The Android Malware Handbook by Qian Han & Salvador Mandujano & Sebastian Porst & V.S. Subrahmanian & Sai Deep Tetali & Yanhai Xiong
Author:Qian Han & Salvador Mandujano & Sebastian Porst & V.S. Subrahmanian & Sai Deep Tetali & Yanhai Xiong
Language: eng
Format: epub, pdf
Publisher: No Starch Press
Published: 2024-11-15T00:00:00+00:00
Decrypting the Command-and-Control Communications
As in the previous chapter, one of the most important properties of the malware weâll want to reverse engineer is its encrypted communication with the command-and-control server. Breaking the encryption will allow us to better understand the commands it supports. Rather than using static analysis and code reading to find out how this communication works, weâll use dynamic analysis. Between tcpdump, logcat, and Frida, we have all the tools we need.
After our earlier analysis using tcpdump and Wireshark, we know that the first connection the malware makes is an HTTP POST request to http://simpleyo5.tk/ping. In this request, the malware sends a JSON object with four entries, as shown in Listing 4-6.
{ "hash": "c9KjsZ9C7He6VRmwPMY9YpRrW8H9UFIITKB7umfOUyo=", "id": "9hbTqZU/XYXD8Z1hftmY0N63NltNY2+ihQOnUHrg9T1B/C...", "iv": "M0KcSRwOMvKnbNd4TE719Q==", "type": "request_verify" }
Listing 4-6: The JSON payload posted to the /ping URL
Itâs still unclear what these values are. The one plaintext entry, "type": "request_verify", suggests that the purpose of this connection is to request that the malware client be verified. Weâve shortened the value of id here; originally, it had more than 7,000 bytes. Its length indicates that it might be the messageâs main payload. The value of hash is unknown at this point, as is the value of iv, which has a noteworthy name. Could this be the initialization vector used to encrypt the payload? Later, weâll confirm this to be the case.
Download
The Android Malware Handbook by Qian Han & Salvador Mandujano & Sebastian Porst & V.S. Subrahmanian & Sai Deep Tetali & Yanhai Xiong.pdf
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Cryptography | Encryption |
Hacking | Network Security |
Privacy & Online Safety | Security Certifications |
Viruses |
Future Crimes by Marc Goodman(3009)
Mastering Python for Networking and Security by José Manuel Ortega(2965)
Blockchain Basics by Daniel Drescher(2896)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2522)
Practical Threat Detection Engineering by Megan Roddie & Jason Deyalsingh & Gary J. Katz(2520)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2487)
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(2367)
The Art Of Deception by Kevin Mitnick(2305)
The Code Book by Simon Singh(2220)
Machine Learning Security Principles by John Paul Mueller(2084)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(2069)
Hands-On AWS Penetration Testing with Kali Linux by Benjamin Caudill & Karl Gilbert(1869)
Solidity Programming Essentials by Ritesh Modi(1866)
Wireless Hacking 101 by Karina Astudillo(1852)
DarkMarket by Misha Glenny(1849)
Applied Network Security by Arthur Salmon & Michael McLafferty & Warun Levesque(1841)
Mobile Forensics Cookbook by Igor Mikhaylov(1816)
Serious Cryptography: A Practical Introduction to Modern Encryption by Aumasson Jean-Philippe(1811)
Operationalizing Threat Intelligence by Kyle Wilhoit & Joseph Opacki(1753)