Hello,
I would like to use NSRL - Android Reference Data Set (RDS) to identify known and unknown files.
Have anyone experience on this?
Is there separate Reference data set for Android? or Should I download whole bulk?
Thank you
Indi
Hi Indi,
At the moment, NIST don't publish a RDS for Mobile devices, but it is in the works.
Maybe someone else has developed one?
Mark
Thank you Mark, (sigh! ( )
Is there any other way or source I can use to verify files in Android platform. Actually I do not need whole complete thing. I want this feature to available in my University final year project. So a very small set of reference data is enough for me..
Anyone have idea on this? please
Could you make your own using a reference device/emulator?
Hi, Sorry for late attendance due to technical difficulties.
Problem of making my own list is lack of resources. I have only two android phones of different versions with different version of applications and apps. So making of reliable list is difficult as I am unable to verify across several device app combination and cannot get hashes for multiple application versions.
Anyway I created a simple list using existing apps
There is a bit more to this than just a few Android builds.
You would have to have Android OS versions, hardware makers/models/versions, and finally carrier versions.
So the potential combination is high.
This does not mean such database cannot be narrowed to files which are consistent across all make, model, and carrier.
Yes, But I felt in this way
Since we are cross checking hash values of list of applications in our target device, against a known hash set, having a list with correct hash values are sufficient. Because, every different application has unique hash value. So by comparing hashes in two sets we can identify what are good files/bad files and unknown files. So argument is we do not need to worry about other facts like android version, hardware, application versions when maintaining reference hash set.
Please correct me if wrong, I am a newbie. )
Yes, But I felt in this way
Since we are cross checking hash values of list of applications in our target device, against a known hash set, having a list with correct hash values are sufficient. Because, every different application has unique hash value. So by comparing hashes in two sets we can identify what are good files/bad files and unknown files. So argument is we do not need to worry about other facts like android version, hardware, application versions when maintaining reference hash set.
Please correct me if wrong, I am a newbie. )
You are wrong. Your presumption is that "we do not need to worry" about details. Example - think about the ARM implementations. Do you think ARM9 device will have the same code as an ARM11? Then what is the point of moving version?
Take a simple C code and compile it on Windows XP. Now take that some code and compile it under Windows 8.1. Finally, take the C code and compile it under iOS 6 and 8.
Hash the results. Will you get the same hashes?
Same thing with the Android.
No, Hashes are definitely different, no single bit different file get a same hashes, that why we are using hashes to check integrity. I 100% agree, What I meant is different in the hash list do we need to maintain hardware/ version and other relevant info i.e
ARM9 xyz hash1234
ARM11 xyz hash0234
like wise. In comparison we only interested in hash values corresponding. (I am asking because I want to create a simple set of hashes for some project)
What I meant is different in the hash list do we need to maintain hardware/ version and other relevant info
I think you are missing their point. They are saying that to compile a list of known good Android hash values is a monumental feat because there are so many makes, models, OS versions, App versions, and so on.
By contrast, NSRL can do what they do because Windows (for instance) comes out with a new version every few years, programs are also relatively slow to update. However, even with one version of Android, every phone manufacturer will tweak the code, replace apps, tweak the apps they do keep in. Now multiple that by every version of Android.
This is a near impossible feat for the NSRL; which, last I heard, is only possible because people donate software to them for cataloging. To do this, they'd have an unbelievable number of phones donated to them - and somehow find a way to hash and catalog the files contained within.
(I am asking because I want to create a simple set of hashes for some project)
So, do it. You can get phones from various sources on the cheap, and dump them through various methods - from the cheap (ADB) to expensive (gold-plated Cellebrite). Now, hash them.