楊中皇老師 一百零六學年度第一學期 (Fall 2017) 「 行動安全研究」參考資料:

  1. 課程大綱

  2. 國立高雄師範大學行事曆

  3. 高雄師範大學開課資料查詢系統

  4. 學校選課學生名單

  5. 11/2 潘佳銘

    Chapter 1  ISETTING UP THE LAB

    11/9 馬毓棣

    Chapter 2 ANDROID ROOTING

    11/16 馬毓棣

    Chapter 3 FUNDAMENTAL BUILDING BLOCKS OF ANDROID APPS

    11/23 潘佳銘

    Chapter 4 OVERVIEW OF ATTACKING ANDROID APPS

    11/30 潘佳銘

    Chapter 5 DATA STORAGE AND ITS SECURITY

    12/7 馬毓棣

    Chapter 6 SERVER-SIDE ATTACKS

    12/14 馬毓棣

    Chapter 7 CLIENT-SIDE ATTACKS – STATIC ANALYSIS TECHNIQUES

    12/21 潘佳銘

    Chapter 8 CLIENT-SIDE ATTACKS – DYNAMIC ANALYSIS TECHNIQUES

  6. 教科書: Hacking Android

  7. 參考書: Android Security Internals

  8. 參考書: Android Hacker's Handbook

  9. 參考書: Learning Pentesting for Android Devices, XDA Developers' Android Hacker's Toolkit Android Forensics

  10. Semi-Offline Attack on the Android Full-Disk Encryption, https://www.youtube.com/watch?v=QpCWS5dM7eY

  11. FBI paid more than $1.3 million to break into San Bernardino iPhone

  12. Full-Disk Encryption

  13. Android設備Cryptographic Primitives

  14. Android Security 2016 Year In Review, https://www.youtube.com/watch?v=QJXsurYoJ10

  15. Android Open Source Project (AOSP), https://source.android.com/source/

  16. 智慧型手機市場銷售 (2016)

  17. 個人電腦市場銷售 (2016)

  18. Android主要版本與使用分佈

  19. Android 7.1 密碼學算法原始碼

  20. 2017年3月Android擊敗Windows,正式成為全球第一大作業系統Android超越Windows成互联网用户最常用操作系统

  21. Google's Nexus devices

  22. Factory Images for Nexus and Pixel Device

  23. Android 8.0.0, Nexus 6P

  24. Android 8.0.0原始碼

  25. Android 安全性公告 — 2017年9月

  26. 2017年3月維基解密(WikiLeaks):美國中央情報局(CIA)的駭客部門,https://wikileaks.org/ciav7p1/

  27. Google's Introduction to Android Security, https://source.android.com/devices/tech/security/

  28. Faux Disk Encryption: Realities of Secure Storage on Mobile Devices。https://www.youtube.com/watch?v=IqdSv-o2UCk

  29. The Android Security Jungle: Pitfalls, Threats & Survival Tips, https://www.youtube.com/watch?v=18tn_mF4XRg

  30. Android N for Developers, https://developer.android.com/preview/api-overview.html

  31. Try Android N Developer Preview for Sony Xperia™ Z3, https://developer.sony.com/develop/smartphones-and-tablets/android-n-developer-preview/

  32. Black Hat USA 2015 - Android Security State Of The Union, https://www.youtube.com/watch?v=aBWh7izacqg

  33. Android Security 2015 Year In Review, http://static.googleusercontent.com/media/source.android.com/zh-TW//security/reports/Google_Android_Security_2015_Report_Final.pdf

  34. Android Security 2015 Year in Review, https://www.youtube.com/watch?v=ydBMH_W31Ls

  35. First Preview of Android N: Developer APIs & Tools, http://android-developers.blogspot.tw/2016/03/first-preview-of-android-n-developer.html

  36. Google Report - Android security 2014 Year in Review, https://source.android.com/devices/tech/security/reports/Google_Android_Security_2014_Report_Final.pdf

  37. Android主要版本與使用分佈

  38. android list avd
    emulator –avd [avdname]
    adb devices
    adb shell pm list packages
    adb shell dumpsys meminfo
    adb logcat
    adb shell monkey nn
    java –jar burpsuite_free_v1.6.jar

  39. https://code.google.com/p/dex2jar/
    ./d2j-dex2jar.sh [apkname].apk
    http://jd.benow.ca/#jd-gui 
    https://code.google.com/p/android-apktool/downloads/list 

  40. apktool d [app-to-decompile].apk
    apktool b app-folder/ [target-app-name].apk
    http://www.virtuous-tenstudio.com/
    adb install appname.apk

  41. https://labs.mwrinfosecurity.com/tools/drozer/
    https://github.com/SecurityCompass
     

  42. Burp Suite/Proxy, http://portswigger.net/burp/download.html 
    Charles Proxy, http://www.charlesproxy.com
    MITMProxy, http://mitmproxy.org

  43. NetworkMiner, http://www.netresec.com/?page=NetworkMiner

  44. BusyBox, https://play.google.com/store/apps/details?id=stericson.busybox

  45. XDA-Developers, http://forum.xda-developers.com

  46. The Sleuth Kit (TSK), http://www.sleuthkit.org/sleuthkit/ 
    Oxygen Suite, http://www.oxygen-forensic.com 
    Internet Evidence Finder (IEF), http://www.magnetforensics.com/software/internet-evidence-finder/

  47. Andriller, https://www.andriller.com 

  48. adb (Android Debug Bridge) How It Works, https://www.youtube.com/watch?v=0y8Xn5NfpLY

  49. adb, http://developer.android.com/tools/help/adb.html

  50. drozer, https://github.com/mwrlabs/drozer , https://www.mwrinfosecurity.com/products/drozer/community-edition/

  51. sqlite3, http://developer.android.com/tools/help/sqlite3.html

  52. SQLite Browser, http://sourceforge.net/projects/sqlitebrowser/

  53. firefox附加元件 SQLite Manager, https://addons.mozilla.org/zh-tw/firefox/addon/sqlite-manager/

  54. SuperSU, https://play.google.com/store/apps/details?id=eu.chainfire.supersu
    SuperUser, https://play.google.com/store/apps/details?id=com.koushikdutta.superuser

  55. Sony boot loader unlock: http://developer.sonymobile.com/unlockbootloader/
    HTC boot loader unlock: http://www.htcdev.com/bootloader/

  56. Smartphone Pentest Framework, https://www.youtube.com/watch?v=dwYEFeRDqio

  57. Android runtime (ART), https://source.android.com/devices/tech/dalvik/ , https://www.youtube.com/watch?v=EBlTzQsUoOw 

  58. AOSP source browsing facility, https://code.google.com/p/android-source-browsing/

  59. Android's Gerrit Code Review, https://android-review.googlesource.com/ 

  60. OWASP Mobile Security Project, https://www.owasp.org/index.php/OWASP_Mobile_Security_Project

  61. 安卓安全中文站,http://www.droidsec.cn

Chapter 1: SETTING UP THE LAB
Chapter 2: ANDROID ROOTING
Chapter 3: FUNDAMENTAL BUILDING BLOCKS OF ANDROID APPS
Chapter 4: OVERVIEW OF ATTACKING ANDROID APPS
Chapter 5: DATA STORAGE AND ITS SECURITY
Chapter 6: SERVER-SIDE ATTACKS
Chapter 7: CLIENT-SIDE ATTACKS – STATIC ANALYSIS TECHNIQUES
Chapter 8: CLIENT-SIDE ATTACKS – DYNAMIC ANALYSIS TECHNIQUES
Chapter 9: ANDROID MALWARE
Chapter 10: ATTACKS ON ANDROID DEVICES