Hack Android Application
Now Android is the most popular smart device’s operating system, at the same time the attacks aimed at Android increases very fast. The security problem is more and more important for Android and the researchers pay more attention to Android’s security. This paper analysis the character of Android application file and its load and execute process, then based on the analysis provide two methods to hack Android application: static method and dynamic method. Using this two kinds of method can successful hack Android’s application whatever the application is running or not. At last we discuss how to detect and prevent this kind of attacks. CodeShoppy
Android is an operating system which is based on Linux and is open source, which is mainly used for smart mobile devices, such as smart phones and pads. Google released the source code of Android with the GPL  at November, 2007. Because the character of open source Android is supported by a lot of companies, so it is developping very fast, by now it is the dominative smart phone operating system. According to IDC in 3th quarter of 2012 smart phone operating system market Android’s share is 75% , and in China its share is even higher it is 90% . Android is mainly applied in the field of personal smart moblie devices, and this kind of devices always stored personal information, such as personal account and password; and smart phone can be used for paid service such as call and short message. If operating system is successful attacked the user must to face the situation that personal information is stolen and always to pay for economic expense. By the drive of profits attacks aimed at smart mobile devices developed very fast. The statistics data shows that in 2012 the count of malwares aimed at mobile devices increased 700% compared to 2011, and the 85% target of malware is Android based smart mobile phone  approximately equal to the market share of Android. This partly caused by the open source character and its ecosystem also is open; any developpers can develop and release Android application independently
Android software hierarchy including several layers. Despite hardware layers, from top to down there are: xOperating system layer, including linux kernel and drive. xVariables libraries and Android runtime environment layer, equal to middleware layer. xApplication Framework layer provides APIs for application developers. xApplication layer.AndroidManifest.xml in root directory, used to declare its permissions which is needed by this application. xClasses.dex and user defined native library, which is the application’s execute file. Classes.dex stores Dalvik byte code. xRes directory in root directory, which stores application’s UI settings. xMETE-INF directory in root directory, which is used to store the application releaser’s public key and application digital signature.
Android application is packed by suffix apk, actual it is zip file format. Main part of a legal apk file must have the following parts:AndroidManifest.xml in root directory, used to declare its permissions which is needed by this application. xClasses.dex and user defined native library, which is the application’s execute file. Classes.dex stores Dalvik byte code. xRes directory in root directory, which stores application’s UI settings. xMETE-INF directory in root directory, which is used to store the application releaser’s public key and application digital signature. User defined native library can be written by c/c++, which is called by the application through JNI (Java Native Interface) mode. While the application is installed, this apk file will be moved to device’s directory: data/app and it is keeped totally. After the dex file is processed and optimized by Dalvik it will be the real execute file: classes.odex. Dex file is composed by threes parts: header part, index part and data part. Through header part we can know the index location and number and the start address of data. Though this figure, we can see that dex file header stored the information of start address of various kinds of data, it’s offset and so on. The important fields are: xMagic bytes, which is used to verify whether it’s a dex file. It’s value usally is “ dex/n035/0” xChecksum, which is the adler32’s chechsum of this dex file. This value is used to detect whether this dex file is damaged. xSignature, which is calculated by SHA-1, is used to recognize un-optimized dex file. The field which suffix is “off” point to a structure’s offset. For example, string_ids_size identify there are how many strings and string_ids_off identify the start position of string index. So we can read from the string_ids_off to get all strings’s index, then through index to locate the storage address to get the actual strings value.