It seems nosotros somehow managed to allow 2 months skid past times without a unmarried post. Time to larn dorsum on track, in addition to the late unveiled Android maintenance free provides a prissy chance to boundary start things. Official free notes for Android 4.2.2 don't seem to move available at this time, but it made its way into introduced on the official Android Developers Blog, fortunately for us entirely inwards brief. As usual, nosotros similar to dig a petty deeper, so if yous are interested inwards to a greater extent than details most the shiny novel secure debugging feature, read on.
While the USB debugging confirmation dialog helpfully displays a commutation fingerprint to allow yous verify yous are connected to the expected host, the
We've reviewed how secure ADB debugging is implemented in addition to have got shown why it is needed, but exactly to demo that all of this solves a existent problem, we'll complete off amongst a screenshot of what a failed ADB assail against an 4.2.2 device from some other Android device looks like:
Why bother securing debugging?
If yous have got done evolution inwards whatever programming environment, yous know that 'debugging' is unremarkably the exact contrary of 'secure'. Debugging typically involves inspecting (and sometimes fifty-fifty changing) internal plan state, dumping encrypted communication information to log files, universal root access in addition to other scary, but necessary activities. It is difficult plenty without having to bother amongst security, so why farther complicate things past times making developers boundary through safety hoops? As it turns out, Android debugging, every bit provided past times the Android Debug Bridge (ADB), is quite versatile in addition to gives yous almost consummate command over a device when enabled. This is, of course, is real welcome if yous are developing or testing an application (or the OS itself), but tin also move used for other purposes. Before nosotros give an overview of those, hither is a (non-exhaustive) listing of things ADB lets yous do:
By at nowadays yous should move at to the lowest degree concerned most leaving ADB access broad open, so let's come across what are some ways to secure it.
- debug apps running on the device (using JWDP)
- install in addition to take away apps
- copy files to in addition to from the device
- execute trounce commands on the device
- get the arrangement in addition to apps logs
By at nowadays yous should move at to the lowest degree concerned most leaving ADB access broad open, so let's come across what are some ways to secure it.
Securing ADB
Despite some innovative attacks, none of the inwards a higher house is specially new, but it has remained mostly unaddressed, in all probability because debugging is a developer characteristic regular users don't fifty-fifty know about. There have got been some third-party solutions though, so let's briefly review those earlier introducing the i implemented inwards the nitty-gritty OS. Two of the to a greater extent than pop apps that allow yous to command USB debugging are ADB Toggle and AdbdSecure. They automatically disable ADB debugging when the device is locked or unplugged, in addition to enable it in i trial again when yous unlock it or plug inwards the USB cable. This is by in addition to large sufficient protection, but has i major drawback -- starting in addition to stopping the
The showtime stair inwards making ADB access harder to arrive at was taken inwards Android 4.2 which hid the 'Developer options' settings screen, requiring yous to work a secret knock inwards society to enable it. While this is mildly annoying for developers, it makes for certain that most users cannot enable ADB access past times accident. This is, of course, entirely a stop-gap measure, in addition to in i trial yous create do to plough USB debugging on, your device is in i trial once again vulnerable. H5N1 proper solution was introduced inwards the 4.2.2 maintenance free amongst the so called 'secure USB debugging' (it was truly commited almost a twelvemonth ago, but for some argue didn't larn inwards into the master JB release). 'Secure' hither refers to the fact that entirely hosts explicitly authorized past times the user tin at nowadays connect to the
The customer talks to the local ADB server via TCP (typically via
adbd daemon requires root access. If yous desire to railroad train in addition to bear witness apps on a device amongst stock firmware, yous nevertheless have got to disable debugging manually. Root access typically goes hand-in-hand amongst running custom firmware -- yous unremarkably take root access to flash a novel ROM version (or at to the lowest degree it makes it much easier) in addition to some of the apps transportation amongst those ROMs convey wages of root access to give yous extra features non available inwards the stock OS (full backup, tethering, firewalls, etc.). As a final result of this, custom ROMs have got traditionally shipped amongst root access enabled (typically inwards the shape of a SUID su binary in addition to an accompanying 'Superuser' app). Thus, in i trial yous installed your favourite custom ROM yous were automatically 'rooted'. CyanogenMod (which has over a 1000000 users in addition to growing) changed this almost a twelvemonth agone past times disabling root access inwards their ROMs in addition to giving yous the choice to enable it for apps only, for ADB of for both. This is non a bad compromise -- yous tin both run root apps in addition to have got ADB enabled without exposing your device likewise much, in addition to it tin move used inwards combination amongst an app that automates toggling ADB for fifty-fifty to a greater extent than control. Of course, these solutions don't apply to the bulk of Android users -- those running stock OS versions.The showtime stair inwards making ADB access harder to arrive at was taken inwards Android 4.2 which hid the 'Developer options' settings screen, requiring yous to work a secret knock inwards society to enable it. While this is mildly annoying for developers, it makes for certain that most users cannot enable ADB access past times accident. This is, of course, entirely a stop-gap measure, in addition to in i trial yous create do to plough USB debugging on, your device is in i trial once again vulnerable. H5N1 proper solution was introduced inwards the 4.2.2 maintenance free amongst the so called 'secure USB debugging' (it was truly commited almost a twelvemonth ago, but for some argue didn't larn inwards into the master JB release). 'Secure' hither refers to the fact that entirely hosts explicitly authorized past times the user tin at nowadays connect to the
adbd daemon on the device in addition to execute debugging commands. Thus if someone tries to connect a device to some other i via USB inwards society to access ADB, they take to showtime unlock the target device in addition to authorize access from the debug host past times clicking 'OK' inwards the confirmation dialog shown below. You tin brand your conclusion persistent past times checking the 'Always allow from this computer' in addition to debugging volition piece of work exactly every bit before, every bit long every bit yous are on the same machine. One affair to depository fiscal establishment complaint is that on tablets amongst multi-user back upwards the confirmation dialog is entirely shown to the primary (administrator) user, so yous volition take to switch to it inwards society to enable debugging. Naturally this 'secure debugging' is entirely effective if yous have got a reasonably secure lock covert password inwards place, but everyone has on of those, right? That's pretty much all yous take to know inwards society to secure your developer device, but if yous are interested inwards how all of this is implemented nether the hood, driblet dead on to the side past times side sections. We volition showtime a give a real brief overview of the ADB architecture in addition to so demo how it has been extended inwards society to back upwards authenticated debugging.
ADB overview
The Android Debug Bridge serves 2 principal purposes: it keeps rail of all devices (or emulators) connected to a host, in addition to it offers diverse services to its clients (command business clients, IDEs, etc.). It consists of 3 principal components: the ADB server, the ADB daemon (adbd) in addition to the default command business customer (adb). The ADB server runs on the host machine every bit a background procedure in addition to decouples clients from the actual devices or emulators. It monitors device connectivity in addition to sets their dry ground appropriately (CONNECTED, OFFLINE, RECOVERY, etc.). The ADB daemon runs on an Android device (or emulator) in addition to provides the actual services customer use. It connects to the ADB server through USB or TCP/IP, in addition to receives in addition to procedure commands from it. Finally, adb is the command business customer that lets yous transportation commands to a special device. In practise it is implemented inwards the same binary every bit the ADB server in addition to hence shares much of its code.The customer talks to the local ADB server via TCP (typically via
localhost:5037) using text based commands, in addition to receives OK or FAIL responses inwards return. Some commands, similar enumerating devices, port forwarding or daemon restart are handled past times the local daemon, in addition to some (e.g., trounce or log access) naturally require a connector to the target Android device. Device access is by in addition to large accomplished past times forwarding input in addition to output streams to/from the host. The carry layer that implements this uses unproblematic messages amongst a 24 byte header in addition to an optional payload to commutation commands in addition to responses. We volition non become into farther details most those, but volition entirely depository fiscal establishment complaint the newly added authentication commands inwards the side past times side section. For to a greater extent than details refer to the protocol description inwards system/core/adb/protocol.txt in addition to this presentation which features quite a few helpful diagrams in addition to examples.Secure ADB implementation
The ADB host authentication functionality is enabled past times default when thero.adb.secure arrangement belongings is laid to 1, in addition to at that spot is no way to disable it via the arrangement settings interface (which is a proficient thing). The device is initially inwards the OFFLINE dry ground in addition to entirely goes into the ONLINE dry ground in i trial the host has authenticated. As yous may already know, hosts work RSA keys inwards society to authenticate to the ADB daemon on the device. Authentication is typically a 3 stair process:- After a host tries to connect, the device sends in addition to
AUTHmessage of typeTOKENthat includes a xx byte random value (read from/dev/urandom). - The host responds amongst a
SIGNATUREpacket that includes a SHA1withRSA signature of the random token amongst i of its mortal keys. - The device tries to verify the received signature, in addition to if signature verification succeeds, it responds amongst a
CONNECTmessage in addition to goes into theONLINEstate. If verification fails, either because the signature value doesn't tally or because at that spot is no corresponding world commutation to verify with, the device sends some otherAUTH TOKENamongst a novel random value, so that the host tin endeavor authenticating in i trial again (slowing downwardly if the number of failures goes over a for certain threshold).
