Description

Book Synopsis
The first comprehensive guide to discovering and preventing attacks on the Android OS As the Android operating system continues to increase its share of the smartphone market, smartphone hacking remains a growing threat.

Table of Contents

Introduction xxv

Chapter 1 Looking at the Ecosystem 1

Understanding Android’s Roots 1

Company History 2

Version History 2

Examining the Device Pool 4

Open Source, Mostly 7

Understanding Android Stakeholders 7

Google 8

Hardware Vendors 10

Carriers 12

Developers 13

Users 14

Grasping Ecosystem Complexities 15

Fragmentation 16

Compatibility 17

Update Issues 18

Security versus Openness 21

Public Disclosures 22

Summary 23

Chapter 2 Android Security Design and Architecture 25

Understanding Android System Architecture 25

Understanding Security Boundaries and Enforcement 27

Android’s Sandbox 27

Android Permissions 30

Looking Closer at the Layers 34

Android Applications 34

The Android Framework 39

The Dalvik Virtual Machine 40

User-Space Native Code 41

The Kernel 49

Complex Security, Complex Exploits 55

Summary 56

Chapter 3 Rooting Your Device 57

Understanding the Partition Layout 58

Determining the Partition Layout 59

Understanding the Boot Process 60

Accessing Download Mode 61

Locked and Unlocked Boot Loaders 62

Stock and Custom Recovery Images 63

Rooting with an Unlocked Boot Loader 65

Rooting with a Locked Boot Loader 68

Gaining Root on a Booted System 69

NAND Locks, Temporary Root, and Permanent Root 70

Persisting a Soft Root 71

History of Known Attacks 73

Kernel: Wunderbar/asroot 73

Recovery: Volez 74

Udev: Exploid 74

Adbd: RageAgainstTheCage 75

Zygote: Zimperlich and Zysploit 75

Ashmem: KillingInTheNameOf and psneuter 76

Vold: GingerBreak 76

PowerVR: levitator 77

Libsysutils: zergRush 78

Kernel: mempodroid 78

File Permission and Symbolic Link–Related Attacks 79

Adb Restore Race Condition 79

Exynos4: exynos-abuse 80

Diag: lit / diaggetroot 81

Summary 81

Chapter 4 Reviewing Application Security 83

Common Issues 83

App Permission Issues 84

Insecure Transmission of Sensitive Data 86

Insecure Data Storage 87

Information Leakage Through Logs 88

Unsecured IPC Endpoints 89

Case Study: Mobile Security App 91

Profiling 91

Static Analysis 93

Dynamic Analysis 109

Attack 117

Case Study: SIP Client 120

Enter Drozer 121

Discovery 121

Snarfing 122

Injection 124

Summary 126

Chapter 5 Understanding Android’s Attack Surface 129

An Attack Terminology Primer 130

Attack Vectors 130

Attack Surfaces 131

Classifying Attack Surfaces 133

Surface Properties 133

Classification Decisions 134

Remote Attack Surfaces 134

Networking Concepts 134

Networking Stacks 139

Exposed Network Services 140

Mobile Technologies 142

Client-side Attack Surface 143

Google Infrastructure 148

Physical Adjacency 154

Wireless Communications 154

Other Technologies 161

Local Attack Surfaces 161

Exploring the File System 162

Finding Other Local Attack Surfaces 163

Physical Attack Surfaces 168

Dismantling Devices 169

USB 169

Other Physical Attack Surfaces 173

Third-Party Modifications 174

Summary 174

Chapter 6 Finding Vulnerabilities with Fuzz Testing 177

Fuzzing Background 177

Identifying a Target 179

Crafting Malformed Inputs 179

Processing Inputs 180

Monitoring Results 181

Fuzzing on Android 181

Fuzzing Broadcast Receivers 183

Identifying a Target 183

Generating Inputs 184

Delivering Inputs 185

Monitoring Testing 185

Fuzzing Chrome for Android 188

