楊中皇老師 一百零六學年度第一學期 (Fall 2017) 「 行動安全研究」參考資料:

  1. 課程大綱

  2. 國立高雄師範大學行事曆

  3. 高雄師範大學開課資料查詢系統

  4. 學校選課學生名單

  5. 教科書: Hacking Android

  6. 參考書: Android Security Internals

  7. 參考書: Android Hacker's Handbook

  8. 參考書: Learning Pentesting for Android Devices, XDA Developers' Android Hacker's Toolkit Android Forensics

  9. 智慧型手機市場銷售 (2016)

  10. 個人電腦市場銷售 (2016)

  11. Android Open Source Project (AOSP)

  12. Android主要版本與使用分佈

  13. Android 7.1 密碼學算法原始碼

  14. 2017年3月Android擊敗Windows,正式成為全球第一大作業系統Android超越Windows成互联网用户最常用操作系统

  15. Google's Nexus devices

  16. Factory Images for Nexus and Pixel Device

  17. Android 8.0.0, Nexus 6P

  18. Android 8.0.0原始碼

  19. Android 安全性公告 — 2017年9月

  20. 2017年3月維基解密(WikiLeaks):美國中央情報局(CIA)的駭客部門,https://wikileaks.org/ciav7p1/

  21. Google's Introduction to Android Security, https://source.android.com/devices/tech/security/

  22. Faux Disk Encryption: Realities of Secure Storage on Mobile Devices。https://www.youtube.com/watch?v=IqdSv-o2UCk

  23. The Android Security Jungle: Pitfalls, Threats & Survival Tips, https://www.youtube.com/watch?v=18tn_mF4XRg

  24. Android N for Developers, https://developer.android.com/preview/api-overview.html

  25. Try Android N Developer Preview for Sony Xperia™ Z3, https://developer.sony.com/develop/smartphones-and-tablets/android-n-developer-preview/

  26. Black Hat USA 2015 - Android Security State Of The Union, https://www.youtube.com/watch?v=aBWh7izacqg

  27. Android Security 2015 Year In Review, http://static.googleusercontent.com/media/source.android.com/zh-TW//security/reports/Google_Android_Security_2015_Report_Final.pdf

  28. Android Security 2015 Year in Review, https://www.youtube.com/watch?v=ydBMH_W31Ls

  29. First Preview of Android N: Developer APIs & Tools, http://android-developers.blogspot.tw/2016/03/first-preview-of-android-n-developer.html

  30. Google Report - Android security 2014 Year in Review, https://source.android.com/devices/tech/security/reports/Google_Android_Security_2014_Report_Final.pdf

  31. Android主要版本與使用分佈

  32. android list avd
    emulator –avd [avdname]
    adb devices
    adb shell pm list packages
    adb shell dumpsys meminfo
    adb logcat
    adb shell monkey nn
    java –jar burpsuite_free_v1.6.jar

  33. https://code.google.com/p/dex2jar/
    ./d2j-dex2jar.sh [apkname].apk
    http://jd.benow.ca/#jd-gui 
    https://code.google.com/p/android-apktool/downloads/list 

  34. apktool d [app-to-decompile].apk
    apktool b app-folder/ [target-app-name].apk
    http://www.virtuous-tenstudio.com/
    adb install appname.apk

  35. https://labs.mwrinfosecurity.com/tools/drozer/
    https://github.com/SecurityCompass
     

  36. Burp Suite/Proxy, http://portswigger.net/burp/download.html 
    Charles Proxy, http://www.charlesproxy.com
    MITMProxy, http://mitmproxy.org

  37. NetworkMiner, http://www.netresec.com/?page=NetworkMiner

  38. BusyBox, https://play.google.com/store/apps/details?id=stericson.busybox

  39. XDA-Developers, http://forum.xda-developers.com

  40. The Sleuth Kit (TSK), http://www.sleuthkit.org/sleuthkit/ 
    Oxygen Suite, http://www.oxygen-forensic.com 
    Internet Evidence Finder (IEF), http://www.magnetforensics.com/software/internet-evidence-finder/

  41. Andriller, https://www.andriller.com 

  42. adb (Android Debug Bridge) How It Works, https://www.youtube.com/watch?v=0y8Xn5NfpLY

  43. adb, http://developer.android.com/tools/help/adb.html

  44. drozer, https://github.com/mwrlabs/drozer , https://www.mwrinfosecurity.com/products/drozer/community-edition/

  45. sqlite3, http://developer.android.com/tools/help/sqlite3.html

  46. SQLite Browser, http://sourceforge.net/projects/sqlitebrowser/

  47. firefox附加元件 SQLite Manager, https://addons.mozilla.org/zh-tw/firefox/addon/sqlite-manager/

  48. SuperSU, https://play.google.com/store/apps/details?id=eu.chainfire.supersu
    SuperUser, https://play.google.com/store/apps/details?id=com.koushikdutta.superuser

  49. Sony boot loader unlock: http://developer.sonymobile.com/unlockbootloader/
    HTC boot loader unlock: http://www.htcdev.com/bootloader/

  50. Smartphone Pentest Framework, https://www.youtube.com/watch?v=dwYEFeRDqio

  51. Android runtime (ART), https://source.android.com/devices/tech/dalvik/ , https://www.youtube.com/watch?v=EBlTzQsUoOw 

  52. AOSP source browsing facility, https://code.google.com/p/android-source-browsing/

  53. Android's Gerrit Code Review, https://android-review.googlesource.com/ 

  54. OWASP Mobile Security Project, https://www.owasp.org/index.php/OWASP_Mobile_Security_Project

  55. 安卓安全中文站,http://www.droidsec.cn

Chapter 1: SETTING UP THE LAB
Chapter 2: ANDROID ROOTING
Chapter 3: FUNDAMENTAL BUILDING BLOCKS OF ANDROID APPS
Chapter 4: OVERVIEW OF ATTACKING ANDROID APPS
Chapter 5: DATA STORAGE AND ITS SECURITY
Chapter 6: SERVER-SIDE ATTACKS
Chapter 7: CLIENT-SIDE ATTACKS – STATIC ANALYSIS TECHNIQUES
Chapter 8: CLIENT-SIDE ATTACKS – DYNAMIC ANALYSIS TECHNIQUES
Chapter 9: ANDROID MALWARE
Chapter 10: ATTACKS ON ANDROID DEVICES