You are on page 1of 48

The passion is not speed, but Direction !

7 th Kandroid Conference

Google GMS(Google Mobile Services) 분석 [2]

The passion is not speed, but Direction ! 7 Kandroid Conference Google GMS (Google Mobile Services)

2011. 3. 11.

www.kandroid.org 운영자 : 양정수 (yangjeongsoo at gmail.com), 닉네임: 들풀

The passion is not speed, but Direction ! 7 Kandroid Conference Google GMS (Google Mobile Services)

7 th Kandroid Conference

  • 1. 서론 : Why GMS?

  • 2. 분석환경 Setup

    • - How to get GMS Apps?

    • - Application Code Reverse Engineering

    • - MITM(Man In The Middle) Attack

    • - Network Protocol Guessing & Testing

    • - Summary

  • 3. GMS 기술

    • - GSF(Google Service Framework)

    • - Google Services

    • - Service Integration Technology

  • 4. GMS 이슈

    • - Network Traffic

    • - Battery

    • - Privacy

  • 5. 결론 : What is Android? and then…

  • 7 Kandroid Conference 1. 서론 : Why GMS? 2. 분석환경 Setup - How to get GMS

    서론 : Why GMS?

    서론 : Why GMS?

    What is the killer apps ?

    서론 : Why GMS? What is the killer apps ? One of the things you’re gonna

    One of the things you’re gonna witness is how Google’s cloud services tie together all these different applications and all these different companies that are making devices in all these different segments.

    서론 : Why GMS? To the best of Our Knowledge, this is the killer app.

    서론 : Why GMS? To the best of Our Knowledge, this is the killer app.
    New Technology 2007 2008 2009 2010 2011 E 1 2 3 4 5 6 7 8
    New
    Technology
    2007
    2008
    2009
    2010
    2011
    E
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10 11
    Android SDK
    API Level
    M
    M1
    C
    D
    E
    F
    G
    ?
    AOSP
    Branch
    1
    2
    34
    5
    5b
    Android NDK
    Revision
    Open Handset
    Alliance (OHA)
    T-Mobile USA
    SKT
    KT
    LGT
    Mobile
    Network Traffic Issue
    Operators
    Qualcomm
    Qualcomm
    Samsung
    MSM7201a
    Snapdragon
    S5PC110
    Semiconductor
    MPCore Issue
    Companies
    SEC
    G1
    G2
    G3
    N1
    Galaxy-S
    NS
    Handset
    Manufacturers
    http://www.google.com/phone/
    LGE/SEC
    CTS & Standard Issue
    Add-on API
    ?
    Google
    GMS
    • 1. 서론 : Why GMS?

    7 th Kandroid Conference

    • 2. 분석환경 Setup

      • - How to get GMS Apps?

      • - Application Code Reverse Engineering

      • - MITM(Man In The Middle) Attack

      • - Network Protocol Guessing & Testing

      • - Summary

    • 3. GMS 기술

      • - GSF(Google Service Framework)

      • - Google Services

      • - Service Integration Technology

  • 4. GMS 이슈

    • - Network Traffic

    • - Battery

    • - Privacy

  • 5. 결론 : What is Android? and then…

  • 1. 서론 : Why GMS? 7 Kandroid Conference 2. 분석환경 Setup - How to get GMS

    분석환경 Setup - 1 : How to get Google GMS?

    분석환경 Setup - 1 : How to get Google GMS?
    • Partnership with Google Inc. GMS / Document / Build Configuration • Deodexing from Real Device
    Partnership with Google Inc.
    GMS / Document / Build Configuration
    Deodexing from Real Device
    http://kwangwoo.blogspot.com/2010/08/build-boot-and-system-images-for-nexus.html
    Unyaffs from Unknown Source
    http://www.kandroid.org/board/board.php?board=HTCDream&command=body&no=123
    Add-onSite URL : http://www.kandroid.org/android/repository/kandroid_adp_api8r2.xml

    분석환경 Setup - 2 : Application Code Reverse Engineering

    분석환경 Setup - 2 : Application Code Reverse Engineering
    GMS Apps Sources
    GMS
    Apps
    Sources

    http://java.decompiler.free.fr/

    분석환경 Setup - 2 : Application Code Reverse Engineering GMS Apps Sources http://java.decompiler.free.fr/ JAD http://code.google.com/p/dex2jar/ Dex2Jar
    JAD
    JAD

    http://code.google.com/p/dex2jar/

    분석환경 Setup - 2 : Application Code Reverse Engineering GMS Apps Sources http://java.decompiler.free.fr/ JAD http://code.google.com/p/dex2jar/ Dex2Jar
    Dex2Jar
    Dex2Jar

    http://code.google.com/p/android-apktool/

    분석환경 Setup - 2 : Application Code Reverse Engineering GMS Apps Sources http://java.decompiler.free.fr/ JAD http://code.google.com/p/dex2jar/ Dex2Jar
    GMS Apps ApkTool
    GMS
    Apps
    ApkTool
    Java Dalvik Unsigned jarsigner (classes) (.dex) Android (keytool) Application (.apk) Ref. Libs ∥ zipalign Zip Compressed
    Java
    Dalvik
    Unsigned
    jarsigner
    (classes)
    (.dex)
    Android
    (keytool)
    Application
    (.apk)
    Ref. Libs
    zipalign
    Zip
    Compressed
    adb(pm)
    XML Res.
    File
    install
    Resources
    Compilation
    +
    Other Res.
    am
    Key
    Pre-process
    start
    (Debug Key
    Manifest
    Custom Key)

    분석환경 Setup - 2 : Application Code Reverse Engineering

    분석환경 Setup - 2 : Application Code Reverse Engineering
    Error 발생한 이유? : Java Decompiler
    Error 발생한 이유? : Java Decompiler

    분석환경 Setup - 2 : Application Code Reverse Engineering

    분석환경 Setup - 2 : Application Code Reverse Engineering
    분석환경 Setup - 2 : Application Code Reverse Engineering 7 Kandroid Conference - www. k android.org

    분석환경 Setup - 3 : MITM(Man In The Middle) Attack

    분석환경 Setup - 3 : MITM(Man In The Middle) Attack
    분석환경 Setup - 3 : MITM(Man In The Middle) Attack TLS/SSL Google Connection Server mtalk.google.com fake
    분석환경 Setup - 3 : MITM(Man In The Middle) Attack TLS/SSL Google Connection Server mtalk.google.com fake

    TLS/SSL

    Google Connection Server mtalk.google.com
    Google
    Connection
    Server
    mtalk.google.com
    분석환경 Setup - 3 : MITM(Man In The Middle) Attack TLS/SSL Google Connection Server mtalk.google.com fake
    fake fake mtalk. google. TLS/SSL com TLS/SSL MITM attack (Man In The Middle)
    fake
    fake
    mtalk.
    google.
    TLS/SSL
    com
    TLS/SSL
    MITM attack
    (Man In The Middle)
    Google Connection Server mtalk.google.com
    Google
    Connection
    Server
    mtalk.google.com

    분석환경 Setup - 3 : MITM(Man In The Middle) Attack

    분석환경 Setup - 3 : MITM(Man In The Middle) Attack
    • > openssl genrsa -des3 -out MYCA.key 2040 > openssl req -new -key MYCA.k ey -x509 -days 1095 -out MYCA.crt

    분석환경 Setup - 3 : MITM(Man In The Middle) Attack > openssl genrsa -des3 -out MYCA.key
    • > openssl genrsa -des3 -out fake_mtalk_cert.key > openssl req -new -key fake_mtalk_cert.key -out fake_mtalk_cert.csr => 매우 중요 : subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=mtalk.google.com > openssl x509 -req -days 365 -in fake_mtalk_cert.csr -CA MYCA.crt -CAkey MYCA.key \ -CAcreateserial -out fake_mtalk_cert.crt > cat fake_mtalk_cert.crt fake_mtalk_cert.key > fake_mtalk_cert.pem

    3
    3

    분석환경 Setup - 3 : MITM(Man In The Middle) Attack

    분석환경 Setup - 3 : MITM(Man In The Middle) Attack
    4 void mtalk_gw_serv_ssl_init(void) { SSLeay_add_ssl_algorithms (); if((serv_ctx = SSL_CTX_new (SSLv23_server_method())) == NULL) { exit(1); } SSL_CTX_set_quiet_shutdown
    4
    void mtalk_gw_serv_ssl_init(void)
    {
    SSLeay_add_ssl_algorithms ();
    if((serv_ctx = SSL_CTX_new (SSLv23_server_method())) == NULL) {
    exit(1);
    }
    SSL_CTX_set_quiet_shutdown (serv_ctx,1);
    SSL_CTX_set_session_cache_mode (serv_ctx,SSL_SESS_CACHE_OFF);
    if (!SSL_CTX_use_RSAPrivateKey_file (serv_ctx, PEM_FILE, SSL_FILETYPE_PEM)) {
    fprintf(stderr, "could not load RSA private key from [%s]\n", PEM_FILE);
    exit(1);
    }
    if (!SSL_CTX_use_certificate_file (serv_ctx, PEM_FILE, SSL_FILETYPE_PEM)) {
    fprintf(stderr, "could not load certificate from [%s]\n", PEM_FILE); exit(1);
    }
    }
    void mtalk_gw_cli_ssl_init(void)
    {
    SSLeay_add_ssl_algorithms ();
    if((cli_ctx = SSL_CTX_new (SSLv3_client_method())) == NULL) {
    fprintf (stderr, "could not initialize SSL_CTX structure\n"); exit(0);
    }
    SSL_CTX_set_quiet_shutdown (cli_ctx, 1);
    }

    분석환경 Setup - 3 : MITM(Man In The Middle) Attack

    분석환경 Setup - 3 : MITM(Man In The Middle) Attack
    분석환경 Setup - 3 : MITM(Man In The Middle) Attack 7 Kandroid Conference - www. k

