Can we make something like comodo firewall in Android? - android

AFAIK, one might need to work on the low level linux to do this job or use theorem provers to anlayze programs without having to understanding the underlying programs. In addition, AFAIK each program is controlled in its own sandbox so that it does not affect other programs.
However, during the past year, researchers have demonstrated that they could "borrow" permission from other programs even if their programs did not initially ask for them. This unfortunately makes Android much less trustworthy as its security model is essentially permission-based at install time ONLY. I guess one way to ensure that this kind of attacks (I mean malicously acquiring permissions a program should not have had) would be to monitor inter-programs communications and in real time.
Since dalvik is not open source, and neither is Android itself (apart from open API's), can anyone think of a way, using Java only, to implement a dynamic and realtime firewall in Android that would at least ensure no program can start another without our explicit permission each time (more like how comodo firewall works)?
Thank you very much

Before making any software you might have complete understanding about the functionality of that software. You are trying to make software like comodo firewall then you must know that how comodo firewall works, how it block any software activity, how it monitor network activity and many other activity that comodo firewall can do. if you don't have basic understanding about that then first understand it then think next..
Download it from here and understand it..
http://www.filekb.com/windows/download-comodo-firewall/

Related

Is the API for exercise machines (like NordicTrack iFit) open? Can I write an app to control my bluetooth-enabled machine?

I've written standalone apps that construct workouts that I can build to vary time, resistance, etc., but they don't communicate with a dedicated exercise machine. I recently bought a NordicTrack elliptical machine which uses their iFit framework (using their iFit Bluetooth app) to control the machine's resistance and incline. Is this an open Bluetooth-accessible API that I can access to have my app connect to the machine and manipulate the resistance and incline myself? Anyone?
It's not open because the companies (ProForm, NordicTrack) want to earn extra money besides the one time purchase price through constantly flowing subscription money via the iFit service. They need to somehow make it an exclusive option to use iFit, otherwise they'd lose another cash cow, I'd even say maybe the constant subscription flow is more important than the MSRP.
On fitness forums (like slowtwitch forum https://forum.slowtwitch.com/forum/Slowtwitch_Forums_C1/Triathlon_Forum_F1/Treadmill_iFit_%22hack%22_/_tweak_P6851409/) people were figuring out how to get into admin mode and access the Android tablet as it is. Lately Nordictrack moved and tries to block the users from accessing privileged mode condescendingly in the name of safety: https://www.extremetech.com/extreme/329275-owners-resort-to-hacking-smart-treadmills-after-nordictrack-locks-them-out. This is similar what Peloton pulled: https://www.makeuseof.com/peloton-treadmills-lose-free-just-run/
However when communication happens with apps there always be a possibility to reverse engineer protocols, although that's tedious and sometimes result in fragile code, and condescending companies could always push updates which intentionally interfere with hack solutions.
According to forums the https://github.com/belden/iFitController web protocol based solution (mentioned by #papahouss, I found another repo which exists) only works with 2017 and earlier devices. The later models switched to Bluetooth (it sounds like you have such machine) so the HTTP project won't work for you most probably.
There are a few projects trying to integrate iFit devices with Zwift, and some other extra projects. This one particularly looks very promising, but I haven't got to study it in details yet: https://github.com/dawsontoth/zwifit/blob/master/src/ble/ifit/_request.js
Maybe you should have a look at this project : https://github.com/jamesdotcuff/iFitController
You can communicate with the machine via websock. It works for treadmill but not too sure about elliptical machine.
Good luck

How to passively monitor if a new TCP connection is being made in Linux?

The easiest way is probably to write a loop to monitor /proc/net/tcp or /proc/net/tcp6. However, it is too inefficient since I need to be notified almost immediately. The closest thing I looked at is inotify which can provide callbacks on IO events on any files. The problem is that procfs is not regular file systems and inotify does not appear to support it (at least not for /proc/net/tcp and /proc/net/tcp6).
Further, I do not want the program to have root privilege in order to implement this.
EDIT: I removed the requirement of userspace connection. Also, I'm hoping that there's a built-in kernel support such as inotify that can achieve this. It may even be too intrusive in my case to manipulate the iptables.
Anyone has any idea? Thanks!!
You could add a logging rule to your local iptables configuration that would log a message whenever a new connection is initiated, and then make the log file readable by a non-root user. This would get you (a) immediate notification of events (you could use inotify to detect writes to the file) and (b) the detecting process itself does not need root privileges.
Best thing I can think of is trying to run an on-board proxy and persuade other apps to connect through that. Some have tried to do this by altering the APN settings.
But this is ugly, may not work on all versions, and can probably be circumvented.
Unfortunately, Android just isn't designed to allow end users to install optional improvements to the behavior of the system itself, short of cracking the whole thing open (ie, rooting).
It's certainly possible to monitor outbound traffic using raw sockets. See man page for packet (7) to see how to do that. However, this may not be what you want.
If connection-tracking is enabled, it may be possible to get notifications of new connections from the kernel using netlink. The API for doing these things is awful, so consider looking at the source of a program which does it already. I think the "conntrack" binary may be supplied with some distributions (I'm not sure what it's part of).

