https://irq5-7854a1fdb9f4.pages.dev/tag/android/Recent content in android on irq5 testen-usMon, 01 Dec 2014 22:50:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2014/12/android-internals-package-verifiers/Mon, 01 Dec 2014 22:50:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2014/12/android-internals-package-verifiers/<p>Inspired by Nikolay Elenkov&rsquo;s detailed technical posts on <a href=//nelenkov.blogspot.com rel=noopener>Android Explorations</a>, I decided to dig into the Android source code myself and document the package verification mechanism in Android.</p><p>Package verification was introduced in Android 4.2 to allow for apps to be verified or checked <em>before</em> they are installed. If you have tried to install a malicious app on a production Android device, you might have seen the following screen, displayed by the verifier:</p><p><picture><source srcset=/posts/2014/img/android-pkgverify.png.webp type=image/webp><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2014/img/android-pkgverify.png alt="screenshot of malicious app install warning" width=900 height=889 class="half noinvert"></picture></p><p>Android was built in such a way that it tries to be generic for third-parties to implement stuff. Package verification is a feature that is currently only used and implemented by Google, but it is abstracted in such a way that any manufacturer can implement their own. Documentation and examples on how to do this is almost non-existent, although anyone determined enough can read the Android source code and figure it out for themselves.</p><p><a href="https://irq5-7854a1fdb9f4.pages.dev/2014/12/android-internals-package-verifiers/#more">Continue reading…</a></p>https://irq5-7854a1fdb9f4.pages.dev/2013/04/decoding-bcard-conference-badges/Sat, 13 Apr 2013 01:28:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2013/04/decoding-bcard-conference-badges/<p>Last month, I had the opportunity to fly halfway around the world to attend <em>RSA Conference 2013</em>. Everyone was given a lanyard and badge which contains your information entered during registration. When you visit booths, they can then scan your badge to collect your information and follow up by sending you spam.</p><p><picture><source srcset=/posts/2013/img/rsa-conf-pass.jpg.webp type=image/webp><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2013/img/rsa-conf-pass.jpg alt="RSA conference pass" width=640 height=427></picture></p><p>The scanner varies across different booths, but mostly it&rsquo;s an Android device that ran a custom software. Since it had a large NXP logo, let&rsquo;s try to read it with the <a href="https://play.google.com/store/apps/details?id=com.nxp.taginfolite" rel=noopener target=_blank class=external>NFC TagInfo app</a>. Looks like the tag identifies itself as a NDEF message but the data is gibberish.</p><p><picture><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2013/img/bcard_taginfo.png alt="Data in the BCARD as decoded by TagInfo" width=720 height=1034 class="half noinvert"></picture></p><p><a href="https://irq5-7854a1fdb9f4.pages.dev/2013/04/decoding-bcard-conference-badges/#more">Continue reading…</a></p>https://irq5-7854a1fdb9f4.pages.dev/2010/06/how-to-take-a-screenshot/Sat, 05 Jun 2010 14:50:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2010/06/how-to-take-a-screenshot/That&rsquo;s it!