Meet Santoku Linux
For more than a year, I have been carried away by the topic of information security of mobile devices. In particular, special emphasis was placed on Android. Actively studying this axis, as well as programming on it. This OS is the most common among mobile devices. Accordingly, the malicious programs that will be written for this platform should logically be many times larger than the others. And that means - there is a choice of different and tasty malvari for studying.
Last year I reversed 2 malvars and wrote 2 articles about this for the wonderful company Pentestit : “Analysis sms-bot for Android. Part I " and " Analysis of sms-bot for Android. Part II . Since then, many interesting things have happened in the world of information security of mobile devices. One of these interesting events is the emergence of a specialized distribution for the study and pentesting of mobile devices and Santoku Linux applications.
The appearance of this distribution is not an accident. The growing share of mobile devices in the life of every person is pushing attackers to attempt to gain unauthorized access to personal data. Accordingly, specialists should be prepared to repel various kinds of attacks on private data. It would be somewhat difficult to do if I had to search and install, configure various kinds of software on mobile security tools. Therefore, Santoku appeared on time, albeit without much noise. A sort of Backtrack-Kali Linux for pentesting mobprilov.
Now let's go to a brief description of the OS itself. Santoku is based on the Lubunt u distribution (Ubuntu with LXDE window manager). It works only on 64-bit systems. Developed by NowSecure. Current version 0.5. Santok is such a cutting knife. Literally, Santoku translates from Japanese as "three virtues" or "three benefits." And this is no accident. Santok is given the opportunity to work with mobile devices in 3 directions:
')
1. Mobile forensics. Means for obtaining and analyzing data.
2. Mobile malware (malware). Tools for the study of malware, viruses, Trojans, etc.
3. Security of mobile applications. Means to detect application vulnerabilities and increase security.
Installing Santoku easily and without special options, like regular Ubuntu. Therefore, the installation will not be considered. We proceed immediately to the consideration of the goodies waiting for us inside. Santokou has with him a standard software, such as games, browsers, office applications, and others. In a word, the standard Linux distribution kit. We will not dwell on them either.
So, we turn to the most interesting, namely, to the software related to mobile applications and their security.
Open the menu and find the section Santoku. There are such subsections:
- Development tools.
- Device forensics.
- Penetration testing.
- Reverse engineering.
- Wireless analyzers.
Subdivisions of Penetration testing and Wireless analyzers will not be considered. They are associated with tools for analyzing network traffic and penetration testing (they are Baktrak-Kali Linux). And we still have 3 subsections, which are our “three goodies”, “three goodies”.
In this section, in addition to the Eclipse development tools and the Android SDK (about which there were many articles), we note only a few interesting ones:
1. Heimdall. This is a cross-platform open source toolkit used to install firmware (aka ROM) on Samsung Galaxy devices. Perhaps the only means (apart from working with pens in the Linux console with scripts), which can, by format, repartition, a new bootloader (in other words, transfer system layouts to other memory areas, bypassing the dead, and flashing another system bootloader), help restore the dead device.
2. SBF Flash. Another SBF file flasher for Motorola devices.
1. AF Logical OSE. Application (small framework) for removing all data from the device and saving it to the SD-card.
2. Android Brute Force Encryption. Utility for decoding Android FDE (Full Disk Encryption).
3. ExifTool. A very powerful program for removing various meta-information from files received from a mobile device. For example, the place and time of photographing photos (sorry for taftology).
4. iPhone Backup Analyzer. A utility for quick and easy access to the backup folder of iPhones. View config files, reading archives and much more.
5. Scalpel. Efficient utility to recover deleted files.
6. SleuthKit. A set of tools for researching devices.
1. Androguard. Very powerful utility for reverse Android applications. Disassemble, decompile and more. Written on Python.
2. AntiLVL. Utility for disabling application protection by LVL method.
3. APKTool. Another utility for decompiling APK files.
4. Bulb Security SPF. A specialized framework for pentesting Android. It has a rich functionality.
5. Mercury / Drozer. Another powerful framework for auditing and attacks on Android devices. Serious thing. Developed at a decent "level".
6. Radare2. Universal framework for disassembling any platform, not only Android. The functionality is extensive, requires a separate article.
This was a brief insight into Santoku Linux. Many utilities have been described briefly. I believe that by working with each of them, you can write separate posts. What I plan to do in the near future.
