Android Task Hijacking

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Task, Back Stack and Foreground Activities

Katika Android, task kimsingi ni seti ya shughuli ambazo watumiaji wanashiriki ili kukamilisha kazi maalum, zimepangwa ndani ya back stack. Stack hii inaweka shughuli kulingana na wakati zilifunguliwa, huku shughuli ya hivi karibuni ikionyeshwa juu kama foreground activity. Wakati wowote, shughuli hii pekee ndiyo inaonekana kwenye skrini, na kuifanya kuwa sehemu ya foreground task.

Hapa kuna muhtasari wa harakati za shughuli:

Activity 1 inaanza kama shughuli pekee katika foreground.
Kuanzisha Activity 2 kunasukuma Activity 1 kwenye back stack, na kuleta Activity 2 kwenye foreground.
Kuanzisha Activity 3 kunahamisha Activity 1 na Activity 2 nyuma zaidi kwenye stack, huku Activity 3 ikiwa mbele.
Kufunga Activity 3 kunarudisha Activity 2 kwenye foreground, ikionyesha mfumo wa urambazaji wa kazi wa Android.

Task affinity attack

Overview of Task Affinity and Launch Modes

Katika programu za Android, task affinity inaelezea kazi inayopendelea shughuli, ikilingana kawaida na jina la pakiti ya programu. Mpangilio huu ni muhimu katika kuunda programu ya mfano (PoC) ya kuonyesha shambulio.

Launch Modes

Attribute ya launchMode inaelekeza usimamizi wa mifano ya shughuli ndani ya kazi. Modo ya singleTask ni muhimu kwa shambulio hili, ikielekeza hali tatu kulingana na mifano ya shughuli zilizopo na mechi za task affinity. Uhalifu huu unategemea uwezo wa programu ya mshambuliaji kuiga task affinity ya programu lengwa, ikipotosha mfumo wa Android kuanzisha programu ya mshambuliaji badala ya lengwa iliyokusudiwa.

Detailed Attack Steps

Usakinishaji wa Programu Mbaya: Mwathirika anaweka programu ya mshambuliaji kwenye kifaa chao.
Kuanza Kwanza: Mwathirika kwanza anafungua programu mbaya, akitayarisha kifaa kwa shambulio.
Jaribio la Kuanzisha Programu Lengwa: Mwathirika anajaribu kufungua programu lengwa.
Utekelezaji wa Hijack: Kutokana na mechi ya task affinity, programu mbaya inaanzishwa badala ya programu lengwa.
Udanganyifu: Programu mbaya inaonyesha skrini ya kuingia bandia inayofanana na programu lengwa, ikimdanganya mtumiaji kuingiza taarifa nyeti.

Kwa utekelezaji wa vitendo wa shambulio hili, rejelea hifadhi ya Task Hijacking Strandhogg kwenye GitHub: Task Hijacking Strandhogg.

Prevention Measures

Ili kuzuia mashambulizi kama haya, waendelezaji wanaweza kuweka taskAffinity kuwa string tupu na kuchagua modo ya singleInstance, kuhakikisha kutengwa kwa programu yao kutoka kwa nyingine. Kubadilisha kazi ya onBackPressed() kunatoa ulinzi wa ziada dhidi ya task hijacking.

References

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousAndroid Applications Basics NextADB Commands

Last updated 3 days ago