    분석환경 Setup - 4 : Network Protocol Guessing & Testing

    분석환경 Setup - 4 : Network Protocol Guessing & Testing
    분석환경 Setup - 4 : Network Protocol Guessing & Testing 7 Kandroid Conference - www. k

    분석환경 Setup - 4 : Network Protocol Guessing & Testing

    분석환경 Setup - 4 : Network Protocol Guessing & Testing
    Example : mtalk.proto file message LoginRequest { required string id = 1; required string domain =
    Example : mtalk.proto file
    message LoginRequest {
    required string id = 1;
    required string domain = 2;
    required string user = 3;
    required string resource = 4;
    required string token = 5;
    optional string deviceId = 6;
    optional int64 lastRmqId = 7;
    repeated Setting settings = 8;
    optional int32 compress = 9;
    repeated string persistentIds = 10;
    optional bool useRmq = 11;
    optional bool adaptiveHeartbeat = 12;
    optional HeartbeatStat heartbeatStat = 13;
    optional bool useRmq2 = 14;
    }
    … ..

    분석환경 Setup - 4 : Network Protocol Guessing & Testing

    분석환경 Setup - 4 : Network Protocol Guessing & Testing
    Source : http://code.google.com/p/protobuf/ 1. Download Protocol Buffer Library 2. Install Protocol Buffer > tar xvfz protobuf-2.3.0.tar.gz
    Source : http://code.google.com/p/protobuf/
    1.
    Download Protocol Buffer Library
    2.
    Install Protocol Buffer
    > tar xvfz protobuf-2.3.0.tar.gz
    > cd protobuf-2.3.0
    > ./configure
    > make install
    > cd python
    > python setup.py install
    3.
    Sample Code Usage
    -
    sample proto file create (ex, mtalk.proto)
    -
    protoc --python_out=. mtalk.proto (result : mtalk_pb2.py)
    -
    write your testing code…

    분석환경 Setup - 4 : Network Protocol Guessing & Testing

    분석환경 Setup - 4 : Network Protocol Guessing & Testing
    분석환경 Setup - 4 : Network Protocol Guessing & Testing 7 Kandroid Conference - www. k

    분석환경 Setup : Summary

    분석환경 Setup : Summary
    /system/etc/hosts /system/etc/security/cacerts.bks
    /system/etc/hosts
    /system/etc/security/cacerts.bks

    MITM attack (Man In The Middle) at Ethernet

    fake fake mtalk. TLS/SSL google. TLS/SSL com Custom fake Custom fake Protocol Android CA Packet Packet
    fake
    fake
    mtalk.
    TLS/SSL
    google.
    TLS/SSL
    com
    Custom
    fake
    Custom
    fake
    Protocol
    Android
    CA
    Packet
    Packet
    Cert
    Buffer
    Digital
    Log
    Report
    Image
    Server
    Deserialzer
    Signing
    fake
    fake
    mtalk.
    TLS/SSL
    google.
    TLS/SSL
    com
    MITM attack
    (Man In The Middle)
    at Internet
    Google Connection Server mtalk. google.com
    Google
    Connection
    Server
    mtalk.
    google.com

    분석환경 Setup : Summary

    분석환경 Setup : Summary
    분석환경 Setup : Summary 7 Kandroid Conference - www. k android.org 19

    분석환경 Setup : Summary

    분석환경 Setup : Summary
    분석환경 Setup : Summary 7 Kandroid Conference - www. k android.org 20
    • 1. 서론 : Why GMS?

    • 2. 분석환경 Setup

      • - How to get GMS Apps?

      • - Application Code Reverse Engineering

      • - MITM(Man In The Middle) Attack

      • - Network Protocol Guessing & Testing

      • - Summary

    7 th Kandroid Conference

    • 3. GMS 기술

      • - GSF(Google Service Framework)

      • - Google Services

      • - Service Integration Technology

    • 4. GMS 이슈

      • - Network Traffic

      • - Battery

      • - Privacy

  • 5. 결론 : What is Android? and then…

  • 1. 서론 : Why GMS? 2. 분석환경 Setup - How to get GMS Apps? - Application

    GMS 기술분석 - 2 : GSF(Google Service Framework)

    GMS 기술분석 - 2 : GSF(Google Service Framework)
    GSF Total Components : 60(+8)개 permission-tree : 1개 permission : 54개 Activity : 39개 uses-permission :
    GSF Total Components : 60(+8)개
    permission-tree : 1개
    permission : 54개
    Activity : 39개
    uses-permission : 55개
    ContentProvider : 4개
    android:grantUriPermissions : 1개
    Service : 8개
    path-permission : 1개
    BroadcastReceiver : 9(+8)개
    android:permission : 2개
    Intent : Bundle of Informations
    Explicit : Call Class
    android:readPermission : 4개
    Implicit : IntentFilter : 26(+8)개
    Action, Data, Category
    android:writePermission : 4개
    Process : com.google.android.gapps
    Include
    Dalvik VM
    Package : GoogleServicesFramework.apk

    GMS 기술분석 - 2 : GSF(Google Service Framework)

    GMS 기술분석 - 2 : GSF(Google Service Framework)
    Package Name A R CP S 비고 com + android.common (+1) NetworkConnectivityListener, OperationScheduler + google +
    Package Name
    A
    R
    CP
    S
    비고
    com
    +
    android.common
    (+1)
    NetworkConnectivityListener, OperationScheduler
    + google
    + android
    + common
    + gsf
    + checkin
    + gservices
    + gtalkservice
    + service
    + login
    + loginservice
    + settings
    + subscribedfeeds
    + talk
    + update
    + gtalkservice
    + common
    + wireless.gdata
    + net.oauth
    + org.jivsoftware
    Sub Total : 60(+8)
    gdata,http,Cvs,GoogleWebContentHelper,LoggingThreadedSyncAdapter
    4
    2
    1
    1
    1 1(+2)
    2
    (+2)
    26
    (+2)
    81
    1
    2
    1
    1
    12
    1
    2 1(+1)
    1
    base,collect,io.protocol
    client,data,parser,serializer,subscribedfeeds,GDataException
    signature,OAuth ....
    smack,smackx
    39 9(+8)
    4
    8

    GMS 기술분석 - 2 : GSF(Google Service Framework)

    GMS 기술분석 - 2 : GSF(Google Service Framework)

    GSF : ContentProvider (4)

    1 4
    1
    4
    GMS 기술분석 - 2 : GSF(Google Service Framework) GSF : ContentProvider (4) 1 4 GSF Externals
    GSF Externals
    GSF Externals
    VoiceSearch GoogleFeedback GoogleQuickSearchBox SetupWidzard Talk / Gmail GoogleBackupTransport GoogleContactsSyncAdapter MediaUploader NetworkLocation / Vending GoogleCalendarSyncAdapter
    VoiceSearch
    GoogleFeedback
    GoogleQuickSearchBox
    SetupWidzard
    Talk / Gmail
    GoogleBackupTransport
    GoogleContactsSyncAdapter
    MediaUploader
    NetworkLocation / Vending
    GoogleCalendarSyncAdapter
    Talk
    Talk
    VoiceSearch / GenieWidget GoogleQuickSearchBox GooglePartnerSetup MapLibrary / Street MediaUploader NetworkLocation / Vending
    VoiceSearch / GenieWidget
    GoogleQuickSearchBox
    GooglePartnerSetup
    MapLibrary / Street
    MediaUploader
    NetworkLocation / Vending
    Gmail GoogleContactsSyncAdapter GoogleCalendarSyncAdapter
    Gmail
    GoogleContactsSyncAdapter
    GoogleCalendarSyncAdapter

    GService

    GMS 기술분석 - 2 : GSF(Google Service Framework) GSF : ContentProvider (4) 1 4 GSF Externals

    content://com.google.android.gsf.gservices

    content://com.google.android.gsf.gservices/prefix

    content://com.google.android.gsf.gservices/main

    content://com.google.android.gsf.gservices/override

    content://com.google.android.providers.talk/<path>

    Talk 2 Setting 3
    Talk
    2
    Setting
    3
    GMS 기술분석 - 2 : GSF(Google Service Framework) GSF : ContentProvider (4) 1 4 GSF Externals

    content://com.google.settings/partner

    GMS 기술분석 - 2 : GSF(Google Service Framework) GSF : ContentProvider (4) 1 4 GSF Externals

    content://subscribedfeeds/feeds

    content://subscribedfeeds/deleted_feeds

    Feeds

    GMS 기술분석 - 2 : GSF(Google Service Framework) GSF : ContentProvider (4) 1 4 GSF Externals

    GMS 기술분석 - 2 : GSF(Google Service Framework)

    GMS 기술분석 - 2 : GSF(Google Service Framework)
    GSF : Service (8)
    GSF : Service (8)

    GSF Externals

    1 A: com.google.android.gsf.action.GET_GLS B: IGoogleLoginService
    1
    A: com.google.android.gsf.action.GET_GLS
    B: IGoogleLoginService

    A: android.intent.action.START_RESTORE

    NetworkMonitor
    NetworkMonitor
    S:B: LoginActivityTask$4
    S:B: LoginActivityTask$4
    S: ServiceAutoStarter B: ConnectionAuthErrorDialog
    S: ServiceAutoStarter
    B: ConnectionAuthErrorDialog
    DataMessageManager
    DataMessageManager
    SetupWizard Talk Vending
    SetupWizard
    Talk
    Vending
    GMS 기술분석 - 2 : GSF(Google Service Framework) GSF : Service (8) GSF Externals 1 A:
    2 C: IGTalkService.class.getName() B: IGTalkService
    2
    C: IGTalkService.class.getName()
    B: IGTalkService
    3
    3

