Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Attack high version Android #78

Open
gtasb opened this issue May 26, 2024 · 0 comments
Open

Attack high version Android #78

gtasb opened this issue May 26, 2024 · 0 comments

Comments

@gtasb
Copy link

gtasb commented May 26, 2024

As is well-known, newer versions of Android enforce access control for devices connected via ADB, such as verifying the MAC address of a device requesting ADB access. This renders unauthorized ADB access attacks ineffective under these circumstances. Therefore, I've been pondering whether we could bypass this by spoofing the attacker's MAC address to deceive and connect to the target machine. The challenge lies in identifying the authorized MAC address in the first place. My thought is whether it's feasible to deduce this through fingerprinting ADB traffic patterns or by sniffing the network. Alternatively, could a Man-in-the-Middle (MitM) attack within the local network, where we intercept traffic between two devices connected via ADB, reveal the identity of the connected device?

To elaborate, the steps for such an approach might involve:

ADB Traffic Analysis: Attempt to analyze typical ADB communication patterns to identify unique characteristics that could potentially be associated with a specific MAC address. This would require deep understanding of ADB protocol nuances and might not be a straightforward task due to encryption and the variability of data exchanged.

Network Sniffing: Monitor network traffic for ADB-related packets, which could include initial handshake messages that may reveal the MAC address or other identifying information. However, ADB typically uses SSL/TLS for secure communication, making passive sniffing less practical without decryption capabilities.

MitM Attack: Implement an MitM attack within the LAN to intercept and decrypt ADB traffic. This would require exploiting vulnerabilities in the adb implementation or obtaining the necessary certificates trusted by the target devices. Once in place, the MitM position could allow capturing and analyzing the traffic to discern the authorized MAC address.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant