android network stack and enhancement (3g/ wifi , ipv4/ipv6, sip/voip)
DESCRIPTION
www.kandroid.org. Android Network Stack and Enhancement (3G/ WiFi , IPV4/IPV6, SIP/VoIP). Mar-11-2011 (Fri). Geunsik Lim ( Nick:인베인 ) leemgs.at.gmail.com blog.naver.com/ invain. 본 문서는 비상업적 용도에 한해서 자 유롭게 수정 및 재배포 가능 하며 , 자료출처를 명시해야만 합니다 . . CONTENTS. - PowerPoint PPT PresentationTRANSCRIPT
Android Network Stack and Enhancement(3G/WiFi, IPV4/IPV6, SIP/VoIP)
Mar-11-2011 (Fri)
Geunsik Lim (Nick: 인베인 ) leemgs.at.gmail.comblog.naver.com/invain
본 문서는 비상업적 용도에 한해서 자유롭게 수정 및 재배포 가능하며 , 자료출처를 명시해야만 합니다 .
www.kandroid.org
CONTENTS
1. Computer Network2. Understanding Linux Network Internals3. Network Terminology (3G/WiFi, IPV4/IPV6, SIP/VoIP)4. Differences Between IPv4 and IPv6 5. Network Information Management on Android Phone 6. Traffic Monitoring using tcpdump/netstat (including DNS Resolver)7. Android Phone Attack using structural vulnerability8. Connections between Network Instruments and Android Platform9. References10.Conclusion11.Appendix: Network Scheduler for QoS, Network App for Study
Android Network Technology Session
3/387th Korea Android Technical Conference (www.kandroid.org)
What is Computer Network?
A computer network, often simply referred to as a network, is a collection of computers and devices interconnected by communications channels that facilitate communications among users and allows users to share resources. A computer network allows sharing of resources and information among interconnected devices.
* Source: wikipedia
4/387th Korea Android Technical Conference (www.kandroid.org)
Overlay Network
IP Layer
SONET/SDH Layer
Optical Layer
Site Layer
An overlay network is a virtual computer network that is built on top of another network. Nodes in the overlay are connected by virtual or logical links, each of which corresponds to a path, perhaps through many physical links, in the underlying network.
For example, many peer-to-peer networks are overlay networks because they are organized as nodes of a virtual system of links run on top of the Internet. The Internet was initially built as an overlay on the telephone network .
5/387th Korea Android Technical Conference (www.kandroid.org)
Overview of Network Stack
TCP/IP Models (4Layer)
Application (SIP, HTTP, FTP, DNS, DHCP, IMAP, SMTP, SSH, XMPP, RTP, RTSP, H323)
Transport (TCP/UDP)
Internetwork (IPv4,IPv6, ICMP, IGMP, ARP)
Link Layer or Host-to-network (Ethernet,Token Ring)
Message
Segment
Datagram/Packet
Frame
7
6
5
4
3
2
1
4
3
2
1
The OSI model remains an important reference point for networking discussions even though it never took off for a variety of reasons. The TCP/IP model covers most of the protocols used by computers today.
ApplicationNetwork Process to
ApplicationPresentation
Data Representation & EncryptionSession
Internet Communication
TransportEnd-to-End Connections a&
Reliability
NetworkPath Determination & Logical
Addressing(IP)
PhysicalMedia, Signal and Binary
Transmission
data
data
data
frames
bits
packets
Data linkPhysical Addressing (MAC &
LLC)
segments
Data unit Layers
Host LayersM
edia Layers
OSI Model (7Layer)Data unit Layers
6/387th Korea Android Technical Conference (www.kandroid.org)
As we have seen, each layer provides a variety of protocols. Each protocol is handled by a different set of kernel functions. Thus, as the packet travels back up the stack, each protocol must figure out which protocol is being used by the next-higher layer, and invoke the proper kernel function to handle the packet.
Headers compiled by layers: (a...d) on Host X as we travel down the stack; on Router RT X .
/web/site1.htmlSrc port=5000Dst port=80
Src IP=100.100.100.100Dst IP=101.101.101.011Transport Protocol=TCP
Src IP=00:20:e1:77:00:02Dst IP=00:21:e6:32:00:01Internet Protocol
/web/site1.htmlSrc port=5000Dst port=80
Src IP=100.100.100.100Dst IP=101.101.101.011Transport Protocol=TCP
/web/site1.htmlSrc port=5000Dst port=80
/web/site1.html
Link Layer Payload
Network Layer Payload
Transport Layer Payload
Link Layer Header
Network Header
Transport Header
Message
A
B
C
D
Understanding Linux Network Internals Combination of each layer by kernel functions
7/387th Korea Android Technical Conference (www.kandroid.org)
Understanding Linux Network Internals Android Linux Networking Architecture
Application Layer(INET)
Berkeley Socket Interface
Protocol Layer
Network Device Driver Interface/ queuing Discipline
Physical Device Driver
Physical Device and Media
User space
Kernel space
PF_INET PF_INET
Device Drivers Link
BSD Socket Interface
PF_INET
PINGTELNETtftptcpdump
PF_PACKET
dev_queue_xmit
Neighboring
UDP TCP . . . . .
