Android System Image Modification

•Télécharger en tant que PPTX, PDF•

0 j'aime•234 vues

A small demonstration of Android System Image and its content. Resources: 1. Gist by tonio-nucci https://gist.github.com/tonio-nucci/8ff2894c42c6320a50dc4b70b32a716a 2. https://github.com/mirsamantajbakhsh/AndroidSystemModification 3. https://mstajbakhsh.ir/android-system-image-modification 4. https://youtu.be/yZgYIaSm2ZE

Technologie

Understanding Android’s
System
• Mir Saman Tajbakhsh
• https://mstajbakhsh.ir

Headlines
 Android’s System Image
 System Modification
 System and Platform Apps
 SELinux and MAC Permissions
 System Rebuild
 OEM and Boot

Android System Image
 All Android systems has a system.img which is the main OS including apps and configs
 The system image is mountable since it is in ext4 file system usually.
 But the image should be converted to raw image before mounting.
 The Android’s Sparge image can be converted to Raw image using this tool:
 https://github.com/anestisb/android-simg2img

System Modification
 First of all, we should mount the raw image.
 sudo mount –t ext4 –o loop system.img.raw MOUNT_POINT
 Then all the system.img is modifiable.
 One interesting folder is system📂which contains all system apps and private apps

System and Platform Apps
 System apps are applications that placed in /system/ folder.
 They can not be removed without root, but can be disabled.
 If you’re root, you can move apps to /system folder, so change your app from third party app to
system app.
 If the application has same signature as the system, therefore you’re platform app and then you
have a lots of abilities.

SELinux and MAC Permissions
 All file and folders have their special SELinux permission.
 The permission should be applied on your apps.
 After applying the SELinux permission, you can renew the system signature by creating new
signature.
 The new signature is placed in MAC.

System Rebuild
 After changing the system, you can rebuild the system
 After that, you can make the system.img for AP.tar

OEM and Boot
 For flashing the system, you should firstly unlock the phone’s boot loader.
 You can search the Internet for this matter.
 After that, you can flash the custom AP.tar with custom vbmeta for ignoring boot signature of the
system.img.

Resources
1. Gist by tonio-nucci
https://gist.github.com/tonio-nucci/8ff2894c42c6320a50dc4b70b32a716a
2. https://github.com/mirsamantajbakhsh/AndroidSystemModification
3. https://youtu.be/yZgYIaSm2ZE
4. https://mstajbakhsh.ir/android-system-image-modification

Contenu connexe

Tendances

Automated Deployment using Open Source

duskglow

Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis

securityxploded

Application Virtualization

securityxploded

Getting root with benign app store apps

Csaba Fitzl

Bar Camp Talk on Ubiquity

guest5014a

System Imager.20051215

guest95b42b

Selenium

Anil Babu

Splunk: Forward me the REST of those shells

Anthony D Hendricks

Advanced Malware Analysis Training Session 5 - Reversing Automation

securityxploded

Selenium Automation at Incapsula

adamcarmi

Primer on password security

securityxploded

Securing jenkins

CloudBees

In this talk we will publish our research we conducted on 28 different AntiVirus products on macOS through 2020. Our focus was to assess the XPC services these products expose and if they presented any security vulnerabilities. We will talk about the typical issues, and demonstrate plenty of vulnerabilities, which typically led to full control of the given product or local privilege escalation on the system. At the end we will give advice to developers how to write secure XPC services.

Exploiting XPC in AntiVirus

Csaba Fitzl

Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis

securityxploded

Anatomy of Exploit Kits

securityxploded

Windows 8 fuzz

Olav Tvedt

Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2

securityxploded

Advanced Malware Analysis Training Session 7 - Malware Memory Forensics

securityxploded

Advanced Malware Analysis Training Session 1 - Detection and Removal of Malwares

securityxploded

The Build System of Commercial RCP Application A Case Study

gustavoeliano

Tendances (20)

Automated Deployment using Open Source

Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis

Application Virtualization

Getting root with benign app store apps

Bar Camp Talk on Ubiquity

System Imager.20051215

Selenium

Splunk: Forward me the REST of those shells

Advanced Malware Analysis Training Session 5 - Reversing Automation

Selenium Automation at Incapsula

Primer on password security

Securing jenkins

Exploiting XPC in AntiVirus

Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis

Anatomy of Exploit Kits

Windows 8 fuzz

Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2

Advanced Malware Analysis Training Session 7 - Malware Memory Forensics

Advanced Malware Analysis Training Session 1 - Detection and Removal of Malwares

The Build System of Commercial RCP Application A Case Study

Similaire à Android System Image Modification

FP 202 - Chapter 5

rohassanie

Operating system

sweetysweety8

Your first dive into systemd!

