Software Write Bloc...
 
Notifications
Clear all

Software Write Blocker for Android

4 Posts
4 Users
0 Likes
789 Views
 indi
(@indi)
Posts: 51
Trusted Member
Topic starter
 

Hi All,

In my university project I would like to implement a simple software write blocker for Android mobile forensics. Would anyone help me with this?

I would like to know how it works in basic level?
How to start implementation? Any code samples would help me a lot.

Many Thanks,
Indi

 
Posted : 15/08/2014 8:01 am
(@thefuf)
Posts: 262
Reputable Member
 

Hi All,

In my university project I would like to implement a simple software write blocker for Android mobile forensics. Would anyone help me with this?

I would like to know how it works in basic level?
How to start implementation? Any code samples would help me a lot.

Many Thanks,
Indi

Since Android is based on the Linux kernel, the question is how to block write commands going to a block device on Linux? At present, write blocking is not implemented in the Linux kernel.

Some forensic Linux distributions (like PALADIN and grml) turn all block devices to read-only mode by doing BLKROSET ioctl calls (e.g. via "blockdev –setro /dev/sda" or "hdparm -r1 /dev/sda" commands, both blockdev and hdparm share the same method; see the source code of the blockdev tool here http//util-linux.sourcearchive.com/documentation/2.19.1-5/blockdev_8c_source.html), but this approach is totally wrong many kernel drivers still send write commands to block devices ignoring the read-only flag set (however, this approach is acceptable if you only want to minimize writes to block devices, but not to block them all). I guess this will work on Android too.

Implementing forensically sound write blocking requires you to apply a corresponding patch to the Linux kernel (which will block any writes going to a read-only block device), rebuild the kernel and reboot the system. Applying the patch on a running system is too complicated, since this requires you to patch a code loaded in the memory and possibly running now on a multi-processor system. If you are interested in patching the running kernel, take a look at ksplice and kprobes. The latter uses "alternatives" subsystem of the Linux kernel, which has the state-of-art code to apply patches to the running kernel without stopping it temporarily and without the need to patch the code only at the moment when it's not executed and when no function is going to return to the patched code (however, required functions from "alternatives" subsystem are not exported, so kernel modules can't access them as exported symbols, and you need to reimplement the same code in your module).

 
Posted : 17/08/2014 6:46 pm
(@Anonymous)
Posts: 0
Guest
 

Hi,

You can use Dolphin Browser on android mobile. This tool acts as one of the perfect software blocking tool. Get this tool from Softonic.

Thanks and regards

 
Posted : 24/09/2014 6:59 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Hi,

You can use Dolphin Browser on android mobile. This tool acts as one of the perfect software blocking tool. Get this tool from Softonic.

Thanks and regards

Really? ?

All this time I thought it was a Web Browser ? and that it should be obtained from the actual manufacturer's site
http//dolphin-browser.com/
(and in any case NEVER from Softonic, unless you want to risk having some added adware)

jaclaz

 
Posted : 24/09/2014 8:36 pm
Share: