General Instructions
We will create centralized google code and google documents repository for our view and management.
In all project, students’ final grading will include a group grading (which is identical to all group members) and
a peer assessment from other group members (evaluation your contribution to the group)
Android Kernel Projects (Malware + Functionality)
adore-ng rootkit porting on ARM architecture ( 100% engineering)
In this project you will port the popular open source rootkit for ARM processors. Iphone OS or Android would be ok as the target OS. Or we may have 2 teams targeting both OSes.
My guess it would be easier for Android since it’s open source and it’s Linux based. But we might have student(s) expertise in iphone/macosx developing. I have some windows rootkit source code available for study and adore-ng source code is available on the internet.
Resources neededs: Android or iphone SDK, XCODE, android platform.
Mobile OS/hardware fingerprinting (50% research+50% engineering)
Different mobile OSes exist in the market, like iphone, android, Win CE, Sybiam, Palm OS etc. Most recent advanced smartphones come with Wi-Fi ,Bluetooth, and 3G. How to quickly and efficiently identify such OSes and devices and differentiate them would be the very first step before we really approach to them. In this project , you will develop your own knowledge and framework to identify them. The extreme dreaming is, with your phone in your pocket , you can know the brand and model of the phone in other ppl’s pocket.
Level 1: Nessus scanner plugin developing, identify all above OSes by Wi-Fi Scanning. Identify OS version, hardware version, existing vulnerabilities.
Level 2: Bluetooth scanner, to identify
Level 3: Write your own program to pick up FM/GPS/GSM/CDMA signals to identify! Frequency analysis (challenging !) need special software to reprogramming radio firmware. If we have some student have some cell phone background and developing experience
In-Kernel Power and Scheduling Control of Processes
Develop a module that controls the power consumption of each process by allocating quotas to each process that runs on the processor.
This project will fcus on LKM module that will control the APM and API functionality of the kernel and will allow for power limits defined
by the user through a userland utility. This power limits can be calcuated by using the scheduled time for each application
(i.e. compute how much each process utilized the processor)
Malware Development
Android, iphone/itouch MP3 decoder local exploit development (75% research +25%engineering)
This is a risky project, which may get no result at all.
Research the MP3 player/decoder on iphone device and find the vulnerabilities which can be exploited by crafting special MP3/media file.
Level 1: crash the player
Level 2: crafting shellcode as payload in media file and get it executed.
Ref: http://www.gnucitizen.org/blog/backdooring-mp3-files/
Android ARM or Mach-O binary file code injections (50% research+50%engineering)
Traditional DOS virus can infect PE binary files by injection code into other binary files. The code is malicious payload and for injecting other binaries. In this project, student will develop such virus infection code on Mach-O file on Mac OS platform without breaking the original functionality of the binary. There is no requirement for payload, a message printed would be OK. But there must be self-duplicating mechanism without breaking the functionality.
Ref: Mach-O http://developer.apple.com/Mac/library/documentation/DeveloperTools/Conceptual/MachORuntime/Reference/reference.html
Ref: Android Kernel ARM Binaries (Linux ELF]
Power Management
Monitoring and Visualization of Battery Consumption
- Monitor battery at various intervals in time and parse /proc (or
maybe try a different way) to find which processes were up during that
period.
- Upload this information to a server, that logs time intervals with
processes that were up during that time, along with other relevant
information.
- Create graphs to display this information over HTTP via any browser
as necessary (might need learning PHP-GD which has nothing to do with
OS Security).
- Create other relevant statistics based on the information available
to you for enhancements and propose improvements to this model for
performing phone diagnostics (suggest security downsides in doing
this).
Surveilance Related Projects
TBD
Defense/Protection Related Projects
TBD
Logging and Forensics Related Projects
TBD
Your Idea
Submit the proposal and we can take a look, guide and approve them. Need to be academic oriented and engineering feasible but challenging.
Iphone OS reference: http://developer.apple.com/iphone/library/navigation/index.html
Iphone SDK: http://www.apple.com/downloads/macosx/development_tools/iphonesdk.html
Iphone worm: http://pastie.org/693452
An IO duplication and redirection tool: http://www.dest-unreach.org/socat/
AMD: http://support.apple.com/kb/HT1747
http://www.theiphonewiki.com/wiki/index.php?title=MobileDevice_Library
Mobile Applications on Win CE: http://msdn.microsoft.com/en-us/vstudio/dd164395.aspx
http://msdn.microsoft.com/en-us/windowsmobile/default.aspx
Mobile Device Firmware Reverse engineering: http://lostscrews.com/viewtopic.php?f=10&t=50