L4
L3(ptype_base)
IPV4 ARP
…Network
Transport
ApplicationUser space
Kernel space
8/387th Korea Android Technical Conference (www.kandroid.org)
Understanding Linux Network Internals /proc files used by the IPv4 routing subsystem
error_bursterror_costflushgc_elasticitygc_intervalgc_min_interval_msgc_threshgc_timeoutmin_delaymax_delaymax_sizemin_adv_mssmin_pmtumtu_expiresredirect_loadredirect_numberredirect_silencesecret_interval
accept_redirectsaccept_source_routeforwardingmc_forwardingrp_filtersecure_redirectssend_redirectslog_martians
/
proc
sys
net
Ipv4/v6
confroute
net
all default
wlan0 lo rmnet0
ip_forwardicmp_echo_ignore_boradcasts
routert_acctrt_cacheip_mr_cacheip_mr_vif
statrt_cache
inet_init
inetdev_init
ip_rt_initip_mr_initfib_proc_init
devinet_init
9/387th Korea Android Technical Conference (www.kandroid.org)
The device driver stores in the net_device structure the time its most recent frame was received, and netif_rx stores the time the frame was received in the buffer itself. The local CPU ID is needed to retrieve the data structure associated with that CPU in a per-CPU vector, such as the following code in netif_rx: queue = &_ _get_cpu_var(softnet_data);
Understanding Linux Network Internals CPU's ingress queues
rmnet0 rmnet1 Rmnet n
DMADone
RxComplete
. . . . . .
CPU 1CPU 0
softnet_data
softnet_data
inpu
t_pk
t_qu
eue co
mpl
etio
n_qu
eue
net_
dev_
max
_bac
klo
g(3
00)
inpu
t_pk
t_qu
eue co
mpl
etio
n_qu
eue . . . . . . . . . . . .
10/387th Korea Android Technical Conference (www.kandroid.org)
• 3G: 3 세대 이동통신 기술 ( 아날로그 셀룰러폰이 1 세대 , 디지털 PCS 가 2 세대이다 .) 을 위한 ITU 규격이다 . 3G 는 장치가 정지해 있거나 또는 걷는 정도의 속도로 움직일 때에는 최고 384 Kbps 까지 , 그리고 차에서는 128 Kbps, 그리고 고정 장착되어 있는 경우에는 2Mbps 까지 전송 속도를 높일 수 있다 .
• Wi-Fi: 무선 이더넷 호환성 협회 즉 , WECA 에서 802.11b 무선 이더넷 표준에 대해 제공하고 있는 로고이다 . 호환성을 가진 PC 카드 및 컴퓨터는 Wi-Fi 로고를 사용할 수 있다 . WECA 의 임무는 Wi-Fi 제품의 상호 운용성을 보증하고 , Wi-Fi 가 전 세계의 무선랜 표준이 되도록 추진하는데 있다 . (/system/etc/apns-conf.xml )
• IPv4(Internet Protocol version 4): Internet Protocol 4 번째 판이며 , 전 세계적으로 사용된 첫 번째 인터넷 프로토콜이다 . IETF RFC 791(1981 년 9 월 ) 에 기술되어 있다 . IPv4 는 패킷 교환 네트워크 상에서 데이터를 교환하기 위한 프로토콜이다 .
• IPv6(Internet Protocol version 6): Internet Protocol 스택 중 네트워크 계층의 프로토콜로써 version 6 Internet Protocol 로 제정된 차세대 인터넷 프로토콜 을 말한다 . IPv6 와 기존 IPv4 사이의 가장 큰 차이점은 바로 IP 주소의 길이가 128 비트로 늘어 났다는 점이다 .
• VoIP (Voice over IP): IP 를 사용하여 음성정보를 전달하는 일련의 설비들을 위한 IP 전화기술이다 . 기존 IP 네트웍을 그대로 활용해 전화서비스를 통합 구현함으로써 전화 사용자들이 시내전화 요금만으로 인터넷 , 인트라넷 환경에서 시외 및 국제전화 서비스를 받을 수 있음 . (H.323, SIP, RTP, SDP, IMS, MGCP)
• SIP(Session Initiation Protocol): IETF 에서 정의한 시그널링 프로토콜로 음성과 화상 통화 같은 멀티미디어 세션을 제어하기 위해 널리 사용되며 , 하나 이상의 참가자들이 함께 세션을 만들고 , 수정하고 종료할 수 있게 한다 . (2002 년 7 월 RFC 3261 표준 )
3G/WiFi, IPV4/IPV6, SIP/VoIP
11/387th Korea Android Technical Conference (www.kandroid.org)
Differences Between IPv4 and IPv6 1/2The IPv4 address space is 2^32, or 4,294,967,296, possible addresses
(a little over 4 billion). In contrast, the IPv6 address space is 2^128,or 340,282,366,920,938,463,463,374,607,431,768,211,456 (3.4 × 10^38) possibleaddresses.
IPv6 Internet
IPv4
Internet
IPv6host
IPv6host
Native IPv6Native IPv6
6to4Server/relay
6to4Server/relay
6to4 tunnel
6to4 tunnel6to4 router
6to4 router
IPv6 island IPv6 island
Native IPv6
6to4
tunn
el
12/387th Korea Android Technical Conference (www.kandroid.org)
Differences Between IPv4 and IPv6 2/2
40 Octets
20 Octets
Destination Address
Source Address
Payload Length Next Header
HopLimit
Flow LabelVersion Traffic Class
Options PaddingDestination AddressSource Address
Time to Live Protocol Header ChecksumIdentification Flags Fragment
Offset
Total LengthVersion
IHL Type of Service
Field’s name kept from IPv4 to Ipv6Field not kept in IPv6Name and position changed in IPv6New field in IPv6
Payload Upper Layer
Hop by Hop Main header IN H/W Engine
Out
Process theHop-by-Hop EH CPU
Router
Network Scheduler
LEGEND
* IHL: internet header length * Details: RFC3697
13/387th Korea Android Technical Conference (www.kandroid.org)
Android Manifest.{permission | permission_group} for Network
Type Name DescriptionString ACCESS_NETWORK_STATE Allows applications to access information about networksString ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi net-
worksString CHANGE_NETWORK_STATE Allows applications to change network connectivity state
String CHANGE_WIFI_MULTICAST_STATE
Allows applications to enter Wi-Fi Multicast mode
String CHANGE_WIFI_STATE Allows applications to change Wi-Fi connectivity state
String INTERNET Allows applications to open network sockets.
String USE_SIP Allows an application to use SIP service
String RECORD_AUDIO Allows an application to record audio* Source:
http://developer.android.com/reference/android/Manifest.permission.html
Android Manifest.permission_group for NetworkType Name Description
String NETWORK Used for permissions that provide access to network-ing services.
Android Manifest.permission for Network
14/387th Korea Android Technical Conference (www.kandroid.org)
How to Get Network Information ( 1/3)
• Collect network information with Connectiovity Manager (android.net.ConnectivityManager)
• Permission - manifest.xml<uses-permission android:name=“android.permission.ACCESS_NETWORK_STATE” /><uses-permission android:name=“android.permission.ACCESS_WIFI_STATE” /><uses-permission android:name=“android.permission.CHANGE_WIFI_STATE” />
• Method to get Network Info
public int getNetworkInfo() {int result = 3;ConnectivityManager connectivityManager;NetworkInfo networkInfo;connectivityManager = (ConnectivityManager)
this.getSystemService(Context.CONNECTIVITY_SERVICE);networkInfo = connectivityManager.getActiveNetworkInfo();if (networkInfo == null) {
result = 2;} else {
if (networkInfo.getType() == 0) result = 0; // 3G MOBILE else result = 1; // WIFI NETWORK
}return result;
}
http://developer.android.com/reference/android/net/ConnectivityManager.html
15/387th Korea Android Technical Conference (www.kandroid.org)
How to Get Network Information ( 2/3) • Method to get WiFi Information
public void getWifiInfo() {WifiManager wifimanager;wifimanager = (WifiManager) getSystemService(Context.WIFI_SERVICE);
WifiInfo info = wifimanager.getConnectionInfo();
String ssid = info.getSSID();tvWifi.setText("SSID : " + ssid );
currwifi = "SSID : " + ssid;if (!currwifi.equals(prevwifi)){
strwifi = strwifi + "SSID : " + ssid + "\n";prevwifi = currwifi;
}tvWifi.setText(strwifi);
}
* WiFiManager wifi = (WifiManager) getSystemService(WIFI_SERVICE); * DhcpInfo info = wifi.getDhcpInfo();
* SSID: Service Set IDentifier
16/387th Korea Android Technical Conference (www.kandroid.org)
How to Get Network Information ( 3/3)
• Method to get SIP/VoIP Information according to SipManager (on Gingerbread)
public static SipManager newInstance(Context context) {return (isApiSupported(context) ? new SipManager(context) : null);}private SipManager(Context context) {mContext = context;createSipService();}private void createSipService() {IBinder b = ServiceManager.getService(Context.SIP_SERVICE);mSipService = ISipService.Stub.asInterface(b);
Permission - manifest.xml<uses-permission android:name=“android.permission.USE_SIP” /><uses-permission android:name=“android.permission.RECORD_AUDIO” /><uses-permission android:name=“android.permission.MODIFY_AUDIO_SETTING” />
public SipAudioCall makeAudioCall (SipProfile localProfile, SipProfile peerProfile,SipAudioCall.Listener listener, int timeout) throwsSipException {SipAudioCall call = new SipAudioCall(mContext, localProfile);call.setListener(listener);SipSession s = createSipSession(localProfile, null);…call.makeCall(peerProfile, s, timeout);return call;}
