In this post, we will finish series Lab Exploit Mobile Android. We will discuss about memory protection and client-side Password complexity.
This particular lab will teach you how to inspect memory dumps as part of an Android app.
Sometimes you’ll find that an mobile application contains a lock, however it remains running in the background. You may want to see what information lies beyond that screen, but if you don’t know the lock you can’t get to it. You also don’t want to reset the device due to the information that may still be in memory, so we’ll learn to dump it.
In this lab, we will use DDMS of the Android Studio.
Look screen emulator.
In Android Studio, we will open DDMS as below:
Then, choose “Dump HPROF file”
Android HPROF dumps are not in proper JAVA format due to the Dalvik VM, so we’ll have to convert it. We will using hprof-conv tool in the SDK.
Note: Some of the new version of hprof-conv.exe required output file.
We will using Eclip Memory Analyzer read file .hprof.
Open file .hprof.
Select “Group by package”
On the left you’ll see variables in memory at the current time including the session key! you can now takeover the session of the user!
Client-side Password complexity
The default configuration for the password lock screen is to enforce a password that is not blank.
You’ll notice in the insecure default ExploitMe Mobile insecure version (base), the password screen allows any number of characters or letters as the lock screen. Even a password containing only one character is allowed.
In this lab we have an application building and not have any password policy is given. Users can optionally set the local password. Even a character. This is not safe for users and applications.