I Passed eMAPT Certification

Two days ago, I had completed my journey in eMAPT (eLearnSecurity Mobile Application Penetration Tester) certification. The certificate ID is eMAPT-117 which can be verified here. This is my second certification process and I am glad that I pass this.

So what’s the fun in eMAPT?

As eLS said, eMAPT certification is really practical. It uses no multiple-choice style of exam. In the certification process, I was tasked to create a program to exploiting the vulnerabilities in certain application. Worry not. In the MASPT (Mobile Application Security and Penetration Testing) course, the course provided for eMAPT certification, we can learn many things from the basic and fundamental concept. I can say that eLS had done a good job elaborate the course materials with lots of labs experience.

Oh, the course itself has two sections. One for Android and another one for iOS.

That’s for it. I won’t spoil the fun more than it is.

The post I Passed eMAPT Certification appeared first on Xathrya.ID.

Remote BitTorrent Client with ODROID + Ubuntu + Transmission + ngrok

It’s been a while after my latest post about “building something”.

Lately I want to download some files from vulnhub site. Since some months ago I accidentally delete my collection (which are not touched often), I have to redownload most of them (16 pages). Manual download is not an option as I rarely stay at home with rather stable home connection. It is also not possible for me to use torrent when I am doing onsite pentesting. Therefore I decide to build a dedicated box for torrent activity.

The next section is about the requirements I need and the solution I have. If, for whatever reason, you want to know the steps of building then you can skip the next section.

Requirements

What I want is a small box with sufficient resource, supplied by stable connection. It would sits in my room, connected to internet and can be remotely controlled wherever I am. PC is overkill for this task, besides I don’t have working PC right now. The alternative is single board computer. From many options I have (Raspberry Pi, Beagleboard, ODROID, etc) I pick ODROID. It might be subjective but my ODROID XU4 has 2 slots of USB3, which some SBCs don’t have.

Storing downloaded files on a single SD card is not wise. I use one of my external HDD as storage, connected via USB3, should be fast enough.

There exists some implementation of bittorent client for linux. But I use Transmission. It works fine.

When I said “the box should be able to remotely controlled wherever I am”, I didn’t mean to give it a dedicated IP address. It’s obviously mandatory for us to keep our box behind the firewall. So for this goal, I need a rendezvous point, a tunnel, a middleman which will redirect all traffic between my box and me. It’s not port forwarding on router. I don’t have access to that. To solve this, I can use socat or ssh tunnel for creating two open end tunnel. However, I need simple and reliable solution so I use service for that. Either ngrok, PageKite, and Forward are suitable but I choose ngrok.

Setup

0. Minimal Setup

I use ODROID XU4 as BSC. You can read the user manual here.

The operating system I choose is Ubuntu minimal, which can be downloaded here. I only need linux as base system and no need fancy GUI so ubuntu minimal is perfectly fine.

Consult the user manual to burn the image to uSD card. Though some aspect is different you can use this article as guide.

1. Component Installation

Don’t forget to update the package list and confirm that we have working connection

apt-get update

Install transmission.

apt-get install transmission-cli transmission-common transmission-daemon

Like other service, transmission is composed of a daemon (transmission-daemon) that manage all bittorrent activities and clients. The transmission-cli is a client program, use CLI.

Check whether the service is working fine.

service transmission-daemon start
service transmission-daemon stop
service transmission-daemon reload

Don’t forget to enable it.

systemctl enable transmission-daemon

Next we need to install ntfs-3g package to mount NTFS partition. We also need unzip to unzip files and screen to create a background job elegantly.

apt-get install ntfs-3g unzip screen

2. Disk Configuration

In this article, I mount my disk on /mnt/disk0. I also create a directory on /mnt/disk0/transmission with following subdirectories for torrent operation.

mkdir /mnt/disk0
ntfs-3g /dev/sda1 /mnt/disk0
mkdir /mnt/disk0/transmission
cd /mnt/disk0/transmission
mkdir completed incomplete torrents

3. Configuration Script

Transmission daemon need a configuration script in /etc/transmission-daemon/settings.json to run properly. If the service is restarted or stopped then started, a new configuration file is created (overwriting the old one) so if we have customed the script then we need to reload the script. However accident might happen, thus we move the original file to safe location and link it.

mv /etc/transmission-daemon/settings.json /opt/transmission-settings.json
ln -s /opt/transmission-settings.json /etc/transmission-daemon/settings.json

Next we configure it. There are some settings I change so you should adjust it to your case (trunked)

"download-dir": "/mnt/disk0/transmission/completed",
...
"incomplete-dir": "/mnt/disk0/transmission/incomplete",
"incomplete-dir-enabled": true,
...
"rpc-authentication-required": true,
"rpc-bind-address": "0.0.0.0",
"rpc-enabled": true,
"rpc-password": "P@ssw0rd",
"rpc-port": 9091,
"rpc-username": "ursa",
"rpc-whitelist": "127.0.0.1,*.*.*.*",
"rpc-whitelist-enabled": true,
...
"umask": 2,
...
"watch-dir": "/mnt/disk0/transmission/",
"watch-dir-enabled": true

To enable remote connection, we need RPC. It will listen on port 9091, ready for taking command. I don’t want the box is left without authentication so we need to supply one. On my In this example I need to supply “ursa” as username and “P@ssw0rd” as the password.

4. Setting up Rendezvous Point

To use ngrok service we are obligated to have valid identity there. Sign up here to begin. You need to get an API key which will be used by ngrok.

Download the “agent” into our box. As the ODROID is an ARM board, we need the ARM version of ngrok. Extract and authenticate.

wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-arm.zip
unzip ngrok-stable-linux-arm.zip
mv ngrok /usr/local/bin/ngrok
ngrok authtoken <your auth token here>

Ngrok need tio remain running for functioning tunnel.In some case it is not possible therefore we need to run ngrok on detachable session. Screen is used for that.

screen

There we are on a screen session. Run the ngrok, create a tunnel for tcp port of 9091.

ngrok tcp 9091

Read the endpoint described there. It should be a domain of ngrok with some port.

To exit, first CTRL+A and then press D. We are out of screen session but the ngrok is still running on that session.

Testing

Download Transmission Remote GUI. Click on Torrent – Connect to Transmission – New connection. Fill the URL offered by ngrok earlier and don’t forget to enable authentication.

The post Remote BitTorrent Client with ODROID + Ubuntu + Transmission + ngrok appeared first on Xathrya.ID.

Komunitas Reverse Engineering – Reversing.ID

Hai,

Aku Satria Ady Pradana. Seorang reverse engineer dan konsultan yang biasa disebut sebagai xathrya.

Beberapa bulan yang lalu, tepatnya bulan Februari, kami mendirikan sebuah komunitas kecil bernama Reversing.ID. Reversing.ID adalah sebuah komunitas berbasis kesamaan minat yang berfokus pada pembahasan segala hal berkaitan dengan Reverse Engineering. Dengan kata lain, ini adalah wadah bagi peminat RE untuk berkreasi dan berdiskusi serta membongkar segala macam hal yang menarik.

Tujuan kami sederhana, memasyarakatkan Reverse Engineering dan mengumpulkan orang untuk dapat saling berbagi dan bertukar pikiran tentang Reverse Engineering.

Reverse Engineering kadang dianggap sebagai sesuatu hal yang tabu, ilmu hitam, dan dekat dengan dunia underground. Hal ini tidak sepenuhnya benar. Reverse Engineer dapat digunakan oleh seorang programmer untuk mempelajari program jadul dan melakukan porting ke platform yang baru. Reverse Engineer juga dapat digunakan untuk mempelajari alur program untuk menemukan bug terutama security. Pada akhirnya, semua ilmu bergantung kepada sang pengguna.

Apa yang kami lakukan?

  • Berbagi challenge dan pembahasannya
  • Berbagi materi dan bahan bacaan
  • Diskusi tentang suatu materi
  • Kulgram (kuliah telegram) yang membahas topik tertentu.

Bergabung bersama kami di

The post Komunitas Reverse Engineering – Reversing.ID appeared first on Xathrya.ID.

Reversing.ID Seminar and Workshop – Reverse Engineering

Last week I was invited to give a talk about reverse engineering basic. Frankly, this is the most excited talk for me. It is not very common theme for a seminar in university level so I think we need more. I had two days for my presentation. The first day is a seminar and the second day is the workshop.

The first day I talk about basic and common things and reverse engineering. To be honest, Reverse Engineering is a broad term so we had to focus our attention to software reverse engineering or reverse code engineering. I emphasize on three things in any Reverse Engineering process: Comprehension, Decomposition, and Reconstruction, as you can see in the slide. Though, I am not an expert in this field.

In the workshop we also had many hands on. It is difficult to teach assembly language in such time (2 hours) so I decided to bring CIL in. The “assembly” in .NET language is relatively easy for newcomers and the participant might have not hurt their head too much.

As always, you are free to read and spread it.

The slides for seminar can be obtained from here.

 

The slide for workshop is available here.

The post Reversing.ID Seminar and Workshop – Reverse Engineering appeared first on Xathrya.ID.

DracOs Seminar and Workshop – Memory Forensic

So there was a seminar and workshop, a week ago. Not a big one, limited to at least 30 people. DracOs is invited to give a workshop, and I was one of the speaker. The presentation I brought is about memory forensics. This is an introduction and we were discussing certain basic of memory forensic there. I got two slots, the seminar in the morning and the workshop in the afternoon.

For workshop we were talking about Volatility framework for analysis and some tools for dumping memory in Windows. We also had handson material. We were not analyzing some random sample of memory dump, but we were analyzing a memory dump of host which infected by malware.

As always, you are free to read and spread it.

For the Seminar, you can grab it here.

 

For the workshop, you can grab it here.

The post DracOs Seminar and Workshop – Memory Forensic appeared first on Xathrya.ID.

Seminar and Talk – Another Side of Hacking

Some days ago I was invited to give a talk about security. The presentation I brought is just an insight about security. How do we start learn and what to learn. What I want to give is a fundamental concept of hacking / penetration testing, not an instant hacking.

As always, you are free to read and spread it.

The post Seminar and Talk – Another Side of Hacking appeared first on Xathrya.ID.

DracOs Workshop – Web Security Workshop Jumpstart!

It was quite old. On March I deliver a workshop about web security in Depok, Indonesia. The main theme is of course about web security. The presentation slides is avalable on my slideshare. Mostly we were talking about web security with OWASP as our references. The slides is always free and you may spread it as you like. If you have a question you can direct your question to me.

Best regards,

Satria Ady Pradana.

The post DracOs Workshop – Web Security Workshop Jumpstart! appeared first on Xathrya.ID.

Linking in Windows NTFS (Hard Link, Junction, Symbolic Link)

There is a misconception in some community that Windows doesn’t support hard link and symbolic link as in Unix world. Most of us think that Windows OS only support link (with .lnk extension) and I’ve seen that there are also several articles point out that symbolic linking in Unix world is closely resemble to Windows .lnk file.

Though the concept is not very similar, we can say that Windows has three type of linking: hard link, junction, and symbolic link. Before we go through them, let’s give the concept of hard link and symbolic link (soft link).

Links in Unix

In Unix world, symbolic link (also termed as soft link) is a special kind of file that points to another file. Well, hard link too is a special kind of file that points to another file. The difference between two is symbolic link does not contain the data in the target file. It simply points to another entry somewhere in the file system. The difference gives symbolic link certain qualities that hard links does not offer, such as the ability to link to directories, or to files on remote computers network through NFS. When we delete a target file, symbolic links to the file become unusable. Whereas the hard links preserve the contents of the file. So we can say that hard link is essentially a label or another name assigned to a file. Operation executed upon any of these “different names” will be operated upon the original file. When the original file is deleted, the hard link will still persist. You can think it as a reference count.

In Unix, these commands create symbolic link and hard link respectively.

# Symbolic Link
ln -s target link

# Hard Link
ln target link

Concept of Links in Windows

Now let’s go to the Windows world. The definition of hard link and symbolic link is nearly similar.

A hard link is the file system representation of a file by which more than one path references a single file in the same volume.MSDN states that any changes to the file are instantly visible to applications that access it through the hard links that reference it. Changes in the original file will be reflected in every hard link made to that file. Thus, if there are multiple hard link point to a READ-ONLY file and we want to delete a particular hard link, then after delete it we need to reset the READONLY attribute to any of remaining hard link (or original file).

A symbolic link is a file-system object that points to another file system object. The object being pointed to is called the target. They are transparent to users; the links appear as normal file or directories and can be acted upon by the user or application in exactly the same manner.

Then, what is junction?

Junction (Microsoft refer it as soft link) is similar to hard link. Indeed it is a hard link. It differs from a hard link in that the storage object it references are separate directories and a junction can link directories located on different local volumes on the same computer. Otherwise it is identical to hard link.

The Command (Utility)

Hard Link

mklink /H link target

Symbolic Link

# File Symbolic Link
mklink link target

# Directory Symbolic Link
mklink /D link target

Junction

mklink /J link target

Create Link Programmatically

Hard Link: CreateHardLink

Symbolic Link: CreateSymbolicLink

Misc

So what’s the different of these links with .lnk file?

Well we need to see the representation. Links are file system object while the .lnk file is a file. The .lnk file is a file describe the redirection and any extra operation need to perform when it is executed. The links are only redirection to the file.

To feed our brain, NTFS has many advanced options that is unknown to us as end-user.

The post Linking in Windows NTFS (Hard Link, Junction, Symbolic Link) appeared first on Xathrya.ID.

List of Lightweight Android Emulator

Android is a popular operating system for handheld and now dominating the market share. Though the there are already exists various cheap devices running android, many of us want want to run android not on top of android device, but our PC. I myself has two reasons for this: first, to play some games without open my device, and second is to test my application.

Fortunately, there are plenty of them available, from free to paid one. This article is not an exhaust list of android emulator, but serve as a purpose as a documentation of emulator I had known and taste (some of them).

The Basic Concept

Any of the software / application we list here is an emulator. So what is emulator?

First we need to take into account that android is different platform to our PC. Android is an operating system for mobile device such as mobile phone, tablet, smart TV, etc. Android device has many different hardware variation as each manufacture can ship any hardware they like but android ensure that the platform is viewed as one uniform. Android abstract the complicated and give it as a single platform. As a platform, android has different component those are different to PC (typically a Windows PC). For example the interface and the application format, they are different. So to make android application running on top our Windows PC, there should be something that can bridge this two platform, and that would be an emulator.

Simply, an emulator is a hardware or software that enables one platform (called host) to behave like another platform (called guest). These android emulator can run the application simply by providing environment that looks like the real device.

Android, in Android SDK, has ship an official emulator for testing. But this emulator is proven to be slow and need much time for startup. So there are many people starts to create some lightweight android emulators that can boot android faster and consume less resource, compared to official one.

You can also see other article about Inside the Android Emulator.

The List

  1. Nox App Player
  2. BlueStacks
  3. GenyMotion
  4. Andyroid
  5. YouWave
  6. Jar of Beans
  7. Manymo
  8. Xamarin Android Player

Nox App Player

Site: http://en.bignox.com/

Definitely my favorite. It is one of the best options available to emulate android on PC. It also supports wide range of Android Gaming controls. And the best part of this, Nox App Player support most of the top android games. This full-fledged android emulator will need us to set some things, such as google accounts.