    A: com.google.android.c2dm.intent.UNREGISTER

    S: .gtalkservice.PushMessagingRegistrar

    4 5 7 CheckinService EventLogService SystemUpdateService 8 7 SubscribedFeedsSyncAdapterService SubscribedFeedsIntentService 2 3 1 GTalkService PushMessagingRegistrar GoogleLoginService
    4
    5
    7
    CheckinService
    EventLogService
    SystemUpdateService
    8
    7
    SubscribedFeedsSyncAdapterService
    SubscribedFeedsIntentService
    2
    3
    1
    GTalkService
    PushMessagingRegistrar
    GoogleLoginService

    GMS 기술분석 - 2 : GSF(Google Service Framework)

    GMS 기술분석 - 2 : GSF(Google Service Framework)
    Package Name A R CP S com + android.common + google + android + common +
    Package Name
    A
    R
    CP
    S
    com
    + android.common
    + google
    + android
    + common
    + gsf
    + checkin
    + gservices
    + gtalkservice
    + service
    + login
    + loginservice
    + settings
    + subscribedfeeds
    + talk
    + update
    + gtalkservice
    + common
    + wireless.gdata
    + net.oauth
    + org.jivsoftware
    Sub Total : 60(+8)
    (+1)
    4
    2
    1
    1
    1 1(+2)
    2
    (+2)
    26
    (+2)
    81
    1
    2
    1
    1
    12
    1
    2 1(+1)
    1
    39 9(+8)
    4
    8
    A:android.accounts.LOGIN_ACCOUNTS_CHANGED ACTION_BATTERY_CHANGED ACTION_DEVICE_STORAGE_LOW ACTION_DEVICE_STORAGE_OK ACTION_BOOT_COMPLETED ACTION_PRE_BOOT_COMPLETED ACTION_DOWNLOAD_COMPLETED ACTION_DOWNLOAD_NOTIFICATION_CLICKED ACTION_SCREEN_OFF; ACTION_TIME_SET ACTION_USER_PRESENT A:android.net.conn.BACKGROUND_DATA_SETTING_CHANGED A:android.net.conn.CONNECTIVITY_CHANGE A:android.net.wifi.STATE_CHANGE A:android.provider.Telephony.SECRET_CODE A:android.server.checkin.CHECKIN
    A:android.accounts.LOGIN_ACCOUNTS_CHANGED
    ACTION_BATTERY_CHANGED
    ACTION_DEVICE_STORAGE_LOW
    ACTION_DEVICE_STORAGE_OK
    ACTION_BOOT_COMPLETED
    ACTION_PRE_BOOT_COMPLETED
    ACTION_DOWNLOAD_COMPLETED
    ACTION_DOWNLOAD_NOTIFICATION_CLICKED
    ACTION_SCREEN_OFF;
    ACTION_TIME_SET
    ACTION_USER_PRESENT
    A:android.net.conn.BACKGROUND_DATA_SETTING_CHANGED
    A:android.net.conn.CONNECTIVITY_CHANGE
    A:android.net.wifi.STATE_CHANGE
    A:android.provider.Telephony.SECRET_CODE
    A:android.server.checkin.CHECKIN
    A:com.android.sync.SYNC_CONN_STATUS_CHANGED
    A:com.google.android.GTalkService.NOTIFICATION_DELETED_ACTION
    A:com.google.android.c2dm.intent.RECEIVE
    A:com.google.android.intent.action.GTALK_HEARTBEAT
    A:com.google.android.intent.action.GTALK_RECONNECT
    A:com.google.gservices.intent.action.GSERVICES_CHANGED
    A:com.google.gservices.intent.action.GSERVICES_OVERRIDE
    C:android.server.checkin.CHECKIN
    C:com.google.android.gsf.subscribedfeeds
    D:android:scheme="android_secret_code" android:host="2432546"
    D:android:scheme="android_secret_code" android:host="46"
    D:android:scheme="android_secret_code" android:host="7867"

    GMS 기술분석 - 2 : GSF(Google Service Framework)

    GMS 기술분석 - 2 : GSF(Google Service Framework)
    GMS 기술분석 - 2 : GSF(Google Service Framework) setup_wizard _title gls _ ui_activity ___ 7 Kandroid
    GMS 기술분석 - 2 : GSF(Google Service Framework) setup_wizard _title gls _ ui_activity ___ 7 Kandroid

    setup_wizard_title

    GMS 기술분석 - 2 : GSF(Google Service Framework) setup_wizard _title gls _ ui_activity ___ 7 Kandroid

    gls_ui_activity___

    GMS 기술분석 - 2 : GSF(Google Service Framework)

    GMS 기술분석 - 2 : GSF(Google Service Framework)
    GMS 기술분석 - 2 : GSF(Google Service Framework) 7 Kandroid Conference - www. k android.org 28
    GMS 기술분석 - 2 : GSF(Google Service Framework) 7 Kandroid Conference - www. k android.org 28

