Top
Newest White Papers
White Papers
Books
Presentations
Application Security
Infrastructure Security
Mobile Security
Blog
Forums
Careers
Management
Contact

Mobile Security Tools

This collection of free mobile security tools released by iSEC Partners includes Android security tools, Android IPC fuzzers, and SIM security tools.

Monday
Jul262010

Intent Fuzzer

Intent Fuzzer is a tool that can be used on any device using the Google Android operating system (OS). Intent Fuzzer is exactly what is seems, which is a fuzzer. It often finds bugs that cause the system to crash or performance issues on the device. The tool can either fuzz a single component or all components. It works well on Broadcast receivers, and average on Services. For Activities, only single Activities can be fuzzed, not all them. Instrumentations can also be started using this interface, and content providers are listed, but are not an Intent based IPC mechanism.

Pre-Requisites: Mobile Device Running Google’s Android OS

IntentFuzzer.zip

Monday
Jul262010

Intent Sniffer

Intent Sniffer is a tool that can be used on any device using the Google Android operating system (OS). On the Android OS, an Intent is description of an action to be performed, such as startService to start a service. The Intent Sniffer tool performs monitoring of runtime routed broadcasts Intents. It does not see explicit broadcast Intents, but defaults to (mostly) unprivileged broadcasts. There is an option to see recent tasks Intents (GET_TASKS), as Activity’s intents are visible when started. The tool can also dynamically update Actions & Categories.

Pre-Requisites: Mobile Device Running Google’s Android OS

IntentSniffer.zip

Monday
Jul262010

Package Play

Package Play is a tool that can be used on any device using the Google Android operating system (OS). Package Play shows the user all installed packages on the mobile device. This helps the user in the following ways:

  • Easy way to start exported Activities
  • Shows defined and used permissions
  • Shows activities, services, receivers, providers and instrumentation, their export and permission status
  • Switches to Manifest Explorer or the Setting’s applications view of the application.

Pre-Requisites: Mobile Device Running Google’s Android OS

PackagePlay.zip

Monday
Jul262010

Manifest Explorer

Manifest Explorer is a tool that can be used on any device using the Google Android operating system (OS). On Android, every application must have an AndroidManifest.xml file in its root directory. The AndroidManifest.xml files does a few things, which is all explained here. From a security perspective, the file is most interesting because it defines the permissions the application must have to other applications or protected parts of the API. The Manifest Explorer tool can be used to review the AndroidManifest.xml file, specifically the security permissions of the application, and the pen-tester a basic attack surface of the application. The attack surface is a critical starting point to understand security of the application and how it affects the mobile device itself.

Pre-Requisites: Mobile Device Running Google’s Android OS

ManifestExplorer.zip

Saturday
Jul242010

pySimReader

This is a modified version of Todd Whiteman’s PySimReader code. This modified version allows users to write out arbitrary raw SMS PDUs to a SIM card. Additionally, debugging output has been added to allow the user to view all APDUs that are sent between the SIM card and PySimReader.

Usage:
# Start the app python pySimReader.py

# To run with debugging mode enabled
# (This will print out all APDUs sent between the SIM and pySimReader) python pySimReader.py -d

Requirements: This tool has been tested on Windows XP with Python 2.5 and the ACS ACR 38t SIM reader.

pySimReader.zip

General Information info@isecpartners.com
San Francisco
123 Mission Street
Suite 1020
San Francisco, CA 94105
Seattle
720 Third Avenue
Suite 2101
Seattle, WA 98104
New York City
225 Varick Street
Suite 301
New York, NY 10014