Can an app be monitored for security?

A coworker and I were talking (after a fashion) about an article I read (HTC permission security risk). Basically, the argument came down to whether or not it was possible to log every action that an application was doing. Then someone (an abstract theroetical person) would go through and see if the app was doing what it was supposed to do and not trying to be all malicious like.
I have been programming in Android for a year now, and as far as I know if -- if -- that was possible, you would have to hack Dalvik and output what each process was doing. Even if you were to do that, I think it would be completely indecipherable because of the sheer amount of stuff each process was doing.
Can I get some input one way or the other? Is it completely impractical to even attempt to log what a foriegn application is doing?
I have been programming in Android for a year now, and as far as I know if -- if -- that was possible, you would have to hack Dalvik and output what each process was doing.
Not so much "hack Dalvik" but "hack the android.* class library, and perhaps a few other things (e.g., java.net).
Even if you were to do that, I think it would be completely indecipherable because of the sheer amount of stuff each process was doing.
You might be able to do some fancy pattern matching or something on the output -- given that you have determined patterns of inappropriate actions. Of course, there is also the small matter of having to manually test the app (to generate the output).
Is it completely impractical to even attempt to log what a foriegn application is doing?
From an SDK app? I damn well hope so.
From a device running a modded firmware with the aforementioned changes? I'd say it is impractical unless you have a fairly decent-sized development team, at which point it is merely expensive.
This is both possible and practical if you are compiling your own ROM. Android is based on Linux and I know several projects like this for Linux, like Linux Trace Toolkit. I also know of research into visualizing the results and detecting malicious apps from the results as well.
Another thing functionality like this is often used for is performance and reliability monitoring. You can read about the DTRACE functionality in Solaris to learn more about how this sort of stuff is used in business rather than academia.

Is there a way to programmatically set a proxy server in my Android app?

Is there a way to programmatically set a proxy server in my Android App?
I'm writing an Android App that uses some WebViews. Is there a way to set a proxy server for all network connections in my app, i.e. all content that is shown in the WebViews should be routed through the proxy?
All other Apps on the device should not be affected by this proxy settings.
Surprisingly I don't see a mechanism listed, but maybe there is one.
Ultimately, if the webview is running in your process and implemented sensibly you can programmatically patch the existing code to route network calls through some custom code which could redirect it through a proxy (or just do whatever the proxy would), but this is very complicated low level C/assembly language programming, will require even more care to make portable across reasonable platform upgrades, and shouldn't be undertaken unless you want a very 'interesting' and educational project and you have done enough research to be sure there is no better way.
After some research I'm coming to the point that there is no (official) proxy support in Android 2.2 (and most likely also in 2.3); See this issue report with over 1000(!) comments: http://code.google.com/p/android/issues/detail?id=1273
I found some potential solutions for rooted devices, e.g. setting up some new iptables rules. I did not try any of this suggestions since I need a solution that works on any devices.
We can set the proxy in android. proxysetting 1.0 is an android app to set the proxy. Don't know further details about it. But it is clear that there is a way out.

Is it possible to restart the phone with Android SDK or NDK?

Is it possible to programmatically restart the phone from a application (service) running on top of the Dalvik VM?
If the SDK does not provide this functionality, then how about using the NDK and calling some functions provided by the kernel? I know this option is not preferred (not stable enough libs), but if it's the only option, I'll have to consider that as well.
Hopefully not. :-)
If it were possible to restart the phone at will, a malicious app could quietly do it at random intervals and make your life unhappy.
The NDK does not provide you with any additional abilities here, because Android relies on process boundaries and Linux access rights for security, rather than a Java-language sandbox.
Why do you want to do this? Maybe there's some other way to accomplish what you're after.
powermanager.reboot is available since api level 8.
requires reboot permission
I found the correct system calls in Linux that would do the trick and after hours of fiddling around with the NDK/JNI paths, I finally managed to call the function. The result was that I need super-user permission for that. I kind of guessed that this would be the case.
Is there anyway to overcome this problem? Other than rooting the phone, which I'm still trying to avoid.
It's still possible to reboot the phone with adb. I guess that communicates with ddmd or some other daemon, so could it be possible to somehow use the same functionality?

Categories

Resources