Selecting a Technology to Target 188

Generating Inputs 190

Processing Inputs 192

Monitoring Testing 194

Fuzzing the USB Attack Surface 197

USB Fuzzing Challenges 198

Selecting a Target Mode 198

Generating Inputs 199

Processing Inputs 201

Monitoring Testing 202

Summary 204

Chapter 7 Debugging and Analyzing Vulnerabilities 205

Getting All Available Information 205

Choosing a Toolchain 207

Debugging with Crash Dumps 208

System Logs 208

Tombstones 209

Remote Debugging 211

Debugging Dalvik Code 212

Debugging an Example App 213

Showing Framework Source Code 215

Debugging Existing Code 217

Debugging Native Code 221

Debugging with the NDK 222

Debugging with Eclipse 226

Debugging with AOSP 227

Increasing Automation 233

Debugging with Symbols 235

Debugging with a Non-AOSP Device 241

Debugging Mixed Code 243

Alternative Debugging Techniques 243

Debug Statements 243

On-Device Debugging 244

Dynamic Binary Instrumentation 245

Vulnerability Analysis 246

Determining Root Cause 246

Judging Exploitability 260

Summary 261

Chapter 8 Exploiting User Space Software 263

Memory Corruption Basics 263

Stack Buffer Overflows 264

Heap Exploitation 268

A History of Public Exploits 275

GingerBreak 275

zergRush 279

mempodroid 283

Exploiting the Android Browser 284

Understanding the Bug 284

Controlling the Heap 287

Summary 290

Chapter 9 Return Oriented Programming 291

History and Motivation 291

Separate Code and Instruction Cache 292

Basics of ROP on ARM 294

ARM Subroutine Calls 295

Combining Gadgets into a Chain 297

Identifying Potential Gadgets 299

Case Study: Android 4.0.1 Linker 300

Pivoting the Stack Pointer 301

Executing Arbitrary Code from a New Mapping 303

Summary 308

Chapter 10 Hacking and Attacking the Kernel 309

Android’s Linux Kernel 309

Extracting Kernels 310

Extracting from Stock Firmware 311

Extracting from Devices 314

Getting the Kernel from a Boot Image 315

Decompressing the Kernel 316

Running Custom Kernel Code 316

Obtaining Source Code 316

Setting Up a Build Environment 320

Configuring the Kernel 321

Using Custom Kernel Modules 322

Building a Custom Kernel 325

Creating a Boot Image 329

Booting a Custom Kernel 331

Debugging the Kernel 336

Obtaining Kernel Crash Reports 337

Understanding an Oops 338

Live Debugging with KGDB 343

Exploiting the Kernel 348

Typical Android Kernels 348

Extracting Addresses 350

Case Studies 352

Summary 364

Chapter 11 Attacking the Radio Interface Layer 367

Introduction to the RIL 368

RIL Architecture 368

Smartphone Architecture 369

The Android Telephony Stack 370

Telephony Stack Customization 371

The RIL Daemon (rild) 372

The Vendor-RIL API 374

Short Message Service (SMS) 375

Sending and Receiving SMS Messages 376

SMS Message Format 376

Interacting with the Modem 379

Emulating the Modem for Fuzzing 379

Fuzzing SMS on Android 382

Summary 390

Chapter 12 Exploit Mitigations 391

Classifying Mitigations 392

Code Signing 392

Hardening the Heap 394

Protecting Against Integer Overflows 394

Preventing Data Execution 396

Address Space Layout Randomization 398

Protecting the Stack 400

Format String Protections 401

Read-Only Relocations 403

Sandboxing 404

Fortifying Source Code 405

Access Control Mechanisms 407

Protecting the Kernel 408

Pointer and Log Restrictions 409

Protecting the Zero Page 410

Read-Only Memory Regions 410

Other Hardening Measures 411

Summary of Exploit Mitigations 414

Disabling Mitigation Features 415

Changing Your Personality 416

Altering Binaries 416

Tweaking the Kernel 417

Overcoming Exploit Mitigations 418

Overcoming Stack Protections 418

Overcoming ASLR 418

Overcoming Data Execution Protections 419

Overcoming Kernel Protections 419

Looking to the Future 420

Official Projects Underway 420

Community Kernel Hardening Efforts 420

A Bit of Speculation 422

Summary 422

Chapter 13 Hardware Attacks 423

Interfacing with Hardware Devices 424

UART Serial Interfaces 424

I2C, SPI, and One-Wire Interfaces 428

JTAG 431

Finding Debug Interfaces 443

Identifying Components 456

Getting Specifications 456

Difficulty Identifying Components 457

Intercepting, Monitoring, and Injecting Data 459

USB 459

I 2C, SPI, and UART Serial Interfaces 463

Stealing Secrets and Firmware 469

Accessing Firmware Unobtrusively 469

Destructively Accessing the Firmware 471

What Do You Do with a Dump? 474

Pitfalls 479

Custom Interfaces 479

Binary/Proprietary Data 479

Blown Debug Interfaces 480

Chip Passwords 480

Boot Loader Passwords, Hotkeys, and Silent Terminals 480

Customized Boot Sequences 481

Unexposed Address Lines 481

Anti-Reversing Epoxy 482

Image Encryption, Obfuscation, and Anti-Debugging 482

Summary 482

Appendix A Tool Catalog 485

Development Tools 485

Android SDK 485

Android NDK 486

Eclipse 486

ADT Plug-In 486

ADT Bundle 486

Android Studio 487

Firmware Extraction and Flashing Tools 487

Binwalk 487

fastboot 487

Samsung 488

NVIDIA 489

LG 489

HTC 489

Motorola 490

Native Android Tools 491

BusyBox 491

setpropex 491

SQLite 491

strace 492

Hooking and Instrumentation Tools 492

ADBI Framework 492

ldpreloadhook 492

XPosed Framework 492

Cydia Substrate 493

Static Analysis Tools 493

Smali and Baksmali 493

Androguard 493

apktool 494

dex2jar 494

jad 494

JD-GUI 495

JEB 495

Radare 2 495

IDA Pro and Hex-Rays Decompiler 496

Application Testing Tools 496

Drozer (Mercury) Framework 496

iSEC Intent Sniffer and Intent Fuzzer 496

Hardware Hacking Tools 496

Segger J-Link 497

JTAGulator 497

OpenOCD 497

Saleae 497

Bus Pirate 497

GoodFET 497

Total Phase Beagle USB 498

Facedancer 21 498

Total Phase Beagle I2c 498

Chip Quik 498

Hot air gun 498

Xeltek SuperPro 498

IDA 499

Appendix B Open Source Repositories 501

Google 501

AOSP 501

Gerrit Code Review 502

SoC Manufacturers 502

AllWinner 503

Intel 503

Marvell 503

MediaTek 504

Nvidia 504

Texas Instruments 504

Qualcomm 505

Samsung 505

OEMs 506

ASUS 506

HTC 507

LG 507

Motorola 507

Samsung 508

Sony Mobile 508

Upstream Sources 508

Others 509

Custom Firmware 509

Linaro 510

Replicant 510

Code Indexes 510

Individuals 510

Appendix C References 511

Index 523

Android Hackers Handbook

    Product form

    £37.05

    Includes FREE delivery

    RRP £39.00 – you save £1.95 (5%)

    Order before 4pm today for delivery by Sat 4 Jul 2026.

    A Paperback / softback by Joshua J. Drake, Zach Lanier, Collin Mulliner

    1 in stock

      Trusted by thousands of customers. See 2,385+ Customer Reviews

      View other formats and editions of Android Hackers Handbook by Joshua J. Drake

      Publisher: John Wiley & Sons Inc
      Publication Date: 18/04/2014
      ISBN13: 9781118608647, 978-1118608647
      ISBN10: 111860864X

      Description

      Book Synopsis
      The first comprehensive guide to discovering and preventing attacks on the Android OS As the Android operating system continues to increase its share of the smartphone market, smartphone hacking remains a growing threat.