    GMS 기술분석 - 3 : Google Services Overview

    GMS 기술분석 - 3 : Google Services Overview

    Google API

    Service name

    Google Analytics Data APIs

    analytics

    Google Apps APIs (Domain Information & Management)

    apps

    Google Base Data API

    gbase

    Google Sites Data API

    jotspot

    Blogger Data API

    blogger

    Book Search Data API

    print

    Calendar Data API

    cl

    Google Code Search Data API

    codesearch

    Contacts Data API

    cp

    Documents List Data API

    writely

    Finance Data API

    finance

    Gmail Atom feed

    mail

    Health Data API

    health weaver (H9 sandbox)

    Maps Data APIs

    local

    Picasa Web Albums Data API

    lh2

    Sidewiki Data API

    annotateweb

    Spreadsheets Data API

    wise

    Webmaster Tools API

    sitemaps

    YouTube Data API

    Youtube

       

    Google App Engine

    ah

    GMS 기술분석 - 3 : Google Services Overview Google API Service name Google Analytics Data APIs
    GMS 기술분석 - 3 : Google Services Overview Google API Service name Google Analytics Data APIs

    Source : http://code.google.com/apis/gdata/faq.html#clientlogin

    GMS 기술분석 - 3 : Google Services Architecture

    GMS 기술분석 - 3 : Google Services Architecture
    No CAPTCHA Mobile Proxy 8.relay 9.relay
    No CAPTCHA
    Mobile
    Proxy
    8.relay
    9.relay

    GMS 기술분석 - 3 : Google Services QoS

    GMS 기술분석 - 3 : Google Services QoS
    Response Code Description & Solution 200 OK 403 Authentication Error ⇒Create New AuthToken with ClientLogin Service
    Response Code
    Description & Solution
    200
    OK
    403
    Authentication Error
    ⇒Create New AuthToken with ClientLogin
    Service Available
    ⇒Use multiple AuthToken
    503
    ⇒Use Cache
    ⇒Stopping your request / sleep / retry request
    ⇒appropriate sleep time : 10 seconds x 503 error count
    400
    Bad request
    ⇒Set Request Property with correct values
    ⇒Send Request data with base64.urlsafe_b64encode
    instead of base64.encodestring
    Request
    Blocking
    Blocking account
    Blocking IP Address
    No
    Black Hole Technology
    Response

    GMS 기술분석 - 4 : Service Integration Architecture

    GMS 기술분석 - 4 : Service Integration Architecture
    Web Based Google Cloud Google Account Server (Authentication & Authorization) www.google.com/accouts/ Mobile(Android) Based • • GMS(Google
    Web Based
    Google Cloud
    Google Account Server
    (Authentication & Authorization)
    www.google.com/accouts/
    Mobile(Android) Based
    GMS(Google Mobile Services)
    Google Services
    cl
    cp
    mail
    Google Mobile Services
    • market
    • c2dm
    GSF
    Google
    Mobile Connection Server
    mtalk.google.com 5228
    heartbeat

    GMS 기술분석 - 4 : Service Integration Heartbeat

    GMS 기술분석 - 4 : Service Integration Heartbeat
    TLS/SSL based Packet Encryption Google Mobile Connection Server Gtalk Core Message Types Non-Standard Protocol Message Link
    TLS/SSL based Packet Encryption
    Google
    Mobile Connection Server
    Gtalk Core Message Types
    Non-Standard Protocol Message Link : Extension Tag
    mtalk.google.com 5228
    Gtalk Extensions Message Types
    Non-Standard
    0
    : HEARTBEAT_PING
    1
    : HEARTBEAT_ACK
    Protocol Buffer
    2
    : LOGIN_REQUEST
    Header
    heartbeat
    3
    : LOGIN_RESPONSE
    4
    : CLOSE
    1.
    Tag : 13개 (1 byte)
    5
    : MESSAGE_STANZA
    2.
    Length : (1 or 5(?) byte)
    6
    : PRESENCE_STANZA
    7
    : IQ_STANZA
    8
    : DATA_MESSAGE_STANZA
    9
    : BATCH_PRESENCE_STANZA
    10
    : STREAM_ERROR_STANZA
    11
    : HTTP_REQUEST
    12
    : HTTP_RESPONSE
    1
    : ROSTER_QUERY
    2
    : RMQ_LAST_ID
    3
    : RMQ_ACK
    4
    : VCARD
    5
    : SHARED_STATUS
    6
    : CHAT_READ
    7
    : CHAT_CLOSED
    8
    : CAPABILITIES
    9
    : OTR_QUERY
    10
    : IDLE
    11
    : POST_AUTH_BATCH_QUERY
    12
    : SELECTIVE_ACK
    13
    : STREAM_ACK

    7 th Kandroid Conference - www.kandroid.org

    33

    GMS 기술분석 - 4 : Service Integration Case Study #1

    GMS 기술분석 - 4 : Service Integration Case Study #1
    Android Market Client Update Issues • • • Security problem Async application installation hacked Protocol buffer
    Android Market Client Update Issues
    Security problem
    Async application installation hacked
    Protocol buffer reverse engineering