Etsuji Nakai

MAC OS System Software 7

Loegi Espejo

Algum de vocês já pensou no que se transforma o código que fazemos? E qual a diferença entre C# e VB? Onde colocamos as nossas dll's, como devemos pensar nas versões e o que é isso do strong name? Se estiverem duas dll's de versões diferentes qual utilizar e como se altera sem recompilar a aplicação? E ainda, como não permitir que essa alteração aconteça? E o que acontece com os recursos que o meu código utiliza e quais são as boas práticas para que tudo funcione bem? Esta sessão vai nos responder a todas estas perguntas, numa apresentação sobre sobre Global Assembly Cache (GAC), Intermediate Language (IL) e Garbage Collection (GC), alertando para os detalhes que podem fazer a diferença entre uma aplicação que tem que ser reiniciada todos os dias e uma que fica ligada durante anos.

O porque das minhas aplicações funcionarem... E o que acontece com os recurso...

Comunidade NetPonto

final proposal-yum

Paramkusham Shruthi

Software Management Iltce2007b

guest804df32c5

SACHINDOC

Sachin Gedam

Orangescrum In App Chat Add-on User Manual

Orangescrum

To pass ite chapter 5 exam

Ahmed Abdullah

Automotive embedded systems part1 v1

Keroles karam khalil

In Kubernetes stellen wir Anwendungen als Instanz eines vordefinierten Container-Images bereit, dessen Eigenschaften deklarativ konfiguriert werden. Dies erleichtert die Automatisierung und Reproduzierbarkeit von Deployments, was wiederum das Betriebsrisiko verringert. Was wäre, wenn wir diese Eigenschaften auf die Serverprovisionierung ausweiten und das Betriebssystem selbst wie eine Anwendung in Kubernetes behandeln würden? Was wäre, wenn wir, anstatt Allzweck-Distributionen an unsere Bedürfnisse anzupassen, unseren Ansatz, wie ein “Cloud-Native” Betriebssystem funktionieren soll, von Grund auf überdenken würden? Unter Anwendung der gleichen Erwartungen, die wir an die Handhabung von Kubernetes-Anwendungen haben, präsentieren wir einen alternativen Ansatz für die Bereitstellung, Konfiguration und Lebenszyklusverwaltung des Betriebssystems. Mithilfe einer strikten Trennung von Betriebssystem und Anwendungen zeigen wir, wie ein wartbares, unveränderliches, imagebasiertes Betriebssystem erstellt werden kann. Und indem wir dieses Konzept erweitern, machen wir Provisionierunged problemlos und automatische Updates risikoarm. In diesem Vortrag werden wir auch einige der neuesten Entwicklungen zu Betriebssystemen behandeln und über das etablierte Konzept eines Container-Linux hinausgehen, hin zu einer Zukunft, die auf composable images Images mit systemd-sysext und einem generischen Modell für Image-baiserte Linux-Architekturen basiert.

OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...

NETWAYS

Practical White Hat Hacker Training - Post Exploitation

PRISMA CSI

Description Of A Network Administrator

Gina Alfaro

CSS G11 Module 6 Q1 computer systems servicing for grade 12

ASEJODEREK

Android lifecycle

Kumar

Samsung’s first Tizen-based devices are set to launch in the middle of 2015. This paper presents the research outcome on the security analysis of Tizen OS and it’s underlying security architecture. The paper begins with a quick introduction to Tizen architecture and explains the various components of Tizen OS. This will be followed by Tizen’s security model where application sandboxing and resource access control will be explained. Moving on, an overview of Tizen’s Content Security Framework which acts as an in-built malware detection API will be covered. Various vulnerabilities in Tizen will be discussed including issues like Tizen WebKit2 address spoofing and content injection, Tizen WebKit CSP bypass and issues in Tizen’s memory protection (ASLR and DEP). Applications in Tizen can be written in HTML5/JS/CSS or natively using C/C++. As a bonus, an overview of pentesting Tizen applications will also be presented along with some of the security implications. There will be comparisons made to traditional Android applications and how these security issues differ with Tizen.

Hacking Tizen: The OS of everything - Whitepaper

Ajin Abraham

What is Operating System, Utility program,virus and anti_virus

mudasserakram

Timings of Init : Android Ramdisks for the Practical Hacker

Stacy Devino

Apps rollback patches1

InSync Conference

Similaire à Android System Image Modification (20)

FP 202 - Chapter 5

Operating system

Your first dive into systemd!

MAC OS System Software 7

O porque das minhas aplicações funcionarem... E o que acontece com os recurso...

final proposal-yum

Software Management Iltce2007b

SACHINDOC

Orangescrum In App Chat Add-on User Manual

To pass ite chapter 5 exam

Automotive embedded systems part1 v1

OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...

Practical White Hat Hacker Training - Post Exploitation

Description Of A Network Administrator

CSS G11 Module 6 Q1 computer systems servicing for grade 12

Android lifecycle

Hacking Tizen: The OS of everything - Whitepaper

What is Operating System, Utility program,virus and anti_virus

Timings of Init : Android Ramdisks for the Practical Hacker

Apps rollback patches1

Dernier

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

[BuildWithAI] Introduction to Gemini.pdf

Sandro Moreira

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Zilliz

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

Vector Search -An Introduction in Oracle Database 23ai.pptx

Remote DBA Services

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Orbitshub

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Angeliki Cooney has spent over twenty years at the forefront of the life sciences industry, working out of Wynantskill, NY. She is highly regarded for her dedication to advancing the development and accessibility of innovative treatments for chronic diseases, rare disorders, and cancer. Her professional journey has centered on strategic consulting for biopharmaceutical companies, facilitating digital transformation, enhancing omnichannel engagement, and refining strategic commercial practices. Angeliki's innovative contributions include pioneering several software-as-a-service (SaaS) products for the life sciences sector, earning her three patents. As the Senior Vice President of Life Sciences at Avenga, Angeliki orchestrated the firm's strategic entry into the U.S. market. Avenga, a renowned digital engineering and consulting firm, partners with significant entities in the pharmaceutical and biotechnology fields. Her leadership was instrumental in expanding Avenga's client base and establishing its presence in the competitive U.S. market.

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Angeliki Cooney

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

Architecting Cloud Native Applications

WSO2

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Exploring Multimodal Embeddings with Milvus

Zilliz

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Dernier (20)

Corporate and higher education May webinar.pptx

[BuildWithAI] Introduction to Gemini.pdf

How to Troubleshoot Apps for the Modern Connected Worker

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

FWD Group - Insurer Innovation Award 2024

Vector Search -An Introduction in Oracle Database 23ai.pptx

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

CNIC Information System with Pakdata Cf In Pakistan

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

Architecting Cloud Native Applications

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Exploring Multimodal Embeddings with Milvus

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Android System Image Modification

1. Understanding Android’s System • Mir Saman Tajbakhsh • https://mstajbakhsh.ir

2. Headlines  Android’s System Image  System Modification  System and Platform Apps  SELinux and MAC Permissions  System Rebuild  OEM and Boot

3. Android System Image  All Android systems has a system.img which is the main OS including apps and configs  The system image is mountable since it is in ext4 file system usually.  But the image should be converted to raw image before mounting.  The Android’s Sparge image can be converted to Raw image using this tool:  https://github.com/anestisb/android-simg2img

4. System Modification  First of all, we should mount the raw image.  sudo mount –t ext4 –o loop system.img.raw MOUNT_POINT  Then all the system.img is modifiable.  One interesting folder is system📂which contains all system apps and private apps

5. System and Platform Apps  System apps are applications that placed in /system/ folder.  They can not be removed without root, but can be disabled.  If you’re root, you can move apps to /system folder, so change your app from third party app to system app.  If the application has same signature as the system, therefore you’re platform app and then you have a lots of abilities.

6. SELinux and MAC Permissions  All file and folders have their special SELinux permission.  The permission should be applied on your apps.  After applying the SELinux permission, you can renew the system signature by creating new signature.  The new signature is placed in MAC.

7. System Rebuild  After changing the system, you can rebuild the system  After that, you can make the system.img for AP.tar

8. OEM and Boot  For flashing the system, you should firstly unlock the phone’s boot loader.  You can search the Internet for this matter.  After that, you can flash the custom AP.tar with custom vbmeta for ignoring boot signature of the system.img.

9. Resources 1. Gist by tonio-nucci https://gist.github.com/tonio-nucci/8ff2894c42c6320a50dc4b70b32a716a 2. https://github.com/mirsamantajbakhsh/AndroidSystemModification 3. https://youtu.be/yZgYIaSm2ZE 4. https://mstajbakhsh.ir/android-system-image-modification

Android System Image Modification

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Android System Image Modification

Similaire à Android System Image Modification (20)

Dernier

Dernier (20)

Android System Image Modification