* SipAudioCall
* SipManagerCreation
17/387th Korea Android Technical Conference (www.kandroid.org)
*#*#4636#*#* for general settings like GSM/CDMA- IMEI (International Mobile Equipment Identity)- Phone number (if known)- Current network- Ping test- Signal strength- Location (signal latency & Cell ID)- Neighboring Cell IDs- Roaming state- GSM service status- GPRS service status- Current network type- Message waiting status- Call redirect status- Call status
*#*#8255#*#* for Gtalk service monitor- Google Talk host address & port- Your Google JID (presumably Jabber ID, as GTalk is based on Jabber IRC)- Your Device ID (presumably hashed from something)- GTalk connection status- GTalk heartbeat status
Hidden Secret Code
IMEI
18/387th Korea Android Technical Conference (www.kandroid.org)
protocol size sockets mem-ory press maxhdr slab module cl co di ac
HIDP 344 0 -1 NI 0 no kernel n n n nBNEP 344 0 -1 NI 0 no kernel n n n n
RFCOMM 352 0 -1 NI 0 no kernel n n n nSCO 352 0 -1 NI 0 no kernel n n n n
L2CAP 560 0 -1 NI 0 no kernel n n n nKEY 360 0 -1 NI 0 no kernel n n n n
PACKET 392 0 -1 NI 0 no kernel n n n nRAWv6 616 0 -1 NI 0 yes kernel y y y n
UDPLITEv6 600 0 -1 NI 0 yes kernel y y y nUDPv6 600 0 0 NI 0 yes kernel y y y nTCPv6 1,184 4 5 no 292 yes kernel y y y y
PPPOPNS 416 0 -1 NI 0 no kernel n n n nPPPOLAC 416 0 -1 NI 0 no kernel n n n nPPPOL2TP 416 0 -1 NI 0 no kernel n n n n
PPPOE 416 0 -1 NI 0 no kernel n n n nUNIX 368 59 -1 NI 0 yes kernel n n n n
UDP-Lite 472 0 -1 NI 0 yes kernel y y y nRAW 456 0 -1 NI 0 yes kernel y y y nUDP 472 2 0 NI 0 yes kernel y y y nTCP 1,056 0 5 no 292 yes kernel y y y yHCI 368 0 -1 NI 0 no kernel n n n n
NETLINK 384 8 -1 NI 0 no kernel n n n n
Network Protocols for Android
* RAW protocol: This protocol is one of the common computer languages that documents are translated into and then sent to a networked printer. The printer interprets the protocol and prints the document.
19/387th Korea Android Technical Conference (www.kandroid.org)
Traffic Monitoring using tcpdump 1/2Cross Compiling tcpdump source on Linux DistributionGet the latest source for libpcap and tcpdump from http://www.tcpdump.org
1. Compile libpcap sourcerhel6$> tar zxvf libpcap-1.1.1.tar.gzrhel6$> cd libpcap-1.1.1/rhel6$> CC=arm-kandroid-gcc ac_cv_linux_vers=2 ./configure --host=arm-linux --with-pcap=linuxrhel6$> make
2. Compile tcpdump sourcerhel6$> cd ..rhel6$> tar zxvf tcpdump-4.1.1.tar.gzrhel6$> cd tcpdump-4.1.1/rhel6$> CC=arm-kandroid-gcc ac_cv_linux_vers=2 ./configure --host=arm-linux --with-pcap=linuxrhel6$> vi ./Makefile a. remove the -O2 flag and add the -static flag to the linker (LD_FLAGS += -static) b. If you get the following error: undefined reference to `__isoc99_sscanf‘ , add #define _GNU_SOURCE in the faulty .c files.rhel6$> make
20/387th Korea Android Technical Conference (www.kandroid.org)
Traffic Monitoring using tcpdump 2/23. Copy to the android-rootfs based on NFSrhel6$> sudo cp tcpdump /opt/android-rootfs/
4. Run tcpdump rhel6#us> sudo ./adb devices ???????????? no permissions rhel6#us> sudo ./adb kill-server rhel6#us> sudo ./adb shell android#> cd /data/local android#> chmod 777 tcpdump-arm android#> ./tcpdump-arm -i rmnet0 not port 23 (ignoring telnet traffic on port 23)
21/387th Korea Android Technical Conference (www.kandroid.org)
Android market - Search – Download “Shark for Root (native)” software
Tcpdump source in Android Official Repository
#> vi ./mydroid-froyo/.repo/manifest.xml<project path="external/tcpdump" name="android/platform/external/tcpdump" />
./out/target/product/harmony/obj/EXECUTABLES/tcpdump_intermediates/tcpdump
./out/target/product/harmony/obj/EXECUTABLES/tcpdump_intermediates/LINKED/tcpdump./out/target/product/harmony/symbols/system/bin/tcpdump./out/target/product/harmony/system/xbin/tcpdump
http://android.git.kernel.org/platform/external/tcpdump.git
Git Repository
manifest
Binary Files
Android App
22/387th Korea Android Technical Conference (www.kandroid.org)
rhel6$> adb shell tcpdump -i any -p -s 0 -w /sdcard/data.pcap
... do whatever you want to capture, then “Ctrl+C” to stop it ...
rhel6$> adb pull /sdcard/data.pcap .rhel6$> sudo yum install wireshark # or ethereal, if you're still old versionrhel6$> wireshark ./capture.pcap # or ethereal
... look at your packets and be wise ...