    GMS 기술분석 - 4 : Service Integration Case Study #2

    GMS 기술분석 - 4 : Service Integration Case Study #2
    Register Your App. to C2DM Server 4 5 Receive Registration ID 6 Send Registration ID 9
    Register Your App.
    to C2DM Server
    4
    5
    Receive
    Registration ID
    6
    Send
    Registration ID
    9
    Request Auth Token
    for C2DM (ac2dm)
    Send
    7
    message
    3
    Publish
    Your Application
    8
    Receive
    Auth Token
    1
    2
    Gmail
    Create New
    Gmail Account
    C2DM Signup
    0
    APP
    GMS 기술분석 - 4 : Service Integration Case Study #2 Register Your App. to C2DM Server
    C2DM Signup
    C2DM
    Signup

    7 th Kandroid Conference

    • 1. 서론 : Why GMS?

    • 2. 분석환경 Setup

      • - How to get GMS Apps?

      • - Application Code Reverse Engineering

      • - MITM(Man In The Middle) Attack

      • - Network Protocol Guessing & Testing

      • - Summary

  • 3. GMS 기술

    • - GSF(Google Service Framework)

    • - Google Services

    • - Service Integration Technology

    • 4. GMS 이슈

      • - Network Traffic

      • - Battery

      • - Privacy

    • 5. 결론 : What is Android? and then…

    7 Kandroid Conference 1. 서론 : Why GMS? 2. 분석환경 Setup - How to get GMS

    GMS 이슈 - 5 : Network Traffic

    GMS 이슈 - 5 : Network Traffic
    GMS 이슈 - 5 : Network Traffic 7 Kandroid Conference - www. k android.org 37
    GMS 이슈 - 5 : Network Traffic 7 Kandroid Conference - www. k android.org 37

    GMS 이슈 - 5 : Network Traffic

    GMS 이슈 - 5 : Network Traffic
    GMS 이슈 - 5 : Network Traffic <receiver android:name="GTalkDiagnosticsBroadcastReceiver"> <intent-filter> <action android:name="android.provider.Telephony.SECRET_CODE" /> <data android:scheme="android_secret_code" android:host="8255"
    <receiver android:name="GTalkDiagnosticsBroadcastReceiver"> <intent-filter> <action android:name="android.provider.Telephony.SECRET_CODE" /> <data android:scheme="android_secret_code" android:host="8255" /> </intent-filter> </receiver>
    <receiver android:name="GTalkDiagnosticsBroadcastReceiver">
    <intent-filter>
    <action android:name="android.provider.Telephony.SECRET_CODE" />
    <data android:scheme="android_secret_code" android:host="8255" />
    </intent-filter>
    </receiver>
    GMS 이슈 - 5 : Network Traffic <receiver android:name="GTalkDiagnosticsBroadcastReceiver"> <intent-filter> <action android:name="android.provider.Telephony.SECRET_CODE" /> <data android:scheme="android_secret_code" android:host="8255"
         

    Packet

    Type

    Sub Type

    Count

    Count(%)

    Size(%)

    connection

    heartbeat

    22

    9

    %

    0

    %

     

    login

    27

    12

    %

    12

    %

    data

    GSYNC_TICKLE

    45

    20

    %

    13

    %

    message

     
     

    INSTALL_ASSET

    1

    0

    %

    1

    %

    talk

    chat

    1

    0

    %

    0

    %

     

    iq

     
    • 87 %

    39

    25

    %

     

    presence

     
    • 21 %

    9

    46

    %

    GMS 이슈 - 5 : Network Traffic

    GMS 이슈 - 5 : Network Traffic

    241

    • 341
      351

    • 141
      151

    • 191
      201

    • 391
      401

    • 301
      311

    • 121
      131

    • 171
      181

    • 221
      231

    • 251
      261

    • 281
      291

    • 361
      371

    • 411
      421

    • 101
      111

    431

    321

    381

    331

    161

    211

    271

    • 31
      41

    • 61
      71

    • 11
      21

    51

    • 81
      91

    1

    Packet Size (Byte) : after SSL strip

    Env : Emulator, New Gmail Account, 2 BuddyList

    500

    450

    400

    350

    300

    250

     
     

    200

       

    150

     

    100

     

    50

     

    Heartbeat

    Data Traffic

    Threshold

    0

       

    Packet Traffic Sequence

    GMS 이슈 - 5 : Network Traffic

    GMS 이슈 - 5 : Network Traffic

    Packet Size (Byte) : after SSL strip

    Env : Real Device, Exist Gmail Account, many BuddyList

    450 400 350 300 250 200 150 100 50 Heartbeat Data Traffic Threshold 0 1 7
    450
    400
    350
    300
    250
    200
    150
    100
    50
    Heartbeat Data Traffic Threshold
    0
    1
    7
    13
    19
    25
    31
    37
    43
    49
    55
    61
    67
    73
    79
    85
    91
    97
    103
    109
    115
    121
    127
    133
    139
    145
    151
    157
    163
    169
    175
    181
    187
    193
    199
    205
    211
    217
    223
    229
    235