Thanks for attention.
PS Download Santoku here .
Last year I reversed 2 malvars and wrote 2 articles about this for the wonderful company Pentestit : “Analysis sms-bot for Android. Part I " and " Analysis of sms-bot for Android. Part II . Since then, many interesting things have happened in the world of information security of mobile devices. One of these interesting events is the emergence of a specialized distribution for the study and pentesting of mobile devices and Santoku Linux applications.
The appearance of this distribution is not an accident. The growing share of mobile devices in the life of every person is pushing attackers to attempt to gain unauthorized access to personal data. Accordingly, specialists should be prepared to repel various kinds of attacks on private data. It would be somewhat difficult to do if I had to search and install, configure various kinds of software on mobile security tools. Therefore, Santoku appeared on time, albeit without much noise. A sort of Backtrack-Kali Linux for pentesting mobprilov.
Now let's go to a brief description of the OS itself. Santoku is based on the Lubunt u distribution (Ubuntu with LXDE window manager). It works only on 64-bit systems. Developed by NowSecure. Current version 0.5. Santok is such a cutting knife. Literally, Santoku translates from Japanese as "three virtues" or "three benefits." And this is no accident. Santok is given the opportunity to work with mobile devices in 3 directions:
')
1. Mobile forensics. Means for obtaining and analyzing data.
2. Mobile malware (malware). Tools for the study of malware, viruses, Trojans, etc.
3. Security of mobile applications. Means to detect application vulnerabilities and increase security.
Installing Santoku easily and without special options, like regular Ubuntu. Therefore, the installation will not be considered. We proceed immediately to the consideration of the goodies waiting for us inside. Santokou has with him a standard software, such as games, browsers, office applications, and others. In a word, the standard Linux distribution kit. We will not dwell on them either.
So, we turn to the most interesting, namely, to the software related to mobile applications and their security.
Open the menu and find the section Santoku. There are such subsections:
- Development tools.
- Device forensics.
- Penetration testing.
- Reverse engineering.
- Wireless analyzers.
Subdivisions of Penetration testing and Wireless analyzers will not be considered. They are associated with tools for analyzing network traffic and penetration testing (they are Baktrak-Kali Linux). And we still have 3 subsections, which are our “three goodies”, “three goodies”.
"Development tools" section
In this section, in addition to the Eclipse development tools and the Android SDK (about which there were many articles), we note only a few interesting ones:
1. Heimdall. This is a cross-platform open source toolkit used to install firmware (aka ROM) on Samsung Galaxy devices. Perhaps the only means (apart from working with pens in the Linux console with scripts), which can, by format, repartition, a new bootloader (in other words, transfer system layouts to other memory areas, bypassing the dead, and flashing another system bootloader), help restore the dead device.
2. SBF Flash. Another SBF file flasher for Motorola devices.
Section "Device forensics"
1. AF Logical OSE. Application (small framework) for removing all data from the device and saving it to the SD-card.
2. Android Brute Force Encryption. Utility for decoding Android FDE (Full Disk Encryption).
3. ExifTool. A very powerful program for removing various meta-information from files received from a mobile device. For example, the place and time of photographing photos (sorry for taftology).
4. iPhone Backup Analyzer. A utility for quick and easy access to the backup folder of iPhones. View config files, reading archives and much more.
5. Scalpel. Efficient utility to recover deleted files.
6. SleuthKit. A set of tools for researching devices.
Reverse Engineering Section
1. Androguard. Very powerful utility for reverse Android applications. Disassemble, decompile and more. Written on Python.
2. AntiLVL. Utility for disabling application protection by LVL method.
3. APKTool. Another utility for decompiling APK files.
4. Bulb Security SPF. A specialized framework for pentesting Android. It has a rich functionality.
5. Mercury / Drozer. Another powerful framework for auditing and attacks on Android devices. Serious thing. Developed at a decent "level".
6. Radare2. Universal framework for disassembling any platform, not only Android. The functionality is extensive, requires a separate article.
This was a brief insight into Santoku Linux. Many utilities have been described briefly. I believe that by working with each of them, you can write separate posts. What I plan to do in the near future.
Thanks for attention.
PS Download Santoku here .
Source: https://habr.com/ru/post/255601/
All Articles