Wednesday, May 30, 2012

How to turn off DNSMASQ in Ubuntu

Disable DNSMASQ
 
If you sudo netstat -tupln, you will notice DNSMASQ running.

Edit the file: /etc/NetworkManager/NetworkManager.conf

sudo gedit /etc/NetworkManager/NetworkManager.conf

Simply comment out:
#dns=dnsmasq

Now restart to make sure it is off.
sudo restart network-manager

Tuesday, May 8, 2012

How to Reverse Engineer Android Malware

Reverse Engineer Android Malware

Tools you may need for decompiling Android malware:

apktool – a tool used for manipulating .apk files
   Download: http://code.google.com/p/android-apktool/
jad – a Java decompiler (Windows only)
   Download: http://www.varaneckas.com/jad
JD-Core + JD-GUI – another Java decompiler, supporting newer Java versions and features
   Download: http://java.decompiler.free.fr
dex2jar – a tool for converting .dex files to .class files
   Download: http://code.google.com/p/dex2jar/downloads/list (dex2jar)
apkinspector - all in one tool
   Download: http://code.google.com/p/apkinspector/

However, this tutorial is fairly easy and simple and I will only be using dex2jar and jd-gui. This tutorial is a standard for all apps. You can use the same tools and methods to help decompile your applications and other applications, especially malware, in order to see and understand what the code is actually doing.

So, say we have our malicious malware such as "file.apk".

A lot of these tools can be used in Windows as well as Linux, however I happen to be using Windows for this tutorial.
For Linux: sh dex2jar.sh file.apk
For Windows: dex2jar.bat file.apk



This will create the file called file_dex2jar.jar. Now we can easily view our app's code with jd-gui.
Simply just click on the jd-gui and open the file_dex2jar.jar.


 Now we can easily read and see the code.

Further Research/Advanced Topics:

  • Code Obfuscation 
  • Decompiling Manifest Files
  • Obtaining the Resources - images, etc.

For Related Articles:

http://blog.burrowsapps.com/2012/02/hacking-facebook-for-android.html

Saturday, May 5, 2012

How to setup Environment Variables in Linux/Windows

Linux:
Open your .bashrc, located in your /home/"user"/ and add this:

export PATH=${PATH}:~/path/to/your/executeable


Windows:
Start > Control Panel > System and Security > System > Click on "Advanced system settings" > Click on "Environment Variables"

Under user variables, click on "new" and then give your new variable a name such as "PATH" and for the Path, input the absolute directory of the file you wish to run.


For example: ";C:\Windows;C:\Windows\System32;C:\Program Files (x86)\Nmap;C:\Program Files (x86)\Python;C:\"



I have Nmap and Python executable from my Windows Command Prompt.


For Related Articles:

http://blog.burrowsapps.com/2011/10/android-adb-bash.html