April 13, 2015 at 11:40Introducing Santoku Linux
For more than a year I was carried away by the topic of information security of mobile devices. In particular, a special emphasis was placed on Android. Actively studying this OS, as well as programming on it. This OS is the most common among mobile devices. Accordingly, the malware that will be written under this platform should logically be several times larger than the others. And that means - there is a choice of different and tasty malvari for study.
Last year, I reversed 2 mallvares and wrote 2 articles about it for the wonderful Pentestit company : “Analysis of the sms bot for Android. Part I " and " Analysis of sms-bot for Android. Part II ". Since then, a lot of interesting things happened in the world of information security of mobile devices. One of these interesting events is the emergence of a specialized distribution for the study and pentesting of mobile devices and applications Santoku Linux.
The appearance of this distribution is not an accident. The growing share of mobile devices in the life of every person is pushing attackers to attempt to gain unauthorized access to personal data. Accordingly, specialists should be prepared to repel various attacks on private data. It would be a little difficult to do if you had to search and install, configure various kinds of software for information security mobprils. Therefore, Santoku appeared on time, albeit without much ado. A kind of Backtrack-Kali Linux for pentesting mobprils.
Now let's move on to a brief description of the OS itself. Santoku is based on the Lubunt u distribution (Ubuntu with the LXDE window manager). It works only on 64-bit systems. Developed by NowSecure. The current version is 0.5. Santoku is such a knife for cutting. Literally, Santoku is translated from Japanese as "three virtues" or "three good." And this is no accident. Santoku gives you the opportunity to work with mobile devices in 3 directions:
1. Mobile forensics. Means for obtaining and analyzing data.
2. Mobile malware (malware). Tools for researching malware, viruses, trojans, etc.
3. Mobile application security. Tools for identifying application vulnerabilities and enhancing security.
Santoku installs easily and without special options, like regular Ubuntu. Therefore, we will not consider the installation. We proceed immediately to the consideration of the goodies waiting for us inside. Santoku carries standard software, such as games, browsers, office applications, etc. In a word, it is a standard Linux distribution kit. We will not dwell on them either.
So, we turn to the most interesting, namely, to software related to mobile applications and their security.
Open the menu and find the Santoku section. There are such subsections:
- Development tools.
- Device forensics.
- Penetration testing.
- Reverse engineering.
- Wireless analyzers.
The subsections Penetration testing and Wireless analyzers we will not consider. They are associated with tools for analyzing network traffic and penetration testing (they are Baktrak-Kali Linux). And we still have 3 subsections, which are our “three utilities”, “three goodies”.
In this section, in addition to the development tools Eclipse and Android SDK (which were many articles), we note only a few interesting ones:
1. Heimdall. This is a cross-platform set of open source tools used to install firmware (aka ROM) on Samsung Galaxy devices. Perhaps the only tool (besides working with pens in the Linux console with scripts) that can, by format, repartition, a new bootloader (in other words, transfer system markups to other memory areas, bypassing the dead ones, and firmware of another system bootloader) help restore the dead device.
2. SBF Flash. Another SBF file firmware for Motorola devices.
1. AF Logical OSE. An application (a small framework) for removing all data from a device and saving it to an SD card.
2. Android Brute Force Encryption. Android FDE (Full Disk Encryption) decryption utility.
3. ExifTool. A very powerful program for removing various meta-information from files received from a mobile device. For example, the place and time of photographing photographs (sorry for taftology).
4. iPhone Backup Analyzer. Utility for quick and easy access to the backup folder of iPhones. View config files, read archives and more.
5. Scalpel. An effective utility for recovering deleted files.
6. SleuthKit. A set of utilities for researching devices.
1. Androguard. A very powerful utility for reversing Android applications. Disassembling, decompiling, and more. Written in Python.
2. AntiLVL. Utility to disable application protection using the LVL method.
3. APKTool. Another utility for decompiling APK files.
4. Bulb Security SPF. Specialized framework for pentesting Androidophones. It has rich functionality.
5. Mercury / Drozer. Another powerful framework for conducting audits and attacks on Android devices. Serious thing. It is being developed at a decent "level."
6. Radare2. A universal framework for disassembling any platform, not just Android. The functionality is extensive, requires a separate article.
It was a short excursion into Santoku Linux. Many utilities have been described briefly. I believe that on working with each of them you can write separate posts. What I plan to do in the near future.
Thanks for attention.
PS Download Santoku here .
Last year, I reversed 2 mallvares and wrote 2 articles about it for the wonderful Pentestit company : “Analysis of the sms bot for Android. Part I " and " Analysis of sms-bot for Android. Part II ". Since then, a lot of interesting things happened in the world of information security of mobile devices. One of these interesting events is the emergence of a specialized distribution for the study and pentesting of mobile devices and applications Santoku Linux.
The appearance of this distribution is not an accident. The growing share of mobile devices in the life of every person is pushing attackers to attempt to gain unauthorized access to personal data. Accordingly, specialists should be prepared to repel various attacks on private data. It would be a little difficult to do if you had to search and install, configure various kinds of software for information security mobprils. Therefore, Santoku appeared on time, albeit without much ado. A kind of Backtrack-Kali Linux for pentesting mobprils.
Now let's move on to a brief description of the OS itself. Santoku is based on the Lubunt u distribution (Ubuntu with the LXDE window manager). It works only on 64-bit systems. Developed by NowSecure. The current version is 0.5. Santoku is such a knife for cutting. Literally, Santoku is translated from Japanese as "three virtues" or "three good." And this is no accident. Santoku gives you the opportunity to work with mobile devices in 3 directions:
1. Mobile forensics. Means for obtaining and analyzing data.
2. Mobile malware (malware). Tools for researching malware, viruses, trojans, etc.
3. Mobile application security. Tools for identifying application vulnerabilities and enhancing security.
Santoku installs easily and without special options, like regular Ubuntu. Therefore, we will not consider the installation. We proceed immediately to the consideration of the goodies waiting for us inside. Santoku carries standard software, such as games, browsers, office applications, etc. In a word, it is a standard Linux distribution kit. We will not dwell on them either.
So, we turn to the most interesting, namely, to software related to mobile applications and their security.
Open the menu and find the Santoku section. There are such subsections:
- Development tools.
- Device forensics.
- Penetration testing.
- Reverse engineering.
- Wireless analyzers.
The subsections Penetration testing and Wireless analyzers we will not consider. They are associated with tools for analyzing network traffic and penetration testing (they are Baktrak-Kali Linux). And we still have 3 subsections, which are our “three utilities”, “three goodies”.
Section "Development tools"
In this section, in addition to the development tools Eclipse and Android SDK (which were many articles), we note only a few interesting ones:
1. Heimdall. This is a cross-platform set of open source tools used to install firmware (aka ROM) on Samsung Galaxy devices. Perhaps the only tool (besides working with pens in the Linux console with scripts) that can, by format, repartition, a new bootloader (in other words, transfer system markups to other memory areas, bypassing the dead ones, and firmware of another system bootloader) help restore the dead device.
2. SBF Flash. Another SBF file firmware for Motorola devices.
Device forensics section
1. AF Logical OSE. An application (a small framework) for removing all data from a device and saving it to an SD card.
2. Android Brute Force Encryption. Android FDE (Full Disk Encryption) decryption utility.
3. ExifTool. A very powerful program for removing various meta-information from files received from a mobile device. For example, the place and time of photographing photographs (sorry for taftology).
4. iPhone Backup Analyzer. Utility for quick and easy access to the backup folder of iPhones. View config files, read archives and more.
5. Scalpel. An effective utility for recovering deleted files.
6. SleuthKit. A set of utilities for researching devices.
Section "Reverse Engineering"
1. Androguard. A very powerful utility for reversing Android applications. Disassembling, decompiling, and more. Written in Python.
2. AntiLVL. Utility to disable application protection using the LVL method.
3. APKTool. Another utility for decompiling APK files.
4. Bulb Security SPF. Specialized framework for pentesting Androidophones. It has rich functionality.
5. Mercury / Drozer. Another powerful framework for conducting audits and attacks on Android devices. Serious thing. It is being developed at a decent "level."
6. Radare2. A universal framework for disassembling any platform, not just Android. The functionality is extensive, requires a separate article.
It was a short excursion into Santoku Linux. Many utilities have been described briefly. I believe that on working with each of them you can write separate posts. What I plan to do in the near future.
Thanks for attention.
PS Download Santoku here .