BlueStacks

Site: http://www.bluestacks.com/

A big player in this emulation world. BlueStacks is mature enough and support almost all of android games and apps that play store is offering. Some sites make it as the first option to emulate android.

 

GenyMotion

Site: https://www.genymotion.com/

What’s interesting for me is their GenyMotion on demand, aside of their android emulator on our local PC. It is an Android AMs on Amazon EC2 infrastructure. While the local emulator is proven fast, it also offer graphic acceleration and use x86 as its base, which is not different to our PC.

Andyroid

Site: http://www.andyroid.net/

YouWave

Site: https://youwave.com/

Jar of Beans

Site: http://forum.xda-developers.com/showthread.php?t=1975675

From XDA forum, home of android hackers. It is an android jelly beans emulator and allows us to do easy installation and configuration. It supports multi user in the form of profile and enables us to customize our own settings. We can also create Virtual SD card. However, this project is officially discontinued so use it wisely.

Manymo

Site: https://www.manymo.com/

They said Manymo is a better emulator. Unlike other emulator, Manymo is an in-browser emulator and support multiple android versions. It means, you need no installation, you only launch the emulator you need. Their target audience is developer, which wants to eliminates the tedious task by providing a facility to test apps on different android version without having thoses devices. They say it’s lightweight as the actual computation is held on their end but you need stable internet connection to use it.

Xamarin Android Player

Site: https://www.xamarin.com/

Xamarin specialize itself in mobile application development. They create SDK which makes us able to deliver an application in native Android, iOS, and Windows platform. One of their suite is their emulator.

 

Other

There are other alternative way to run android on PC.

The post List of Lightweight Android Emulator appeared first on Xathrya.ID.

Using Stand Alone Android NDK Compiler

Android is an operating system for various mobile device, such as mobile phone, tablet, smart TV, etc. The power of android comes from the use of a process virtual machine, dubbed as Dalvik Virtual Machine (DalvikVM) and later Android Run Time (ART), to abstract complicated and varying modules. You write in Java, compile it, and android environment will run it regardless of whatever hardware it has. It guarantees portability but for us. But if you want to write in native code, android provide us with NDK (Native Development Kit).

The product of NDK is a native code, which will be invoked by Android application (written in java) by JNI means.

There are three ways to use Android NDK as far as I know. This article will discuss all of them. But before it, we need to know some background information to let you know what happen behind the scene.

Obtaining NDK

NDK is free for download. You can download it from this official link.There are four platform available (Windows 32-bit, Windows 64-bit, Mac OS X, Linux 64-bit). Choose the one suitable for your platform. These packages are archived using zip. You can extract them with your favorite extractor / zip program and place it to any directory. Make sure they are invokable or can be called from command line. You can achieve this by setting the environment variable or PATH in your respective platform.

If the directory is mentioned, we will refer it as $NDK.

Target Platform

Android has came to various platform. ARM/ARM64, x86/x86-64, MIPS/MIPS64. Your mobile device platform is your target so you need to know and make sure what platform you face. In most case, ARM is sufficient as it is currently dominating the mobile system’s market. But again, make sure you know the platform. You can achieve it by reading the datasheet or information provided by the manufacturer.

Android NDK use GCC infrastructure. So for the platform you chose it will have the triplet which indicating the platform. You can verify it here.

ArchitectureToolchain NameToolchain Prefix
ARMarm-linux-androideabi-VERSIONarm-linux-androideabi-
ARM64 (AARCH64)aarch64-linux-androideabi-VERSIONaarch64-linux-androideabi-
MIPSmipsel-linux-androideabi-VERSIONmipsel-linux-android-
MIPS64mips64el-linux-androideabi-VERSIONmips64el-linux-android-
x86x86-linux-androideabi-VERSIONi686-linux-android-
x86_64x86_64-linux-androideabi-VERSIONx86_64-linux-android-

The toolchain is located at $NDK/toolchains

Sysroot and Target API

Sysroot is a directory containing the system headers and libraries for target. To define sysroot we must know the Android API level we want to target. The Android API levels reside under $NDK/platforms/. Fortunately, unlike SDK, android has shipped all the supported API level so downloading the current NDK is recommended.