Network Monitoring with wireshark on Host PC 1/3
Option Description
-i any listen on any network interface-p disable promiscuous mode (doesn't work anyway)
-s 0 capture the entire packet-w write packets to a file (rather than printing to stdout)
23/387th Korea Android Technical Conference (www.kandroid.org)
Network Monitoring with wireshark on Host PC 2/3
24/387th Korea Android Technical Conference (www.kandroid.org)
Utilize Shark for Root / Shark Reader software locally on Android Phone.
Network Monitoring with wireshark on Host PC 3/3
25/387th Korea Android Technical Conference (www.kandroid.org)
* Active UNIX domain sockets (servers and established)Proto RefCnt Flags Type State I-Node PID/Program name Pathunix 2 [ ACC ] STREAM LISTENING 966 1328/qmuxd /data/radio/qmux_connect_socketunix 2 [ ACC ] STREAM LISTENING 194631 26528/com.kt.iwlan /data/data/com.kt.iwlan/sock_kafunix 2 [ ] DGRAM 1194 1341/lgospd /data/misc/lgosp/ipc_diagunix 2 [ ] DGRAM 446966 19994/com.kt.wifisv /data/misc/wifi/kaf/kafif_svrunix 2 [ ] DGRAM 427196 19052/com.lge.osp /data/misc/lgosp/ipc_usbctrlunix 2 [ ] DGRAM 427197 19052/com.lge.osp /data/misc/lgosp/ipc_usbdataunix 2 [ ] DGRAM 1199 1341/lgospd /data/misc/lgosp/ipc_fs_accessunix 2 [ ] DGRAM 427199 19052/com.lge.osp /data/misc/lgosp/ipc_gr * * * * * Middle Omission * * * * * unix 2 [ ] STREAM 194614 23815/app_process unix 3 [ ] STREAM CONNECTED 13410 5792/adbd unix 3 [ ] STREAM CONNECTED 13409 5792/adbd unix 3 [ ] STREAM CONNECTED 2300 1330/rild /dev/socket/rildunix 3 [ ] STREAM CONNECTED 2299 1536/com.android.ph unix 3 [ ] STREAM CONNECTED 2014 1331/zygote /dev/socket/zygoteunix 3 [ ] STREAM CONNECTED 2013 1435/system_server unix 3 [ ] STREAM CONNECTED 1227 1329/lgesystemd /dev/socket/lgesystemdunix 3 [ ] STREAM CONNECTED 1994 1435/system_server unix 3 [ ] STREAM CONNECTED 1926 1325/vold /dev/socket/voldunix 3 [ ] STREAM CONNECTED 1925 1435/system_server unix 3 [ ] STREAM CONNECTED 1915 1326/netd /dev/socket/netdunix 3 [ ] STREAM CONNECTED 1914 1435/system_server unix 3 [ ] STREAM CONNECTED 1900 1336/dbus-daemon /dev/socket/dbusunix 3 [ ] STREAM CONNECTED 1899 1435/system_server unix 3 [ ] STREAM CONNECTED 1165 1338/installd /dev/socket/installdunix 3 [ ] STREAM CONNECTED 1400 1435/system_server unix 2 [ ] DGRAM 1367 1435/system_server unix 3 [ ] STREAM CONNECTED 1261 1328/qmuxd /data/radio/qmux_connect_socketunix 3 [ ] STREAM CONNECTED 1229 1336/dbus-daemon unix 3 [ ] STREAM CONNECTED 1228 1336/dbus-daemon unix 2 [ ] DGRAM 1200 1341/lgospd unix 2 [ ] DGRAM 1196 1341/lgospd unix 2 [ ] DGRAM 1195 1341/lgospd unix 3 [ ] STREAM CONNECTED 924 1/init unix 3 [ ] STREAM CONNECTED 923 1/init
Unix Socket Connection Information
26/387th Korea Android Technical Conference (www.kandroid.org)
Network Monitoring with netstat command 1/2
/sys/class/net/<rmnet0>/address/sys/class/net/<rmnet0>/statistics/{rx|tx}_packets
/proc/net/dev
RMNet slow, broken data but reliable connectionPPP(point-to-point proto-col)
fast, high speed data but somewhat unstable connection
RMNET(Mobile network interface in Linux kernel-speak) is what Google use for Android to connect to the internet to transmit the message to the MMSC server . The interface names "rmnet0”correspond respectively to EDGE/3G and Wi-Fi.
http://freshmeat.net/projects/net-tools/ http://code.google.com/p/android-group-korea/downloads/list
27/387th Korea Android Technical Conference (www.kandroid.org)
Network Monitoring with netstat command 2/2
cat /proc/devicescat /proc/meminfocat /proc/mountscat /proc/net/arpcat /proc/net/if_inet6cat /proc/net/ipv6_routecat /proc/net/routecat /proc/net/wirelesscat /proc/versiondf -ahgetprop dalvik.vm.execution-modegetprop dalvik.vm.heapsizegetprop gsm.version.basebandgetprop ro.build.fingerprintgetprop ro.product.versiongetprop ro.sf.lcd_densityifconfig -aip -f inet6 addrip -f inet6 route showip addrip route showlsmodnetcfgnetstat -apnWnetstat -rpnWpsroute -A inet6 -nroute -nuname -a
Under the Hood of App Inventor for Androidhttp://aschillings.co.uk/html/under_the_hood.html
28/387th Korea Android Technical Conference (www.kandroid.org)
DNS Resolver (RFC 3484 ) 2/2* RFC 3484 - http://tools.ietf.org/html/rfc3484 * ANDROID-RFC3484 - "RFC 3484 support for Android", 2010, Bionic uses a NetBSD-derived resolver library which has been modified in the following ways:
1. don't implement the name-server-switch feature (a.k.a. <nsswitch.h>)
2. read /system/etc/resolv.conf instead of /etc/resolv.conf ( ./bionic/libc/netbsd/net/getaddrinfo.c)
3. read the list of servers from system properties(getprop/setprop). the code looks for 'net.dns1', 'net.dns2', etc.. Each property should contain the IP address of a DNS server. These properties are set/modified by other parts of the Android system (e.g. the dhcpd daemon). The implementation also supports per-process DNS server list, using the properties 'net.dns1.<pid>', 'net.dns2.<pid>', etc... Where <pid> stands for the numerical ID of the current process.
4. when performing a query, use a properly randomized Query ID (instead of a incremented one), for increased security.
5. when performing a query, bind the local client socket to a random port for increased security.
6. get rid of *many* unfortunate thread-safety issues in the original code* Sources: Android Official
Repository
29/387th Korea Android Technical Conference (www.kandroid.org)
DNS Resolver (RFC 3484 ) 2/2# getprop[ro.secure]: [1][ro.allow.mock.location]: [0][ro.debuggable]: [0][persist.service.adb.enable]: [1][ro.factorytest]: [0]
. . . . . Middle Omission . . . . . .
[net.dns1]: [8.8.8.8][net.dns2]: [8.8.4.4][gsm.current.phone-type]: [1][gsm.operator.numeric]: [22110][gsm.operator.alpha]: [Kandroid Broadband IT][gsm.operator.iso-country]: [it][gsm.operator.isroaming]: [false][gsm.version.baseband]: [11.23.35.13H_3.35.03.20][EXTERNAL_STORAGE_STATE]: [mounted][gsm.network.type]: [UMTS][gsm.data.network.type]: [UMTS][gsm.sim.change]: [false][gsm.cb.max.channel]: [15]
30/387th Korea Android Technical Conference (www.kandroid.org)
PORT STATE SERVICE21/tcp filtered ftp22/tcp filtered ssh23/tcp filtered telnet79/tcp filtered finger80/tcp filtered http135/tcp filtered msrpc137/tcp filtered netbios-ns138/tcp filtered netbios-dgm139/tcp filtered netbios-ssn445/tcp filtered microsoft-ds707/tcp filtered unknown903/tcp filtered iss-console-mgr1025/tcp filtered NFS-or-IIS1433/tcp filtered ms-sql-s1521/tcp filtered oracle3306/tcp filtered mysql3389/tcp filtered ms-term-serv4444/tcp filtered krb5245000/tcp filtered UPnP5900/tcp filtered vnc6101/tcp filtered VeritasBackupExec6667/tcp filtered irc8080/tcp filtered http-proxy17300/tcp filtered kuang2
KRNIC /APNIC.[ ISP Organization Information ]Org Name : Korea Android Freetel Corp.Service Name 7THWINGOrg Address : seoul-city kandroid-dongOrg Detail Address: 306
[ ISP IPv4 Admin Contact Information ]Name : HONG, GILDONGPhone : +82-2-7127-1473E-Mail : [email protected]
[ ISP IPv4 Tech Contact Information ]Name : HONG, GILDONGPhone : +82-2-7127-147E-mail : [email protected]
[ ISP Network Abuse Contact Information ]Name : YANG, DEOLPOOLPhone : +82-2-210-9765E-mail : [email protected]
Case Study: Android Phone Attack with DDoS 1/2
PING-based Distributed Denial of Service (DDoS) attacks
while true; do ping -l 100000 -s 10 -f 49.56.xx.xx & ; sleep 2; done &
05:26:14.396126 IP 211.100.100.100 > 49.56.20.158: ICMP echo request, id 51001, seq 45, length 6405:26:14.396281 IP 49.56.20.158 > 211.100.100.100: ICMP echo reply, id 51001, seq 45, length 6405:26:15.406084 IP 211.100.100.100 > 49.56.20.158: ICMP echo request, id 51001, seq 46, length 6405:26:15.406349 IP 49.56.20.158 > 211.100.100.100: ICMP echo reply, id 51001, seq 46, length 6405:26:16.396119 IP 211.100.100.100 > 49.56.20.158: ICMP echo request, id 51001, seq 47, length 64 . . . . . . . . . . . . . . .
