I am getting into programming( i know it is not an over night learn, but i am willing to spend a lot of time on it). And i really want to get into Android programming and very interested in the software of Android. I want to learn completely how rooting and how to find exploits anyone know of a good tutorial to get me started in this LONG( yes i know long and hard) journey?
Ok, so this really isn't my territory (I focus mainly on kernels and am branching into custom roms, while, on the other hand, exploits deal with a secure kernel/rom and finding holes) so i'll try and give you a few pointers
First off
1) run linux (must be 64bit if you're gonna try to build anything android from source).
I suggest ubuntu 10.04 (it's stable, a lot of tools for android are based (originally) in linux, and at it's base, android is just a highly customized version of linux (that means you
need to get used to linux, (IMO))
2) download/build the android sdk
link for downloading sdk: http://developer.android.com/sdk/index.html
link for how-to build sdk from source: http://jindroid.com/2009/06/08/howto-build-sdk-from-android-source-code/
3) get used to the command adb logcat and lots of reading
my best guess (if you're working off the M100 build) is that the easiest exploit will be finding somethign that gets elevated in uuid to 1 (i.e. a system app that needs root priviledge for something)
4)If that doesn't work (purely speculation here) start reading lots and lots and lots of source code. linux (Android) is built in c/c++ then cross compiled to the ARM architecture
helpful links for linux exploits
http://en.wikibooks.org/wiki/Metasploit/WritingLinuxExploit (goes through a sample exploit)
http://cyberarms.wordpress.com/2010/10/14/how-to-find-program-vulnerabilities-and-create-an-exploit/ (talks about another exploit)
http://www.internetnews.com/dev-new...ng+Linux+Bugs+Before+they+Become+Exploits.htm (interesting writeup about exploits
http://www.yolinux.com/TUTORIALS/LinuxSecurityTools.html (As the page says, security/audit/hacker tools for linux (i'm pretty sure the won't work on android tho, because they aren't cross compiled for it, but hopefully it'll give you some ideas)
5) What might be help is figuring out how to build the commando as an emulator on your computer so you can mess with it without screwing it up
(intro:
http://developer.android.com/guide/developing/tools/emulator.html
actual use:
http://developer.android.com/guide/developing/devices/emulator.html )
Pax