Friday 20 June 2014

Network/Mobile Sniffing, Protocol Deobfuscation, Reverse Engineering

BE THERE FRIDAY, June 20th at 8p for what will prove to be a very informative class with Samy Kamkar


FREE and open to the public!


Network/Mobile Sniffing, Protocol Deobfuscation, Reverse Engineering


To go over some of the cross-over, I think what we’ll do for this class is go through a real-world and step-by-step walk-through of an encrypted, obfuscated, undocumented protocol on the Android or iOS stack which was NOT open source (source was NOT in Android), yet binaries included in all Android installations (and similarly iOS). From reasons to investigate these funny packets and how I ultimately found Android (and iPhone, and Windows 8 mobile) were sending massive amounts of encrypted, obfuscated GPS/geolocation data and MAC addresses of all networks around you (correlated to GPS) and storing it all, from every single smartphone.


Even when you turned GPS off.


So we’ll go over:


top-down approach of trying to examine something undocumented

wireless/network sniffing

mobile sniffing

packet injection

man in the middle attacks (SSL and non-SSL)/decrypting SSL connections

fuzzing

unknown protocol investigation


By the end of the class, not only do I hope you will be able to do this process or use any of these methods yourself in other areas, but you will be able to manipulate Google/Apple Maps’ Traffic, meaning you can make Venice Blvd look green for fast or red for slow (for anyone using Google/Apple Maps) to reroute them, and you will be able to find the physical address of anyone by obtaining their router’s MAC address (which you can often get by having them visit a page without authorization — more will be discussed in the class). That wasn’t my intention, but a side effect of learning about one thing opens up some pretty crazy, unexpected possibilities.


By the end you should have a basic understanding of doing this process yourself, have a pretty good toolchain for this type of research, and also be able to use any of these a la carte for useful reasons in the future.






from SpaceBlogs http://ift.tt/Umc1RZ

via IFTTThttp://ift.tt/eA8V8J
Posted by
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)