CS6264 Project 3- Infosec Labs Defenses Solution

• Points 15



• Submitting a file upload



• Available Jun 5 at 9:30am - Jun 18 at 9:29am



"Wow, you really are an Android expert!" Your boss is delighted with your last project, it seems. However, you aren't sure whether or not completing 1 assignment warrants the title of 'expert'.
"Just in time, too, because we have another client with some Android work lined up! They just found this method to root their Android device and they want you to write a report on the entire process."
Maybe you should've tried to persuade your boss that you aren't such an expert after all.
Once again, you go back to you desk and open up the client document
Actions
.
Assignment
The purpose of this assignment is to explore how you can leverage the
OTA mechanism to root an Android device and get an idea of how rooted Android can be used to do bad things. Note that this lab is more focused on exploration rather than implementation, so the more details you can bring up in your report, the more beneficial it will be.
There are 4 tasks that you will need to complete for this lab. They include:
• Building an OTA package (20%), which involves o Writing an update script, and o Building the package
• Injecting code via app_process (20%), which involves o Injecting some dummy code, o Compiling the code, and o Building the package
• Implementing SimpleSU to get root (20% for implementation +
10% for questions), which involves o Exploring code that will replace app_process in order to launch a root shell, and finally
o Launching the root attack o Answering task questions
• Implementing malicious location app (20%), which involves o Implementing check for superuser access o Granting location access permission
• Report (10%)
There are 2 tasks get bonus points, which includes:
• Implementing app removal malicious app (5%)
• Rooting the Android VM with a new approach (5%)
There are 4 files that should be downloaded to get started. This includes: • A Development VMLinks to an external site.
o Mirror VMLinks to an external site.
o Ubuntu 16.04 o Creds: seed/dees o Installation GuideLinks to an external site.
o User manual
Actions
• An Android VMLinks to an external site.
o Mirror VMLinks to an external site.
o Android 7.1 o Installation GuideLinks to an external site. o User manualLinks to an external site.
• The fully fleshed-out code for Task 3Download The fully fleshed-out code for Task 3
• Skeleton code for Task 4Download Skeleton code for Task 4
Supplementary Material: Lab 3_Supplementary_Material.pdf Project FAQ:
Project 3 FAQ.xlsxLinks to an external site.

Deliverables
Your submission should include two files. First, you need to submit a detailed lab report to describe what you have done and what you have observed, including screenshots and code snippets (if needed)for Task 14and Bonus. You also need to provide explanation to the observations that are interesting or surprising. You are encouraged to pursue further investigation, beyond what is required by the lab description. Second, you also need to submit the zip file for your source code for Task 4 and Bonus. The zip file should include the .apk file for your applications andanother zip file containing the source code for the entire Task 4 and Bonus part and a README (if needed).