      Table of Contents

      Introduction xxv

      Chapter 1 Looking at the Ecosystem 1

      Understanding Android’s Roots 1

      Company History 2

      Version History 2

      Examining the Device Pool 4

      Open Source, Mostly 7

      Understanding Android Stakeholders 7

      Google 8

      Hardware Vendors 10

      Carriers 12

      Developers 13

      Users 14

      Grasping Ecosystem Complexities 15

      Fragmentation 16

      Compatibility 17

      Update Issues 18

      Security versus Openness 21

      Public Disclosures 22

      Summary 23

      Chapter 2 Android Security Design and Architecture 25

      Understanding Android System Architecture 25

      Understanding Security Boundaries and Enforcement 27

      Android’s Sandbox 27

      Android Permissions 30

      Looking Closer at the Layers 34

      Android Applications 34

      The Android Framework 39

      The Dalvik Virtual Machine 40

      User-Space Native Code 41

      The Kernel 49

      Complex Security, Complex Exploits 55

      Summary 56

      Chapter 3 Rooting Your Device 57

      Understanding the Partition Layout 58

      Determining the Partition Layout 59

      Understanding the Boot Process 60

      Accessing Download Mode 61

      Locked and Unlocked Boot Loaders 62

      Stock and Custom Recovery Images 63

      Rooting with an Unlocked Boot Loader 65

      Rooting with a Locked Boot Loader 68

      Gaining Root on a Booted System 69

      NAND Locks, Temporary Root, and Permanent Root 70

      Persisting a Soft Root 71

      History of Known Attacks 73

      Kernel: Wunderbar/asroot 73

      Recovery: Volez 74

      Udev: Exploid 74

      Adbd: RageAgainstTheCage 75

      Zygote: Zimperlich and Zysploit 75

      Ashmem: KillingInTheNameOf and psneuter 76

      Vold: GingerBreak 76

      PowerVR: levitator 77

      Libsysutils: zergRush 78

      Kernel: mempodroid 78

      File Permission and Symbolic Link–Related Attacks 79

      Adb Restore Race Condition 79

      Exynos4: exynos-abuse 80

      Diag: lit / diaggetroot 81

      Summary 81

      Chapter 4 Reviewing Application Security 83

      Common Issues 83

      App Permission Issues 84

      Insecure Transmission of Sensitive Data 86

      Insecure Data Storage 87

      Information Leakage Through Logs 88

      Unsecured IPC Endpoints 89

      Case Study: Mobile Security App 91

      Profiling 91

      Static Analysis 93

      Dynamic Analysis 109

      Attack 117

      Case Study: SIP Client 120

      Enter Drozer 121

      Discovery 121

      Snarfing 122

      Injection 124

      Summary 126

      Chapter 5 Understanding Android’s Attack Surface 129

      An Attack Terminology Primer 130

      Attack Vectors 130

      Attack Surfaces 131

      Classifying Attack Surfaces 133

      Surface Properties 133

      Classification Decisions 134

      Remote Attack Surfaces 134

      Networking Concepts 134

      Networking Stacks 139

      Exposed Network Services 140

      Mobile Technologies 142

      Client-side Attack Surface 143

      Google Infrastructure 148

      Physical Adjacency 154

      Wireless Communications 154

      Other Technologies 161

      Local Attack Surfaces 161

      Exploring the File System 162

      Finding Other Local Attack Surfaces 163

      Physical Attack Surfaces 168

      Dismantling Devices 169

      USB 169

      Other Physical Attack Surfaces 173

      Third-Party Modifications 174

      Summary 174

      Chapter 6 Finding Vulnerabilities with Fuzz Testing 177

      Fuzzing Background 177

      Identifying a Target 179

      Crafting Malformed Inputs 179

      Processing Inputs 180

      Monitoring Results 181

      Fuzzing on Android 181

      Fuzzing Broadcast Receivers 183

      Identifying a Target 183

      Generating Inputs 184

