Late next week, JustBill and I will be presenting at Defcon/303 Skytalks in Las Vegas. The presentation, Jukebox Jacking, is a project I’ve been working on for longer than I want to admit. The short version is that I’ve been messing around with a jukebox in my spare time as a weird side project. It started out as just a mobile hacking project and then turned into RF and hardware hacking. Here’s the link: https://skytalks.info/talks.html#8

The good portion of this talk is that I think it’s funny how deep we went into this thing. The infosec in me feels a bit guilty because a few of the things I did, have no remediation path. There’s nothing they can do besides replacing the entire jukebox. Their original design was based on the thought that “Nobody would ever try this.” Sorry. :/

The talk is on Sunday at 10am. Yes, that DOES suck but I think it’s actually a correct slot for this talk. I’m not pretending that this is brilliant technical material nor is it interesting to everyone out there. Hopefully the take aways are that if you’ve ever wondered how this jukebox works, now you do, if you’ve wanted to get into RF and hardware hacking, these are some tools that could help, and if you want to get started with mobile hacking, this is how to do it.

I’ll be updating this page with the presentation and details of the project later.

UPDATE: changed link to project details.

 

I think it was less than a week after I announced my little Android Manifest auditor tool, Manitree, that Anthony Desnos, the developer of Androguard, sent me a message in the tone of “hey, why didn’t you use Androguard for that?” If nothing else, why didn’t I use Andoguard’s native AXML converter?

Andoguard is this immense Android app analysis project. If you take a look at the first page, you may get overwhelmed pretty quickly. I hope Anthony doesn’t take this the wrong way because it’s an impressive tool when I’ve seen it working, and it’s great for all kinds of things besides malware analysis. For instance it can analyze apks, diff binary apps, visualize the flow of an app between classes — fun stuff. But for my dinky project, most of the work was focused on the AndroidManifest.xml file. But the simplest feature was most impressive to me: a native python Android XML file format converter. As of writing this, I’ve not seen someone publicly do this.

Mandatory technical background: The AndroidManifest.xml file is stored in a format called the Android XML format or AXML. This is an optimized binary format and not a lot of fun to look through. So tools like AXMLPrinter, AXMLPrinter2, aapt, and apktool converted these files back to a standard XML format that it was originally created in. This format was created to link to the resources.arsc file without having to duplicate efforts. For instance instead of calling the name of a string value over and over in a Manifest, the resources.arsc file is linked to it so actually what you’ll see in the binary is the location of the value in this file.

For the reason above, this weekend, a few of us have started to extract Androguard’s AXML into a separate project that aims to be a native python library for parsing AXML files. It’s up on github and is still in progress but the goal is that it can be useful as a standalone python module without having to import all of Androguard. https://github.com/antitree/AxmlParserPY

Here’s a quick example that takes in AndroidManifest.xml in binary format and spits it out in xml: