i ExploitMe Mobile Android – Memory Protection & Client-side Password complexity – All things in moderation

ExploitMe Mobile Android – Memory Protection & Client-side Password complexity

Hi all!
In this post, we will finish series Lab Exploit Mobile Android. We will discuss about memory protection and client-side Password complexity.

Memory protection
This particular lab will teach you how to inspect memory dumps as part of an Android app.
Sometimes you’ll find that an mobile application contains a lock, however it remains running in the background. You may want to see what information lies beyond that screen, but if you don’t know the lock you can’t get to it. You also don’t want to reset the device due to the information that may still be in memory, so we’ll learn to dump it.
In this lab, we will use DDMS of the Android Studio.
Look screen emulator.
In Android Studio, we will open DDMS as below:

open ddms in AndroidStudio

Click com.securitycompass.androidlab.base

main ddms

Then, choose “Dump HPROF file”

dump hprof

Android HPROF dumps are not in proper JAVA format due to the Dalvik VM, so we’ll have to convert it. We will using hprof-conv tool in the SDK.

convert hprof
Note: Some of the new version of hprof-conv.exe required output file.
We will using Eclip Memory Analyzer read file .hprof.

Open file .hprof.

hprof open

Click dominator_tree

dominator tree

Select “Group by package”

group by

view package

On the left you’ll see variables in memory at the current time including the session key! you can now takeover the session of the user!

Client-side Password complexity

The default configuration for the password lock screen is to enforce a password that is not blank.
You’ll notice in the insecure default ExploitMe Mobile insecure version (base), the password screen allows any number of characters or letters as the lock screen. Even a password containing only one character is allowed.
In this lab we have an application building and not have any password policy is given. Users can optionally set the local password. Even a character. This is not safe for users and applications.

Leave a Reply