2.1 Android System Architecture
1, App some java application layer usually seen mainly prepared
API provides a framework to access the core functionality of 2, an application framework layer application framework layer for application developers
android.app: providing basic high-level programming model and runtime environment.
android.content: contains data on a variety of devices to access and publish.
android.net: help class network access, more than the usual java.net Interface.
android.os: provide system services, messaging, and IPC mechanisms.
android.provider: Android provides access to the content provider's class.
android.telephony: providing an API to interact with the related calls.
android.view: providing a frame based interface to a user interface.
android.util: instrumental methods involve, for example, date and time of the operation.
3, C, C ++ native libraries and Android runtime environment
What is the runtime? It is a runtime system for operating system use, which is responsible for converting the code you write high-level language (such as Java) to machine code Android CPU / processor can understand the runtime (runtime) library is located in the same layer, ART and Dalvik are regarded as a Android runtime environment, otherwise known as virtual machine Linux kernel layer is the Android native libraries, these libraries to write 4, Linux kernel and driver layer lowest layer of the Linux kernel composed Android's memory management by the c / c ++, process management, network stack, and driver model such as the main security system services rely on Linux
Four Components 2.2
1、Activity
An Activity is usually a single screen (window)
Activity lifecycle
onCreate () to create
onStart () start
onResume () operation
onPause () Standby
onStop () stops
onDestroy () destroyed
2、Service
Services Service is simply deprive interface Activity, Service has been running in the background, do not interact with the user, can be used to deal with time-consuming tasks that can be run in its own process, it can also run in the context of other application process (context) inside, the other components can bind to a service (service) above
Service life cycle,
IBinder onBind (Intent intent) This method is a method Service must be implemented, the parameter is the intention to return to a subject IBinder
void onCreate () when the Service is first created, the system will immediately callback method
void onDestory () Before Service will be closed to the callback method
3、Broadcast Receiver
Broadcast Broadcast broadcast receiver is a mechanism to transfer information between applications for
Broadcast Receiver for a broadcast receiver to filter out broadcast transmission, and in response to receiving
4、Content Provider
Application sharing space, a function for data sharing among different applications
2.3 Five storage
1, SharedPreferences storage
Stored in an XML file format
SharedPreferences storage path: / data / data / package name / shared_prefs /
2, local storage
getDataDirectory () to get the data in Android data directory (sd card data files in a folder)
getDownloadCacheDirectory () get to the download cache directory (download file sd card in a folder)
getExternalStorageDirectory () acquired external storage directory generally refers SDcard (/ storage / sdcard0)
getExternalStorageState () Get the current status of the external set generally refers SDcard
getRootDirectory () Get the path to Android Root
3, SQLite database storage
SQLite is a lightweight relational database that supports SQL language, and using only a few have a very good memory performance SQLiteOpenHelper Android provides a helper class, with this class can be very simple to create the database SQLite database and upgrade storage path: / data / data / package name / database /
4, ContentProvider storage
A program can be achieved by a ContentProvider abstract interface is completely exposed to their own data and ContentProviders is similar to the way the database table data will be exposed, that is to say ContentProvider like a "database" Then the outside world get the data they provide, also it should be basically the same with the operations retrieve data from the database, but is using URI to represent the outside world need to access the "database" most ContentProvider use the Android file system or SQLite database to hold data, but can also be stored in any way
5, network storage
slightly
Six 2.4 layout
1, LineartLayout linear layout
2, FrameLayout frame layout
3, TableLayout table layout
4, RelativeLayout relative layout
5, AbsoluteLayout absolute layout
6, GridLayout grid layout
2.5 arm architecture and x86 architecture
Android emulator as a god and the like, can be simulated operational arm, the phone usually arm, but does not rule exception
2.6 adb common commands
[1] kill adb kill-server service
[2] start-server start the service
[3] adb install aa.apk a quick install apk
[4] adb uninstall + package name of the application to quickly unload an Android application
[5] adb shell enter the mobile phone terminal
[6] adb pull test.txt to pull out a file from the terminal
[7] adb push test.txt / mnt / sdcard to push a file from your computer to your phone
[8] The cat command
Check file contents cat demo.txt | grep aaa
cat / proc / [pid] / maps to view the current process of memory mapping information such as load those so and dex cat / proc / [pid] / status to view the current process status information such as TracerPid TracerPid is 0, not 0 indicates that the process has been ptrac cat / proc / [pid] / net / tcp / tcp6 / udp / udp6 port numbers to view the current application of information
[9] touch / echo command to create a file
adb shell dumpsys activity top view the information activity of the current application.
adb shell dumpsys the current system so the four components running print out
adb jdwp viewing device can be debugged application's process ID
[10] ps Description: Thread View devices process information, the value of the specified process. Usage: ps | grep filtered content ps -t [pid]
[11] am start -D (debug run) -n pkgname / pkgname.activityname start an application
[12] am broadcast -a [Broadcast Operation]
[13] adb forward [(remote side) Protocol: Port Number] [(device side) Protocol: Port Number] port forwarding, when IDA debug
2.7 AndroidManifest.xml resolve
APP general of the main entrance of this file is a file, you can start it by APP, there are some sensitive information stored in it
2.8 Use burp suite catch APP HTTPS packets
Downloading the installation package burp suite, monitoring the local IP
Open your phone's browser to access IP: 8080, download the certificate installed burp suite, open the APP can see the data packet on the burp suite
Note: For some brands of mobile phones, users can not load the certificate import, you need to root the device can,
After the Android 7.0 system trusted certificate, the certificate can not load a user-defined solution, root device, the name of the certificate after base64, put down the certification path to follow
2.9 drozer framework
1. installation
Step One: Download from http://mwr.to/drozer Drozer (Windows Installer)
Step 2: Install agent.apk adb install agent.apk device in Android
2, the simulator using the connection / real machine
nox_adb.exe connect 127.0.0.1:62001
Port forwarding, the port used to Drozer 31415 adb forward tcp: 31415 tcp: 31415
开启Drozer console drozer console connect
3, the test to determine the attack surface
run app.package.attacksurface com.tencent.qqmusic
Attack Surface: 15
activities exported 13
broadcast receivers exported
0 content providers
exported 7 services exported
2.10 Inspeckage automated analysis framework
1, download and install
https://github.com/ac-pm/Inspeckage#information-gathering
2, using port forwarding
adb forward tcp:8008 tcp:8008
127.0.0.1:8008
Settings Disable FLAG_SECURE
Prohibit screenshots switch is turned off SSL SSL authentication uncheck
Logcat real-time view logcat output of the app
Tree View can browse the app's real-time data directory and download files directly to local
Basic information (component information, rights information, sharing of library information) Package Information Application
Shared Preferences LOG: app XML file reads and writes;
Files: Specific XML content written
Serialization recording deserialization
Common Crypto encryption and decryption records (KEY, IV value)
Hash common hash algorithm records
SQLite SQLite database record operation
HTTP HTTP request records network
File System file read and write records
Misc. Invoke Clipboard, URL.Parse () call recording WebView webview content
IPC communication between the recording process
+ Hooks during running user-defined records Hook