    Packet Traffic Sequence

    GMS 이슈 - 5 : Battery

    GMS 이슈 - 5 : Battery
    GMS 이슈 - 5 : Battery 7 Kandroid Conference - www. k android.org 41
    GMS 이슈 - 5 : Battery 7 Kandroid Conference - www. k android.org 41

    GMS 이슈 - 5 : Battery

    GMS 이슈 - 5 : Battery
    GMS 이슈 - 5 : Battery What costs the most? • Waking up in the background
    GMS 이슈 - 5 : Battery What costs the most? • Waking up in the background
    GMS 이슈 - 5 : Battery What costs the most? • Waking up in the background

    What costs the most?

    Waking up in the background Bulk data transfer

    Takeaways

    Use an efficient parser and GZIP Use <receiver> and AlarmManager (not daemon) Wait for better network/battery for bulk transfers

    출처 : GoogleIO 2009

    GMS 이슈 - 5 : Privacy

    GMS 이슈 - 5 : Privacy
    message CheckinRequest { optional bytes deviceId = 1; optional int64 cr2 = 2; optional bytes cr3
    message CheckinRequest {
    optional bytes deviceId = 1;
    optional int64 cr2 = 2;
    optional bytes cr3 = 3;
    required Checkin checkin = 4;
    optional bytes cr5 = 5;
    optional bytes locale = 6;
    optional int64 id = 7;
    optional bytes cr8 = 8;
    optional bytes macaddress = 9;
    optional bytes cr10 = 10;
    repeated bytes accountInfo = 11 ;
    optional bytes timezone = 12;
    optional int64 cr13 = 13;
    optional int32 cr14 = 14;
    repeated bytes cr15 = 15;
    message Build {
    optional bytes fingerprint = 1;
    optional bytes hardware = 2;
    optional bytes brand = 3;
    optional bytes radio = 4;
    optional bytes bootloader = 5;
    optional bytes client_id = 6;
    optional int64 time = 7;
    optional int32 version = 8;
    optional bytes device = 9;
    }
    }
    message Checkin {
    message Event {
    required bytes evnet1 = 1;
    optional bytes evnet2 = 2;
    optional int64 evnet3 = 3;
    optional Build build = 1;
    optional int64 check2 = 2;
    repeated Event event = 3;
    repeated Statistic statistics = 4;
    repeated bytes check5 = 5;
    optional bytes networkOperator = 6;
    optional bytes simOperator = 7;
    optional bytes networkInfo = 8;
    }
    message Statistic {
    required bytes stat1 = 1;
    optional int32 stat2 = 2;
    optional float stat3 = 3;
    }
    }

    Next Page

    GMS 이슈 - 5 : Privacy

    GMS 이슈 - 5 : Privacy
    GMS 이슈 - 5 : Privacy 7 Kandroid Conference - www. k android.org 44
    GMS 이슈 - 5 : Privacy 7 Kandroid Conference - www. k android.org 44

    GMS 이슈 - 5 : Privacy

    GMS 이슈 - 5 : Privacy
    GMS 이슈 - 5 : Privacy 7 Kandroid Conference - www. k android.org 45

    7 th Kandroid Conference

    • 1. 서론 : Why GMS?

    • 2. 분석환경 Setup

      • - How to get GMS Apps?

      • - Application Code Reverse Engineering

      • - MITM(Man In The Middle) Attack

      • - Network Protocol Guessing & Testing

      • - Summary

  • 3. GMS 기술

    • - GSF(Google Service Framework)

    • - Google Services

    • - Service Integration Technology

  • 4. GMS 이슈

    • - Network Traffic

    • - Battery

    • - Privacy

    • 5. 결론 : What is Android? and then…

    7 Kandroid Conference 1. 서론 : Why GMS? 2. 분석환경 Setup - How to get GMS

    결론 : What is Android? and then….

    결론 : What is Android? and then….

    실리콘 밸리의 신화 vs. 실리콘 밸리의 해적들 Pirates Of Silicon Valley”, 1999

    결론 : What is Android? and then…. 실리콘 밸리의 신화 vs. 실리콘 밸리의 해적들 “ Pirates
    결론 : What is Android? and then…. 실리콘 밸리의 신화 vs. 실리콘 밸리의 해적들 “ Pirates

    Steve Jobs :

    What is this?

    Bill Gates :

    … <중략> …

    Get real, will you? You and I are both like guys that have this rich neighbor That left the door open all the time.

    Alan Kay ...... Xerox ...
    Alan Kay
    ......
    Xerox
    ...

    7 th Kandroid Conference

    7 Kandroid Conference Q & A www. k android.org

    Q & A

    7 Kandroid Conference Q & A www. k android.org

    www.kandroid.org