Hiding Behind Android Runtime - ART
Offered By: Black Hat via YouTube
Course Description
Overview
Explore advanced techniques for creating user mode rootkits in Android by leveraging the Android Runtime (ART) in this Black Hat conference talk. Dive deep into ART internals, examining file formats and mechanisms crucial for rootkit development. Learn how to circumvent modern Android security measures like verified boot by shifting focus from kernel mode to user mode. Discover methods for crafting rootkits, including what to modify, where to locate targets, and how to implement changes. Gain insights into persistence techniques and understand the limitations of this approach. Witness a live demonstration of an ART rootkit in action. Ideal for security researchers and Android developers seeking to enhance their understanding of potential vulnerabilities in the Android ecosystem.
Syllabus
Intro
Motivation
Background
Compilation
Quick Backend
Portable backend
Boot image
Layout
ART Image Header
OAT File
CAT Header
OAT Class Header
OAT Quick Method Header
Approach
Advantages
Persistence
Replacing framework code
Replacing app code
Limitations
Conclusion
Taught by
Black Hat
Related Courses
Creative, Serious and Playful Science of Android AppsUniversity of Illinois at Urbana-Champaign via Coursera Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld Systems
Vanderbilt University via Coursera Android. Programación de Aplicaciones
MirÃadax Programming Mobile Applications for Android Handheld Systems: Part 1
University of Maryland, College Park via Coursera Begin Programming: Build Your First Mobile Game
University of Reading via FutureLearn