# for CPU Load 100% 49.56.XXX.XXX
(rmnet0)
rcvbuf is not enough to hold preload OOM
http://www.youtube.com/watch?v=kQwXJfQmoSkDemo:
31/387th Korea Android Technical Conference (www.kandroid.org)
DDoS Attacks (Distributed Denial-of-Service Attack): 분산되어 있는 다수의 시스템들이 하나의 표적 시스템을 공격하여 DoS [e.g :crash, halt, freeze] 를 발생시키는 공격기법
1. Buffer OverFlow(BOF) Attack: 컴퓨터의 한정된 메모리 공간과 처리속도 문제를 이용한 OverFlow 공격 기법
2. SYN Flooding: Three-Way Hand Shaking 연결에서 표적시스템의 응답에 침묵을 하는 방법
3. UDP Flooding: 공격자가 서비스를 수신할 IP 주소를 표적 시스템의 IP 주소로 변경하여 Traffic 과부하 방법
4. Smurf Attack : 공격자가 Src IP 주소를 표적시스템의 IP 주소로 바꾸어 ICMP Echo broadcast 하여 Traffic 과부하 발생시키는 방법
5. Teardrop Attack: 눈물방울공격으로 불리며 , 대량의 패킷을 아주 작은 조각으로 분리하여 전송하여 수신측에서 패킷을 재조립하는 과정에서 패킷 순서정보에 대한 결합 로드를 주어 시스템 다운 공격 방법 (http://www.ietf.org/rfc/rfc3128.txt)
Case Study: Android Phone Attack with DDoS 2/2
32/387th Korea Android Technical Conference (www.kandroid.org)
Connections between Network and Android Network Instruments-based Android Diagram
WiFi package (android.net.wifi)
VPN Package (android.net.vpn)
SIP Package(android.net.sip)
SIP Stack(NIST-SIP)
RTP Package(android.net.rtp)
JNIRTP(C++)
Telephony.SIP Package(com.android.internal.telephony.sip)
System/Functional Libraries
Application Framework
Application Phone APK SIP
(Setting/Receiver/Caller)
Dialer
Phone App
Network Audio/Video
bionic
(framework/base/voip/java/android/net)
external/nist-sip/*
/com/android/phone/sip
(arpa/inet)
Setting(WiFi/VPN)
/com/android/settings/
33/387th Korea Android Technical Conference (www.kandroid.org)
Connections between Network and Android SIP Architecture
PSTN
SoftPhone User
SIP Phone
Phone
Phone
RADIUS Server (FreeRADIUS)
Directory(OpenLDAP)
SIP proxy/registrar
IPBXPBX
(private branch exchange)
SIP-PSTN Gateway
Access router
kandroid’s
network
internet
34/387th Korea Android Technical Conference (www.kandroid.org)
SIP Proxy
LAN
IP PBX
IP PhoneIP Phone
IP Phone
IP Phone
IP Phone
SignalingVoice Stream
Connections between Network and Android SIP Connection Flow
SIP/SDP INVITE
SIP/SDP INVITE
SIP ACKSIP ACK
SIP: BYESIP: BYE
Status: 200OKStatus: 200OK
RTP/RTSP Stream
Status: 200OKStatus: 200OK
Status: 100 Trying
Status: 183 Session Progress
Status: 183 Session Progress
SIP Phone A
SIP Phone B
35/387th Korea Android Technical Conference (www.kandroid.org)
Connections between Network and Android Session and Audio Control
SIP Manager
SIP AUDIO Call
SIP Session
Simple Session Description
Audio Stream(RTP Stream Inheritance)
Audio Group
Audio Codecandroid.net.sipandroid.net.rtp
Audiocontrol
SDP SIP Session Management
SIP Object Creation & Call API
Service
SipService
SipSessionGroup
SipHelper
SipStackSipSessionSipAudioCa
ll
SimpleSessionDescriptioin
SipBroadCaseReceiver
SipPhoneFactory
SipPhone
SipCall
SipConnection
SipAudioCallListener
action_sip_add_profile
SIP Manage
r
PhoneFactory
RTP
• http://developer.android.com/resources/samples/SipDemo/index.html
Creating a SIP Manager
Making an Audio Call
Receiving Calls
Classes and Interfaces
Registering with a SIP Server
•Initiating SIP sessions.•Initiating and receiving calls.•Registering and unregistering with a SIP provider.•Verifying session connectivity.
36/387th Korea Android Technical Conference (www.kandroid.org)
Conclusion1. Many peer-to-peer networks are overlay networks because they are organized
as nodes of a virtual system of links run on top of the Internet.
2. The device driver stores in the ‘net_device’ structure the time its most recent frame was received, and ‘netif_rx’ stores the time the frame was received in the buffer itself.
3. We can manipulate to understand a lot of packets among the android mobile phone with tcpdump / wireshark. Utilize Shark for Root / Shark Reader software locally on Android Phone.
