FORUMS

Root T-Mobile S6/Edge on 5.1.1 Without Tripping Knox

If you purchase phones from a carrier, you may be no stranger to the difficulties … more

IonVR Coming Soon, HTC M9 Dev Edition Gets Android 5.1 – XDA TV

The HTC M9 Developer Edition has received Android 5.1. That and … more

Android 5.1.1 Omni ROM For Motorola Xoom

Back in Feb 2011, the Motorola Xoom became the first device to be sold with Android 3.0 … more

CleanSlate Brings Fingerprint Scanner Mod to HTC One M9+

Work of XDA Recognized Developer tbalden, CleanSlate custom kernel for the HTC … more

 View Poll Results: What should I add first?

Auto-Run
 
19 Vote(s)
52.78%
Better UI
 
17 Vote(s)
47.22%
Widget
 
0 Vote(s)
0%
Other?
 
0 Vote(s)
0%

[APP][GPL]SecDroid - Android Hardening [BETA] [Hiatus]

n/a posts
Thanks Meter: 0
 
By x942, Guest on 6th January 2013, 11:33 PM
Thread Closed Subscribe to Thread Email Thread
SecDroid V 1.1 Beta
Created by x942
Released under GPLV2


PROJECT IS ON HIATUS

New project over here

Introduction

Quote:

SecDroid hardens the android kernel by disable certain binaries that have internet access or can be used as an attack vector. Some of these are:
SSH
SSHD
Telnet
NC (net cat)
Ping
PM (Package Manager - Can't install apps via CLI/ADB)
ADBD (ADB is disabled until reboot)

And by securing the TCP Stack using Systctl (Until Next boot).

More info

Why disable ADB and PM?

Quote:

ADB and PM are both disabled to help prevent an attacker from being able to install apps via the command line or adb shell. Both of these are potential attack vectors. You can install apps via the playstore and GUI

What license is this released under?

Quote:

All code is released under GPLV2 Unless otherwise noted.


Thanks/Credits

Quote:

Many Thanks to Adam Outler for his Shell class that was used in this project (until V0.3 - See Changelog).
Many thanks to XDA-TV and XDA for their hard work!
And thanks to SANS for their Android Security whitepaper which inspired this project.

Downloads:


Please note this is my first android app. As such bugs may be present and the code may not be pretty. If anyone can help me make it look nicer and more efficient that would be great

Quote:

UPDATE 2013-05-06:
Version 1.1 Beta

* Fixed script to properly handled errors on some devices
* Fixed layout issue
* Added disable bluetooth feature (Disabled bluetoothd )
* Added enable bluetooth feautre ( Reverses above action)

Last edited by x942; 9th June 2013 at 04:45 AM.
The Following 66 Users Say Thank You to x942 For This Useful Post: [ View ]
 
 
10th January 2013, 12:29 AM |#2  
Senior Member
Thanks Meter: 12
 
More
x942 - Thanks for letting me know this is in the works - looks really promising. With things like SSH/SSHD being disabled, will apps (like Connectbot) still work, allowing for SSH/SSHD on a per app basis?
11th January 2013, 01:17 PM |#3  
Junior Member
Thanks Meter: 1
 
More
Does this just disable these things during the current running session?
IE after rebooting it does everything go back to normal?
If not is there a way to enable them again?
11th January 2013, 02:10 PM |#4  
fluxgfx's Avatar
Senior Member
Flag Ottawa
Thanks Meter: 78
 
Donate to Me
More
I have to assume that it's a good thing if the application wasn't able to find any of the noted application to harden.
Attached Thumbnails
Click image for larger version

Name:	2013-01-11 09.08.28.jpg
Views:	5084
Size:	49.6 KB
ID:	1635824  
11th January 2013, 02:29 PM |#5  
Mika83AC's Avatar
Senior Member
Flag Aachen
Thanks Meter: 251
 
More
Quote:
Originally Posted by fluxgfx

I have to assume that it's a good thing if the application wasn't able to find any of the noted application to harden.

I assume it's not a good thing because the applications are missing (which is unlikely) or they are moved to a different location
11th January 2013, 03:09 PM |#6  
hisname's Avatar
Senior Member
Flag Singapore
Thanks Meter: 523
 
More
http://www.xda-developers.com/androi...with-secdroid/

featured on Xda portal!
11th January 2013, 04:05 PM |#7  
Member
Thanks Meter: 2
 
More
So the "hardening" is only applied after running the app and upon next boot everything should be back to normal correct?
11th January 2013, 04:08 PM |#8  
fluxgfx's Avatar
Senior Member
Flag Ottawa
Thanks Meter: 78
 
Donate to Me
More
Quote:
Originally Posted by Mika83AC

I assume it's not a good thing because the applications are missing (which is unlikely) or they are moved to a different location

I agree with you. Although after a manual verification the application in questions aren't located on the device in any folders Internel, External or within any of the root folder.

Cheers,
Last edited by fluxgfx; 11th January 2013 at 04:21 PM.
11th January 2013, 06:11 PM |#9  
WattB006's Avatar
Senior Member
Flag Nebraska
Thanks Meter: 51
 
More
Quote:
Originally Posted by fluxgfx

I agree with you. Although after a manual verification the application in questions aren't located on the device in any folders Internel, External or within any of the root folder.

Cheers,

I also has the same issue when running the app and I confirmed the apps are not located on my device.
11th January 2013, 08:44 PM |#10  
bushako's Avatar
Senior Member
Flag Dubai
Thanks Meter: 295
 
More
Question
First of all thank you so much for the effort to keep our devices safe. Im using Droidwall to block certain programs and would like to install SecDroid but not sure if it would conflict in any way. Could you please confirm?
Thread Closed Subscribe to Thread

Tags
apk, gpl compliant, security, shell
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes