Android Framework for Exploitation is an open-source project which we have
developed in order to create security research, check for app based and platform
based vulnerabilities, as well as write plugins for it and share with the community.
It could be classified into 5 different parts :
§ Malware Creator (Creation of malware and botnet modules. Also used to inject
malicious codes into legitimate applications)
§ Listener (Python listener to listen to and show incoming data from the
phone/emulator)
§ Exploiter (Used to exploit various vulnerabilities in applications and platform)
§ Stealer (To steal information from the phone including contacts, call logs, text
messages, files from the SD Card and many more)
§ Crypter (To make already detected malware samples, undetectable by the
anti-malwares)
Creating Malwares with AFE
The Malware Creator is responsible for creating the malicious applications, with
whatever functionality you wish for. There is a pre-defined template in it consisting
of already made files required in the application – including AndroidManifest.xml,
MainActivity.java, Services.java, Strings.xml and Main.xml.
Strings.xml file in the pre-defined malware will be modified once we set our local
IP.
Since, we need everything to be carried out in the background, we will be using
Services.java (which is a service instead of an activity) to run all our malicious
codes.
The services.java could be started from the MainActivity in the following way:
startService(new Intent(getApplicationContext(),
myservice.class));
Once you set your reverse IP (same as LHOST), you’ll have the option of Stealer.
There are 3-predefined stealers, and you can add more yourself. The 3 already
existing ones include –
• Call Logs
• Contacts
• Messages
We will be using Content providers to steal all call logs, contacts and messages.
Once we have all the three name value pairs (call logs, contacts and messages), we
will set up a HTTP connection to upload the data, or use the built-in python
listener, which will automatically be started once you finish creating your malware.
以上資料是複製自afe_manual.pdf
首先把壓縮包解壓至BT5 VM中,我是放到桌面上,另外需要安裝android SDK,請自行自google下載,所以我的桌面像這樣
在shell中執行ant,未安裝,所以先安裝ant
apt-get install ant1.8
ant是用來編譯android的專案,方式如下
android update project -p project-path --name xysecv3 --target 1
在專案目錄中執行ant debug
由於android並未在預設路徑中,所以path中要加進去
export PATH=$PATH:~/Desktop/adt-bundle-linux-x86-20130219/sdk/tools
還要設定為可執行
chmod -R 755 ~/Desktop/adt-bundle-linux-x86-20130219
裡面是跟程式回連主機資訊有關,把它都改成你的主機域名,在你的主機上必須有http伺服器,用來處理回連的資訊
另外在主程式中用來處理傳送那些資訊的函數
(1,1,1)分別表示傳送通訊錄、通話紀錄及簡訊內容
修改好了就可以開始編譯了
下一步是上傳至android裝置,並進行安裝及啟動,相關指令如下
adb install xysecv3-debug.apk (安裝)
adb uninstall com.xysecv3 (反安裝)
adb shell am start -n com.xysecv3/.Xysecv3Activity(啟動)
請先在裝置上開啟debug模式,然後用USB連到主機上
adb也要加到PATH
export PATH=$PATH:~/Desktop/adt-bundle-linux-x86-20130219/sdk/platform-tools
沒有留言:
張貼留言