AUTH RSAPUBLICKEY message. The device takes the MD5 hash of that commutation in addition to displays it inwards the 'Allow USB debugging' confirmation dialog. Since adbd is a native daemon, the commutation needs to move passed to the principal Android OS. This is accomplished past times merely writing the commutation to a local socket (aptly named, 'adbd'). When yous enable ADB debugging from the developer settings screen, a thread that listens to the 'adbd' socket is started. When it receives a message starting amongst "PK" it treats it every bit a world key, parses it, calculates the MD5 hash in addition to displays the confirmation dialog (an activity actually, component of the SystemUI package). If yous tap 'OK', it sends a unproblematic simple "OK" reply in addition to adbd uses the commutation to verify the authentication message (otherwise it exactly stays offline). In instance yous depository fiscal establishment check the 'Always allow from this computer' checkbox, Earth commutation is written to disk in addition to automatically used for signature verification the side past times side fourth dimension yous connect to the same host. The allow/deny debugging functionality, along amongst starting/stopping the adbd daemon, is exposed every bit world methods of the UsbDeviceManager arrangement service. We've described the ADB authentication protocol inwards some detail, but haven't said much most the actual keys used inwards the process. Those are 2048-bit RSA keys in addition to are generated past times the local ADB server. They are typically stored inwards
$HOME/.android every bit adbkey in addition to adbkey.pub. On Windows that unremarkably translates to %USERPOFILE%\.android, but keys mightiness goal upwards inwards C:\Windows\System32\config\systemprofile\.android inwards some cases (see issue 49465). The default commutation directory tin move overridden past times setting the ANDROID_SDK_HOME environs variable. If the ADB_VENDOR_KEYS environs variable is set, the directory it points to is also searched for keys. If no keys are constitute inwards whatever of the inwards a higher house locations, a novel commutation pair is generated in addition to saved. On the device, keys are stored inwards the /data/misc/adb/adb_keys file, in addition to novel authorized keys are appended to the same file every bit yous have got them. Read-only 'vendor keys' are stored inwards the /adb_keys file, but it doesn't seem to be on electrical flow Nexus devices. The mortal commutation is inwards touchstone OpenSSL PEM format, acre Earth i consists of the Base 64 encoded commutation followed past times a `user@host` user identifier, separated past times space. The user identifier doesn't seem to move used at the instant in addition to is entirely meaningful on Unix-based OS'es, on Windows it is ever 'unknown@unknown'. While the USB debugging confirmation dialog helpfully displays a commutation fingerprint to allow yous verify yous are connected to the expected host, the
adb customer doesn't have got a handy command to impress the fingerprint of the host key. You mightiness call upwards that at that spot is petty room for confusion: later on all at that spot is entirely i cable plugged to a unmarried machine, but if yous are running a dyad of VMs, affair tin larn a petty fuzzy. Here's i of way of displaying the host key's fingerprint inwards the same format the confirmation dialog uses (run inwards $HOME/.android or specify the total path to Earth commutation file):awk '{print $1}' < adbkey.pub|openssl base64 -A -d -a \ |openssl md5 -c|awk '{print $2}'|tr '[:lower:]' '[:upper:]' We've reviewed how secure ADB debugging is implemented in addition to have got shown why it is needed, but exactly to demo that all of this solves a existent problem, we'll complete off amongst a screenshot of what a failed ADB assail against an 4.2.2 device from some other Android device looks like:
Summary
Android 4.2.2 in conclusion adds a way to command USB access to the ADB daemon past times requiring debug hosts to be explicitly authorized past times the user in addition to added to a whitelist. This helps foreclose information extraction via USB which requires entirely brief physical access in addition to has been demonstrated to move quite effective. While secure debugging is non a characteristic most users volition ever work directly, along amongst total disk encryption in addition to a proficient covert lock password, it goes a long way towards making developer devices to a greater extent than secure.
Tag :
android security
0 Komentar untuk "Droidcedas : Secure Usb Debugging Inwards Android 4.2.2"