      Delivering Inputs 185

      Monitoring Testing 185

      Fuzzing Chrome for Android 188

      Selecting a Technology to Target 188

      Generating Inputs 190

      Processing Inputs 192

      Monitoring Testing 194

      Fuzzing the USB Attack Surface 197

      USB Fuzzing Challenges 198

      Selecting a Target Mode 198

      Generating Inputs 199

      Processing Inputs 201

      Monitoring Testing 202

      Summary 204

      Chapter 7 Debugging and Analyzing Vulnerabilities 205

      Getting All Available Information 205

      Choosing a Toolchain 207

      Debugging with Crash Dumps 208

      System Logs 208

      Tombstones 209

      Remote Debugging 211

      Debugging Dalvik Code 212

      Debugging an Example App 213

      Showing Framework Source Code 215

      Debugging Existing Code 217

      Debugging Native Code 221

      Debugging with the NDK 222

      Debugging with Eclipse 226

      Debugging with AOSP 227

      Increasing Automation 233

      Debugging with Symbols 235

      Debugging with a Non-AOSP Device 241

      Debugging Mixed Code 243

      Alternative Debugging Techniques 243

      Debug Statements 243

      On-Device Debugging 244

      Dynamic Binary Instrumentation 245

      Vulnerability Analysis 246

      Determining Root Cause 246

      Judging Exploitability 260

      Summary 261

      Chapter 8 Exploiting User Space Software 263

      Memory Corruption Basics 263

      Stack Buffer Overflows 264

      Heap Exploitation 268

      A History of Public Exploits 275

      GingerBreak 275

      zergRush 279

      mempodroid 283

      Exploiting the Android Browser 284

      Understanding the Bug 284

      Controlling the Heap 287

      Summary 290

      Chapter 9 Return Oriented Programming 291

      History and Motivation 291

      Separate Code and Instruction Cache 292

      Basics of ROP on ARM 294

      ARM Subroutine Calls 295

      Combining Gadgets into a Chain 297

      Identifying Potential Gadgets 299

      Case Study: Android 4.0.1 Linker 300

      Pivoting the Stack Pointer 301

      Executing Arbitrary Code from a New Mapping 303

      Summary 308

      Chapter 10 Hacking and Attacking the Kernel 309

      Android’s Linux Kernel 309

      Extracting Kernels 310

      Extracting from Stock Firmware 311

      Extracting from Devices 314

      Getting the Kernel from a Boot Image 315

      Decompressing the Kernel 316

      Running Custom Kernel Code 316

      Obtaining Source Code 316

      Setting Up a Build Environment 320

      Configuring the Kernel 321

      Using Custom Kernel Modules 322

      Building a Custom Kernel 325

      Creating a Boot Image 329

      Booting a Custom Kernel 331

      Debugging the Kernel 336

      Obtaining Kernel Crash Reports 337

      Understanding an Oops 338

      Live Debugging with KGDB 343

      Exploiting the Kernel 348

      Typical Android Kernels 348

      Extracting Addresses 350

      Case Studies 352

      Summary 364

      Chapter 11 Attacking the Radio Interface Layer 367

      Introduction to the RIL 368

      RIL Architecture 368

      Smartphone Architecture 369

      The Android Telephony Stack 370

      Telephony Stack Customization 371

      The RIL Daemon (rild) 372

      The Vendor-RIL API 374

      Short Message Service (SMS) 375

      Sending and Receiving SMS Messages 376

      SMS Message Format 376

      Interacting with the Modem 379

      Emulating the Modem for Fuzzing 379

      Fuzzing SMS on Android 382

      Summary 390

      Chapter 12 Exploit Mitigations 391

      Classifying Mitigations 392

      Code Signing 392

      Hardening the Heap 394

      Protecting Against Integer Overflows 394

      Preventing Data Execution 396

      Address Space Layout Randomization 398

      Protecting the Stack 400

      Format String Protections 401

      Read-Only Relocations 403

      Sandboxing 404

      Fortifying Source Code 405

      Access Control Mechanisms 407

      Protecting the Kernel 408

      Pointer and Log Restrictions 409

      Protecting the Zero Page 410

      Read-Only Memory Regions 410

      Other Hardening Measures 411

      Summary of Exploit Mitigations 414

      Disabling Mitigation Features 415

      Changing Your Personality 416

      Altering Binaries 416

      Tweaking the Kernel 417

      Overcoming Exploit Mitigations 418

      Overcoming Stack Protections 418

      Overcoming ASLR 418

      Overcoming Data Execution Protections 419

      Overcoming Kernel Protections 419

      Looking to the Future 420

      Official Projects Underway 420

      Community Kernel Hardening Efforts 420

      A Bit of Speculation 422

      Summary 422

      Chapter 13 Hardware Attacks 423

      Interfacing with Hardware Devices 424

      UART Serial Interfaces 424

      I2C, SPI, and One-Wire Interfaces 428

      JTAG 431

      Finding Debug Interfaces 443

      Identifying Components 456

      Getting Specifications 456

      Difficulty Identifying Components 457

      Intercepting, Monitoring, and Injecting Data 459

      USB 459

      I 2C, SPI, and UART Serial Interfaces 463

      Stealing Secrets and Firmware 469

      Accessing Firmware Unobtrusively 469

      Destructively Accessing the Firmware 471

      What Do You Do with a Dump? 474

      Pitfalls 479

      Custom Interfaces 479

      Binary/Proprietary Data 479

      Blown Debug Interfaces 480

      Chip Passwords 480

      Boot Loader Passwords, Hotkeys, and Silent Terminals 480

      Customized Boot Sequences 481

      Unexposed Address Lines 481

      Anti-Reversing Epoxy 482

      Image Encryption, Obfuscation, and Anti-Debugging 482

      Summary 482

      Appendix A Tool Catalog 485

      Development Tools 485

      Android SDK 485

      Android NDK 486

      Eclipse 486

      ADT Plug-In 486

      ADT Bundle 486

      Android Studio 487

      Firmware Extraction and Flashing Tools 487

      Binwalk 487

      fastboot 487

      Samsung 488

      NVIDIA 489

      LG 489

      HTC 489

      Motorola 490

      Native Android Tools 491

      BusyBox 491

      setpropex 491

      SQLite 491

      strace 492

      Hooking and Instrumentation Tools 492

      ADBI Framework 492

      ldpreloadhook 492

      XPosed Framework 492

      Cydia Substrate 493

      Static Analysis Tools 493

      Smali and Baksmali 493

      Androguard 493

      apktool 494

      dex2jar 494

      jad 494

      JD-GUI 495

      JEB 495

      Radare 2 495

      IDA Pro and Hex-Rays Decompiler 496

      Application Testing Tools 496

      Drozer (Mercury) Framework 496

      iSEC Intent Sniffer and Intent Fuzzer 496

      Hardware Hacking Tools 496

      Segger J-Link 497

      JTAGulator 497

      OpenOCD 497

      Saleae 497

      Bus Pirate 497

      GoodFET 497

      Total Phase Beagle USB 498

      Facedancer 21 498

      Total Phase Beagle I2c 498

      Chip Quik 498

      Hot air gun 498

      Xeltek SuperPro 498

      IDA 499

      Appendix B Open Source Repositories 501

      Google 501

      AOSP 501

      Gerrit Code Review 502

      SoC Manufacturers 502

      AllWinner 503

      Intel 503

      Marvell 503

      MediaTek 504

      Nvidia 504

      Texas Instruments 504

      Qualcomm 505

      Samsung 505

      OEMs 506

      ASUS 506

      HTC 507

      LG 507

      Motorola 507

      Samsung 508

      Sony Mobile 508

      Upstream Sources 508

      Others 509

      Custom Firmware 509

      Linaro 510

      Replicant 510

      Code Indexes 510

      Individuals 510

      Appendix C References 511

      Index 523

      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account