Overview

Repackaging attack is a very common type of attacks on Android devices. In such an attack, attackers modify a popular app downloaded from app markets, reverse engineer the app, add some malicious payloads, and then upload the modified app to app markets. Users can be easily fooled, because it is hard to notice the difference between the modified app and the original app. Once the modified apps are installed, the malicious code inside can conduct attacks, usually in the background. For example, in March 2011, it was found that DroidDream Trojan had been embedded into more than 50 apps in Android official market and had infected many users. DroidDream Trojan exploits vulnerabilities in Android to gain the root access on the device.

The learning objective of this lab is for students to gain a first-hand experience in Android repackaging attack, so they can better understand this particular risk associated with Android systems, and be more cautious when downloading apps to their devices, especially from those untrusted third-party markets. In this lab, students will be asked to conduct a simple repackage attack on a selected app, and demonstrate the attack only on our provided Android VM. Students should be warned not to submit their repackaged apps to any market, or they will face legal consequence. Nor should they run the attack on their own Android devices, as that may cause real damages.

Lab Tasks (Description)

  • This lab requires the following two VMs, which are different from the ones used for non-mobile labs. You can download them from this link.
    • SEEDAndroid5.1 VM
    • MobiSEEDUbuntu14.04_x64 VM

Recommended Time:

  • Supervised situation (e.g. a closely-guided lab session): 2 hours
  • Unsupervised situation (e.g. take-home project): 1 week

Files that are needed

  • MaliciousCode.smali: this code will delete all the contacts on the phone if triggered.
  • You can use some existing apps for this lab; if you don't want to do that, we have created a simple app (RepackagingLab.apk) that you can use.

Helpful Documents

SEED Project