楊中皇老師 一百零六學年度第一學期 (Fall 2017) 「 行動安全研究」參考資料:

  1. 課程大綱

  2. 國立高雄師範大學行事曆

  3. 高雄師範大學開課資料查詢系統

  4. 學校選課學生名單

  5. 教科書: Hacking Android

  6. 參考書: Android Security Internals

  7. 參考書: Android Hacker's Handbook

  8. 參考書: Learning Pentesting for Android Devices, XDA Developers' Android Hacker's Toolkit Android Forensics

  9. 智慧型手機市場銷售 (2016)

  10. 個人電腦市場銷售 (2016)

  11. Android Open Source Project (AOSP)

  12. Android主要版本與使用分佈

  13. Android 7.1 密碼學算法原始碼

  14. 2017年3月Android擊敗Windows,正式成為全球第一大作業系統Android超越Windows成互联网用户最常用操作系统

  15. Google's Nexus devices

  16. Android 8.0.0, Nexus 6P

  17. Android 8.0.0原始碼

  18. Google's Introduction to Android Security, https://source.android.com/devices/tech/security/

  19. Faux Disk Encryption: Realities of Secure Storage on Mobile Devices。https://www.youtube.com/watch?v=IqdSv-o2UCk

  20. The Android Security Jungle: Pitfalls, Threats & Survival Tips, https://www.youtube.com/watch?v=18tn_mF4XRg

  21. Android N for Developers, https://developer.android.com/preview/api-overview.html

  22. Try Android N Developer Preview for Sony Xperia™ Z3, https://developer.sony.com/develop/smartphones-and-tablets/android-n-developer-preview/

  23. Nexus 安全性公告 — 2016年2月

  24. Black Hat USA 2015 - Android Security State Of The Union, https://www.youtube.com/watch?v=aBWh7izacqg

  25. Android Security 2015 Year In Review, http://static.googleusercontent.com/media/source.android.com/zh-TW//security/reports/Google_Android_Security_2015_Report_Final.pdf

  26. Android Security 2015 Year in Review, https://www.youtube.com/watch?v=ydBMH_W31Ls

  27. First Preview of Android N: Developer APIs & Tools, http://android-developers.blogspot.tw/2016/03/first-preview-of-android-n-developer.html

  28. Google Report - Android security 2014 Year in Review, https://source.android.com/devices/tech/security/reports/Google_Android_Security_2014_Report_Final.pdf

  29. Android主要版本與使用分佈

  30. android list avd
    emulator –avd [avdname]
    adb devices
    adb shell pm list packages
    adb shell dumpsys meminfo
    adb logcat
    adb shell monkey nn
    java –jar burpsuite_free_v1.6.jar

  31. https://code.google.com/p/dex2jar/
    ./d2j-dex2jar.sh [apkname].apk
    http://jd.benow.ca/#jd-gui 
    https://code.google.com/p/android-apktool/downloads/list 

  32. apktool d [app-to-decompile].apk
    apktool b app-folder/ [target-app-name].apk
    http://www.virtuous-tenstudio.com/
    adb install appname.apk

  33. https://labs.mwrinfosecurity.com/tools/drozer/
    https://github.com/SecurityCompass
     

  34. Burp Suite/Proxy, http://portswigger.net/burp/download.html 
    Charles Proxy, http://www.charlesproxy.com
    MITMProxy, http://mitmproxy.org

  35. NetworkMiner, http://www.netresec.com/?page=NetworkMiner

  36. BusyBox, https://play.google.com/store/apps/details?id=stericson.busybox

  37. XDA-Developers, http://forum.xda-developers.com

  38. The Sleuth Kit (TSK), http://www.sleuthkit.org/sleuthkit/ 
    Oxygen Suite, http://www.oxygen-forensic.com 
    Internet Evidence Finder (IEF), http://www.magnetforensics.com/software/internet-evidence-finder/

  39. Andriller, https://www.andriller.com 

  40. adb (Android Debug Bridge) How It Works, https://www.youtube.com/watch?v=0y8Xn5NfpLY

  41. adb, http://developer.android.com/tools/help/adb.html

  42. drozer, https://github.com/mwrlabs/drozer , https://www.mwrinfosecurity.com/products/drozer/community-edition/

  43. sqlite3, http://developer.android.com/tools/help/sqlite3.html

  44. SQLite Browser, http://sourceforge.net/projects/sqlitebrowser/

  45. firefox附加元件 SQLite Manager, https://addons.mozilla.org/zh-tw/firefox/addon/sqlite-manager/

  46. SuperSU, https://play.google.com/store/apps/details?id=eu.chainfire.supersu
    SuperUser, https://play.google.com/store/apps/details?id=com.koushikdutta.superuser

  47. Sony boot loader unlock: http://developer.sonymobile.com/unlockbootloader/
    HTC boot loader unlock: http://www.htcdev.com/bootloader/

  48. Smartphone Pentest Framework, https://www.youtube.com/watch?v=dwYEFeRDqio

  49. Android runtime (ART), https://source.android.com/devices/tech/dalvik/ , https://www.youtube.com/watch?v=EBlTzQsUoOw 

  50. AOSP source browsing facility, https://code.google.com/p/android-source-browsing/

  51. Android's Gerrit Code Review, https://android-review.googlesource.com/ 

  52. OWASP Mobile Security Project, https://www.owasp.org/index.php/OWASP_Mobile_Security_Project

  53. 安卓安全中文站,http://www.droidsec.cn

Chapter 1: SETTING UP THE LAB
Chapter 2: ANDROID ROOTING
Chapter 3: FUNDAMENTAL BUILDING BLOCKS OF ANDROID APPS
Chapter 4: OVERVIEW OF ATTACKING ANDROID APPS
Chapter 5: DATA STORAGE AND ITS SECURITY
Chapter 6: SERVER-SIDE ATTACKS
Chapter 7: CLIENT-SIDE ATTACKS – STATIC ANALYSIS TECHNIQUES
Chapter 8: CLIENT-SIDE ATTACKS – DYNAMIC ANALYSIS TECHNIQUES
Chapter 9: ANDROID MALWARE
Chapter 10: ATTACKS ON ANDROID DEVICES