Uncategorized
netcat (ncat)
Introduction The networking utility “netcat” is a simple tool to read and write data across TCP or UDP network or
common criteria certification
https://www.blancco.com/resources/blog-what-is-common-criteria-certification-why-is-it-important/ Common Criteria : New CC Portal (commoncriteriaportal.org)
Android App Security elements in Android manifest file
https://medium.com/@lucideus/security-review-of-android-manifest-file-part-i-ecb5ca51eb6a https://www.briskinfosec.com/blogs/blogsdetail/Android-Manifest-File-Analysis-101
Android Userdata Encryption
FDE, Full-Disk Encryption https://source.android.com/security/encryption/full-disk.html https://sudonull.com/post/23403-Removing-the-hardware-key-of-full-disk-protection-in-Android-phones-on-Qualcomm-processors http://bits-please.blogspot.com/2016/06/extracting-qualcomms-keymaster-keys.html FBE, File-Based Encryption https://source.android.com/security/encryption/file-based.htmlAndroid FBE https://www.qualcomm.com/media/documents/files/file-based-encryption.pdf NOTE — Per Google Android Compatibility Program’s requirements, devices
Trusted Execution Environment(TEE)
https://en.wikipedia.org/wiki/Trusted_execution_environment OP-TEE Code Organization OP-TEE Secure Storage Architecture Use case Demonstration Trusty TEE Code Organization https://projectacrn.github.io/latest/developer-guides/trusty.html#trusty-tee Trusty Secure Storage Architecture
Secure storage
Secure storage service https://android.googlesource.com/trusty/app/storage/ https://projectacrn.github.io/latest/tutorials/trustyACRN.html https://docs.nvidia.com/drive/drive_os_5.1.6.1L/nvvib_docs/index.html#page/DRIVE_OS_Linux_SDK_Development_Guide/Windows%20Systems/security_concepts.html https://events19.linuxfoundation.org/wp-content/uploads/2017/12/Implement-Android-Tamper-Resistant-Secure-Storage-Bing-Zhu_and-Secure-it-in-Virtualization-Bing-Zhu-Intel-Corporation.pdf RPMB https://www.semanticscholar.org/paper/Mobile-secure-data-protection-using-eMMC-RPMB-Reddy-Paramasivam/76c741dddcbd802709762ae3e43f8a85986a9619/figure/2 https://android.googlesource.com/trusty/app/storage/+/refs/heads/master/README.md
mutual tls
https://downey.io/notes/dev/curl-using-mutual-tls/ https://github.com/KumarShrawan/practical-pki https://stackoverflow.com/questions/34532392/client-certificate-authentication-in-ssl-handshake/34533228#34533228
Android Keystore
https://static.linaro.org/connect/yvr18/presentations/yvr18-414.pdf https://code.tutsplus.com/tutorials/keys-credentials-and-storage-on-android–cms-30827 https://www.apriorit.com/dev-blog/432-using-androidkeystore http://bits-please.blogspot.com/2016/06/extracting-qualcomms-keymaster-keys.html https://www.usenix.org/conference/woot20/presentation/busch https://security.googleblog.com/2018/ https://ostoday.org/android/is-android-keystore-secure.html https://labs.f-secure.com/blog/how-secure-is-your-android-keystore-authentication/ https://medium.com/@josiassena/using-the-android-keystore-system-to-store-sensitive-information-3a56175a454b Source walkthrough 1. https://android.googlesource.com/platform/hardware/interfaces/+/master/keymaster/4.0/IKeymasterDevice.hal 2. https://www.fatalerrors.org/a/android-q-10.1-keymaster-source-analysis-implementation-of-various-scenarios.html