Notifications
Clear all

NSRL -Android

10 Posts
4 Users
0 Likes
800 Views
 indi
(@indi)
Posts: 51
Trusted Member
Topic starter
 

Hello,

I would like to use NSRL - Android Reference Data Set (RDS) to identify known and unknown files.
Have anyone experience on this?

Is there separate Reference data set for Android? or Should I download whole bulk?

Thank you
Indi

 
Posted : 19/12/2014 11:57 am
(@mark_adp)
Posts: 63
Trusted Member
 

Hi Indi,

At the moment, NIST don't publish a RDS for Mobile devices, but it is in the works.

Maybe someone else has developed one?

Mark

 
Posted : 19/12/2014 2:13 pm
 indi
(@indi)
Posts: 51
Trusted Member
Topic starter
 

Thank you Mark, (sigh! ( )

Is there any other way or source I can use to verify files in Android platform. Actually I do not need whole complete thing. I want this feature to available in my University final year project. So a very small set of reference data is enough for me..

Anyone have idea on this? please

 
Posted : 19/12/2014 3:28 pm
(@mark_adp)
Posts: 63
Trusted Member
 

Could you make your own using a reference device/emulator?

 
Posted : 20/12/2014 11:46 am
 indi
(@indi)
Posts: 51
Trusted Member
Topic starter
 

Hi, Sorry for late attendance due to technical difficulties.

Problem of making my own list is lack of resources. I have only two android phones of different versions with different version of applications and apps. So making of reliable list is difficult as I am unable to verify across several device app combination and cannot get hashes for multiple application versions.

Anyway I created a simple list using existing apps

 
Posted : 03/01/2015 5:57 pm
jhup
 jhup
(@jhup)
Posts: 1442
Noble Member
 

There is a bit more to this than just a few Android builds.

You would have to have Android OS versions, hardware makers/models/versions, and finally carrier versions.

So the potential combination is high.

This does not mean such database cannot be narrowed to files which are consistent across all make, model, and carrier.

 
Posted : 05/01/2015 10:19 pm
 indi
(@indi)
Posts: 51
Trusted Member
Topic starter
 

Yes, But I felt in this way

Since we are cross checking hash values of list of applications in our target device, against a known hash set, having a list with correct hash values are sufficient. Because, every different application has unique hash value. So by comparing hashes in two sets we can identify what are good files/bad files and unknown files. So argument is we do not need to worry about other facts like android version, hardware, application versions when maintaining reference hash set.

Please correct me if wrong, I am a newbie. )

 
Posted : 06/01/2015 2:19 pm
jhup
 jhup
(@jhup)
Posts: 1442
Noble Member
 

Yes, But I felt in this way

Since we are cross checking hash values of list of applications in our target device, against a known hash set, having a list with correct hash values are sufficient. Because, every different application has unique hash value. So by comparing hashes in two sets we can identify what are good files/bad files and unknown files. So argument is we do not need to worry about other facts like android version, hardware, application versions when maintaining reference hash set.

Please correct me if wrong, I am a newbie. )

You are wrong. Your presumption is that "we do not need to worry" about details. Example - think about the ARM implementations. Do you think ARM9 device will have the same code as an ARM11? Then what is the point of moving version?

Take a simple C code and compile it on Windows XP. Now take that some code and compile it under Windows 8.1. Finally, take the C code and compile it under iOS 6 and 8.

Hash the results. Will you get the same hashes?

Same thing with the Android.

 
Posted : 06/01/2015 11:27 pm
 indi
(@indi)
Posts: 51
Trusted Member
Topic starter
 

No, Hashes are definitely different, no single bit different file get a same hashes, that why we are using hashes to check integrity. I 100% agree, What I meant is different in the hash list do we need to maintain hardware/ version and other relevant info i.e

ARM9 xyz hash1234
ARM11 xyz hash0234

like wise. In comparison we only interested in hash values corresponding. (I am asking because I want to create a simple set of hashes for some project)

 
Posted : 07/01/2015 7:37 am
(@twjolson)
Posts: 417
Honorable Member
 

What I meant is different in the hash list do we need to maintain hardware/ version and other relevant info

I think you are missing their point. They are saying that to compile a list of known good Android hash values is a monumental feat because there are so many makes, models, OS versions, App versions, and so on.

By contrast, NSRL can do what they do because Windows (for instance) comes out with a new version every few years, programs are also relatively slow to update. However, even with one version of Android, every phone manufacturer will tweak the code, replace apps, tweak the apps they do keep in. Now multiple that by every version of Android.

This is a near impossible feat for the NSRL; which, last I heard, is only possible because people donate software to them for cataloging. To do this, they'd have an unbelievable number of phones donated to them - and somehow find a way to hash and catalog the files contained within.

(I am asking because I want to create a simple set of hashes for some project)

So, do it. You can get phones from various sources on the cheap, and dump them through various methods - from the cheap (ADB) to expensive (gold-plated Cellebrite). Now, hash them.

 
Posted : 07/01/2015 12:10 pm
Share: