this is available from Android 1.5, until here, and they will probably never going to change this. So basically, you can jump the whole API framework, and access services directly. And this is what I also suggested. Just use the ideal,
13:21
which will automatically generate the stub, which will connect you to a service using the binder. Now, this can get complicated, but this is how you can do also with a telephony service, and also other services. I lost you here? Okay, good. So, let's discuss about our Android forensics.
13:42
So basically, there is a science where, forensics is a science where you try to get untouched information from a device, or from, in our case, from a device, and you have to bring this proof in a court. Now, there are some rules to do that,
14:01
and usually it's because you want to prove something is wrong. Now, let me ask you, what is wrong in this picture? What do you think is wrong? Somebody. That guy, the hair, like, yeah, not really. The problem in the picture is,
14:22
I think Lenin choose to remove one guy, the one which is here, so he didn't like it, and he removed it from all the pictures of that time from on the newspaper. So, that was time part. Not his hair, but really a person was removed. So, now, to understand, this is our motivation.
14:42
You know, like, you have to prove not to think it's something. So you have to prove. And there's a theory that every action leaves a trace, and at least in our Android devices, it is like this. Every action leaves a trace. And you can extract this data. Now, the motivation for doing this is extremely simple.
15:04
I have the opportunity last year to work with two national security agencies and to help them get this data from the phones. And doing that, I learn from them the tools they are using. And the tools they are using are, I would say, quite expensive.
15:20
I have no idea how many of you know celebrate X-rays and so on. You do not know them, because there is no trial available. These tools are extremely expensive, and they are used only by national security agencies. And they basically, it is a hardware, you can connect to a phone, and it's extracting all the data from the phone,
15:41
more or less, with some steps. And there are some tools. NCASE is also extremely popular, at least between this type of agencies. And there are also some German ones, like X-ray and so on. Now, these are tools. Most of them, they are computers in a bag with a lot of cables,
16:01
and you bring them there, and it extract data, and you can use them in trials. Now, the interest of these agencies were how we can get more than that, because we are getting only a few data, of course, because it's software. So I start to develop some ways, and we then together also to understand what they wanted.
16:23
So I'm trying now to show the ninja way, so not really the case hardware, but really how we can do it in the code. So there are some ways to access data on Android. This is first to bypassing the security lock, then to do a physical data extraction
16:42
or software data extraction, and a logical data extraction in the last one. So let's see. So did anyone try this? Who is using a lock on the phone? Now, we can do this after the talk.
17:01
We can do a test here. I can show in five minutes, I can find your pattern. Mine is really easy. I can tell you it's a Z from Zorro. So it is so visible. Now, this is just the basic. Once you get access to the phone, we can do almost everything you want. Of course, one of the most important thing,
17:22
you can remove the gesture, so basically you can get rid of the one you use, or you can replace it with the one you created, and you know what is it. So basically, you can put your Z back in somebody's phone if you want. Then is the physical data extraction. So you can really take the phone
17:42
and take out all the storage and get the information from there, and then use desktop tools to get to that information. Of course, it's a combination of hardware and software, so you have to break the phone, really. But logical data extraction, so because we want to go slowly there,
18:00
and have another 10 minutes. So ATB, SQL icon, the providers, and backup. So let's go slowly on this. So logical data extraction. Basically, one of your best friend is the DD command, where you can do a complete copy of a partition. So somebody knows how many partitions
18:21
are in Samsung phones, for example. Because in a normal Android phone, we have like six partitions or something like that. Now, in Samsung, we have like 19 partitions. They added the new layer with their partition, which is really crazy. So you can get all these partitions,
18:40
you can copy, like do a one-to-one copy, you have it locally, and you can work on them. And you can do this using the DD. Normally, this is available in all Android devices. There are some, like LG, where it's not available. If you don't have it, install the BusyBox, and then you can DD the partition, get it out,
19:00
and search, if you want to search, for example, as text inside of the partition. This is just an article about, it's Romanian, so do not worry. It's about a phone, a really popular phone, was at some point the third most popular phone, and how to get it, but at the end was the same thing. So you get a copy of the platform,
19:22
and then you extract the whole partition. So now, you can also get a lot of data from the phone, like you can do a zip of the application you have there, but this is more if you have like root. Now, you can snoop also in the database in the system, so you can really search after database in the system,
19:42
and you can do a copy of that. Now, you can go also further, like you can query by hand, because you have the SQLite command inside of the ADB, so on your phone, there is a utility which you can use it to explore the data which is there, and of course, you can search after, for example, the SMAs which are coming, and so on,
20:02
because the whole database in Android is not encrypted. Now, let's talk about the logcat. There are a lot of parameters for the logcat, so don't use only the simple logcat. Take a look at the radio, take a look at other parameters which are there, it gives you a lot of information about your phone, and you can get also the kernel messages if you want,
20:22
and of course, the information about the device. Content provider, you already more or less know this because you are developers, so you can get access to a lot of information, like you can bake up all the SMAs just using a content provider, which is, again, easy. Now, let's discuss about two topics which are quite interesting. One is the bake-up.
20:41
Since Android 4.0, we have a bake-up functionality which is more or less okay, but still kind of crazy because you can bake up basically the applications with the information inside. So you can bake up the WhatsApp with the passwords which are there, and if you didn't set up a password yet
21:01
for your phone, because this is hard to find, then you can set up before you do that. So you get a confirmation like this one, I'm really sorry, it's in German, but you can extract a copy of your WhatsApp application with the database inside.
21:22
So a car is outside blocking, but I didn't catch the name. One, one, eight, at the end. So basically, you can do, without the root, without the system permission, you can get all the information from the app. So you can bake up the Facebook,
21:41
you can bake up the WhatsApp and everything which is there, which is kind of crazy at the end. And another way is to just change the bootloader. So you can change the bootloader, and having a change bootloader, it allows you to do a lot of crazy stuff if you use the correct bootloader. So search on list, it's the A,
22:01
and you can do a copy of the partition without any problem. So the phone is blocked, you don't have a pattern, you don't have the password. You flash a custom phone, you get access to the phone, you copy the partition using the DD and so on, and at the end, you use a tool like this one,
22:22
a desktop tool just to analyze the partition. So there are desktop tools to analyze just the raw partitions. But the problem is to get to that information. Now, this is the case where you have just only the phone and the phone is blocked and so on. So how we can soup inside of such application, we can get out, you probably already know this,
22:42
but let me help you a little bit. It's just like an APK tool, parameter D and APK, and then in order to have access to all the resources, then you do a text to jar from the classes you just extracted from the APK, and you obtain a jar file which can use it with the decompiler. My favorite one is jdeg y,
23:01
and you use this just to see the whole code. Now, from my experience, like almost 90, 90% of the application, they are not protected. 1% are obfuscated. So like 00 comma something, they are somehow protected, and there are tools for that, but they are somehow ignored by a lot of people.
23:21
So we can basically use, for example, DexterGuard, which is created by the guy who did the ProGuard product, and it's a Belgian product, costs like $750 euros and can help you to encrypt classes in your APK. So you can choose some of the classes
23:41
which are in APK to encrypt them. And so let's see what solution you have in case you are afraid somebody will get this information from your devices. So basically you can destroy it. So like, not in the water, the water will not help. I mean, like really take a hammer and smash it.
24:02
You can override data on a device, just as you do it in Windows, if you do this in Windows, or just hide the information if you want to hide it. Now, think about the platform is not hiding any information, really. There is no platform support for the database which are there for database in the context
24:22
for SMS and so on. Everything is just in a simple SQLite database. And there are some suggestions here, and this is also a suggestion for you as developers if you want to protect parts of your application. This is what we are doing, this is a process which was at some point approved by the 2.5.T, so the German certification company.
24:45
So we have some application protected like this, and they pass a certain certification from 2.5.T, and we were at that point the only company who had the certified Android application approved by 2.5.T.
25:00
So if you want to know more, I give you here four books. Take a look on them. There are also some, a lot of topics, maybe they are not actual anymore and so on, but take a look on them. They are extremely good information. And at the end, there are some tools here. So take a look, Andriller is a really cool project where you can really get a lot of information
25:21
out of our devices, out of the box, the source code is available. Now, questions.