Thread: Support Learning Programming
View Single Post
Old March 8th, 2012, 06:08 PM   #3 (permalink)
paxchristos
Member
 
Join Date: Aug 2011
Posts: 455
 
Device(s): Verizon Xperia Play, Casio G'zone Commando
Carrier: Not Provided

Thanks: 12
Thanked 113 Times in 73 Posts
nielson.peter@gmail.com
Default

Quote:
Originally Posted by computergeek24 View Post
I am getting into programming( i know it is not an over night learn, but i am willing to spend a lot of time on it). And i really want to get into Android programming and very interested in the software of Android. I want to learn completely how rooting and how to find exploits anyone know of a good tutorial to get me started in this LONG( yes i know long and hard) journey?
Ok, so this really isn't my territory (I focus mainly on kernels and am branching into custom roms, while, on the other hand, exploits deal with a secure kernel/rom and finding holes) so i'll try and give you a few pointers

First off
1) run linux (must be 64bit if you're gonna try to build anything android from source).
I suggest ubuntu 10.04 (it's stable, a lot of tools for android are based (originally) in linux, and at it's base, android is just a highly customized version of linux (that means you need to get used to linux, (IMO))

2) download/build the android sdk
link for downloading sdk: http://developer.android.com/sdk/index.html
link for how-to build sdk from source: http://jindroid.com/2009/06/08/howto-build-sdk-from-android-source-code/

3) get used to the command adb logcat and lots of reading
my best guess (if you're working off the M100 build) is that the easiest exploit will be finding somethign that gets elevated in uuid to 1 (i.e. a system app that needs root priviledge for something)

4)If that doesn't work (purely speculation here) start reading lots and lots and lots of source code. linux (Android) is built in c/c++ then cross compiled to the ARM architecture
helpful links for linux exploits
http://en.wikibooks.org/wiki/Metasploit/WritingLinuxExploit (goes through a sample exploit)
http://cyberarms.wordpress.com/2010/10/14/how-to-find-program-vulnerabilities-and-create-an-exploit/ (talks about another exploit)
http://www.internetnews.com/dev-news/article.php/3831716/Finding+Linux+Bugs+Before+they+Become+Exploits.htm (interesting writeup about exploits
http://www.yolinux.com/TUTORIALS/LinuxSecurityTools.html (As the page says, security/audit/hacker tools for linux (i'm pretty sure the won't work on android tho, because they aren't cross compiled for it, but hopefully it'll give you some ideas)

5) What might be help is figuring out how to build the commando as an emulator on your computer so you can mess with it without screwing it up
(intro: http://developer.android.com/guide/developing/tools/emulator.html
actual use: http://developer.android.com/guide/developing/devices/emulator.html )

Pax
__________________
First Droid: Htc Aria (AT&T) (rooted, s-off, and i forget how many different roms on it)
Current Droid: Xperia Play R800x rooted by zergRush unlocked by Alejandrissimo, now running my own CM9 build (or build your own) and a slightly modded FXP kernel & lovin' it.
Casio Commando -- trying to build a custom kernel/Rom.
paxchristos is offline  
Last edited by paxchristos; March 9th, 2012 at 10:47 AM.
Reply With Quote