4. RMNET is what Google use for Android to connect to the internet to transmit the message.
5. Bionic uses a NetBSD-derived resolver(RFC3484) library which has been modified for mobile platform.
6. Android 2.3(API level 9) Provides access to Session Initiation Protocol (SIP) functionality, such as making and answering VOIP calls using SIP. To control how Android Market filters your application from devices that do not support SIP, remember to add the following to the application's manifest. <uses-feature android:name="android.hardware.sip.voip" />
RMNet slow, broken data but reliable connectionPPP(point-to-point proto-col)
fast , high speed data but somewhat unstable connec-tion
37/387th Korea Android Technical Conference (www.kandroid.org)
• How to reduce Google mail content ?Actually Google mail client of android phone read too many network packet ( e.g: imap header, imap body, images, linked contents) To reduce the contents of packet ASAP for good network traffic, We have to consider lighet-weight mail client directly with only imap header ).
• Whenever we find new wireless network address(APN) because of movement of the users, Why do we always repeat load/unload sequence of wireless kernel module for WiFi?
Think best behavior of kernel functions for effective battery saving and performance improvement.
• Our phone acquired too many network protocols, For example, We don't need unnecessary network protocol like RAW.
• Do we always wait for the connection completion of WiFi over 5seconds at New street? We have to find improved approach for the fast connection with tiny DNS resolver and Weighted based APN sorting
Think Time for Healthy Network Traffic
38/387th Korea Android Technical Conference (www.kandroid.org)
1. TCP/IP Illustrated Book - Volume 1: The Protocols, Addison-Wesley, 1994.- Volume 2: The Implementation, Addison-Wesley, 1995.- Volume 3: TCP for Transactions, HTTP, NNTP, and the UNIX Domain Protocols, Addison-Wesley, 1996.
2. UNIX Network Programming Book- Volume 1, Second Edition: Networking APIs: Sockets and XTI, Prentice Hall, 1998.- Volume 2, Second Edition: Interprocess Communications, Prentice Hall, 1999
3. Android Developers Google Groups , http://groups.google.com/group/android-developers
4. D. Andersen, H. Balakrishnan, M. Kaashoek, and R. Morris. Resilient Overlay Networks. In Proc. ACM SOSP, Oct. 2001.
5. "Basic Components of a Local Area Network (LAN)". NetworkBits.net. Retrieved 2008-04-08.
6. Android Developer Document , http://developer.android.com- android.net http://developer.android.com/reference/android/net/package-summary.html- android.net.sip http://developer.android.com/reference/android/net/sip/package-summary.html- android.net.wifi http://developer.android.com/reference/android/net/wifi/package-summary.html- SIP Demo http://developer.android.com/resources/samples/SipDemo/index.html
7. Understanding Linux Network Internals. Author: Christian Benvenuti. Publisher: O'Reilly.
8. XDA Forums, http://forum.xda-developers.com/
References
39/387th Korea Android Technical Conference (www.kandroid.org)
THANKS
Any Questions?
40/387th Korea Android Technical Conference (www.kandroid.org)
Appendix: The WRR network scheduler for Linux WRR(Weighted Round Robin) is a network scheduling module for Linux written by Christian Worm Mortensen. It has the ability to shape an internet connection without buying some expensive QoS solution from the ISP. It can even run on the firewall; thus making more efficient use of the firewall machine.
WRR worked on 2.4 kernels from 2.4.17 and newer and on most (if not all) 2.6 kernels until 2.6.28. If you need similar traffic shaping for 2.6.29 or later, consider using DRR (Deficit Round Robin) which has similar (but not identical) functionality. I have not yet myself switched to DRR so I will not (currently) provide any guidelines.
☞ 080820 releaseThis release is for 2.6.27 (tested). It will not work for older kernels. If you need support for older kernels, please use an older release below. It contains no new features but contains a one-line fix for an API change in 2.6.27. Please do not try 2.6.28 unless you are brave as it seems to have compatibility issues.
Jabber: [email protected]: M0ffe at freenode, Undernet and
Slashnet. wrr-linux-081114-2.6.27.patch.txt
41/387th Korea Android Technical Conference (www.kandroid.org)
Appendix: Open Source based Applications 1/2http://code.google.com/p/android-labs/wiki/NetMeterNetMeter allows to trouble-shoot performance problems by letting the user see network and CPU usage over time.
http://www.jaqpot.net/netcounter/NetCounter is a network traffic counter for the Android platform. GPLv3 license
# for Proxy-based network usersinvain$sl6> vi ~/.subversion/servers[global]http-proxy-host = 200.200.200.200http-proxy-port = 8080
42/387th Korea Android Technical Conference (www.kandroid.org)
Android network testerhttp://code.google.com/p/androidnetworktester/Fast Network Tester for Android
Appendix: Open Source based Applications 2/2Free SIP/VoIP client for Android (GPLV3)http://code.google.com/p/sipdroid/http://serweb.iptel.org/user/reg/
• Autorization Username : your-iptel-ID
• Password : your-iptel-pass • Server of Proxy : sip.iptel.org• Domain : iptel.org• Port : 5060(default)• Protocol : UDP(default)• sip: [email protected] • sip: [email protected]