Building

Way 1: Use Makefile

In GNU world we know Makefile. Makefile is a small script that is used by “make” command to automatically configure and build the application. It can be thought as a configuration script. It is declarative so we need only declare some parts, such as include directory, sources file, and output then we invoke the makefile to automatically build it without needed to compile each file by yourself.

In android, we have Android.mk and Application.mk for this purpose. The Android.mk file is useful for defining and overriding project-wide settings. It must resides in our project’s $PROJECT/jni/ directory, and describes sources and libraries we use. The Application.mk is placed under directory of $NDK/apps/ directory.

For example we have these files

LOCAL_PATH := $(call my-dir)

include $(CLEAR_VARS)

LOCAL_MODULE    := foo
LOCAL_SRC_FILES := foo.c

include $(BUILD_EXECUTABLE)

APP_ABI: armeabi armeabi-v7a

Then we can invoke the build process as this.

ndk-build

The NDK will give output such as this when build is in process.

[armeabi] Compile thumb  : foo <= foo.c
[armeabi] Executable     : foo
[armeabi] Install        : foo => libs/armeabi/foo
[armeabi-v7a] Compile thumb  : foo <= foo.c
[armeabi-v7a] Executable     : foo
[armeabi-v7a] Install        : foo => libs/armeabi-v7a/foo

Way 2: Use compiler Directly

Know the platform we face and it’s API level. To use this way, we need to define the sysroot. The specific invokation will depend on your OS, but generally we need to define a SYSROOT variable which point to our sysroot and then invoking the compiler.

Use this code for example.

int main()
{
   return 0;
}

Windows

Set these once before compiling.

SET SYSROOT=%NDK%\platforms\android-22\arch-arm
SET TPATH=%NDK%\toolchains\arm-linux-androideabi-4.9\prebuilt\windows-x86_64\bin
SET CC=%TPATH%\arm-linux-androideabi-gcc.exe --sysroot=%SYSROOT%

and use this for compiling

%CC% -o code.o code.c

Linux

Set these once before compiling.

export SYSROOT=$NDK/platforms/android-22/arch-arm
export TPATH=$NDK/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin
export CC=$TPATH/arm-linux-androideabi-gcc --sysroot=$SYSROOT

and use this for compiling

$CC -o code.o code.c

Mac OS X

Set these once before compiling.

export SYSROOT=$NDK/platforms/android-22/arch-arm
export TPATH=$NDK/toolchains/arm-linux-androideabi-4.9/prebuilt/darwin-x86_64/bin
export CC=$TPATH/arm-linux-androideabi-gcc --sysroot=$SYSROOT

and use this for compiling

$CC -o code.o code.c

Way 3: Use Customized Toolchain

NDK provides a wrapper. This is useful if we want to invoke command without necessary using ndk-build. The make-standalone-toolchain.sh script is provided to perform a customiezed toolchain installation from command line. The script is located in $NDK/build/tools/ and unfortunately no windows’ .bat version available.

To use it, we can invoke this command:

$NDK/build/tools/make-standalone-toolchain.sh --arch=arm --platform=android-22 --install-dir=/tmp/my-android-toolchain

The wrapper is created in /tmp/my-android/toolchain/ which contain copy of android-22/arch-arm sysroot and the toolchain binaries for 32-bit ARM architecture. This wrapper doesn’t depend on host so we can place it in any location or even move it to any location.

To invoke the wrapper

export PATH=/tmp/my-android-toolchain/bin:$PATH
export CC=arm-linux-androideabi-gcc
export CXX=arm-linux-androideabi-g++

and use it as usual.

The post Using Stand Alone Android NDK Compiler appeared first on Xathrya.ID.