Honeypot research related to Android
I'm going to implement a honeypot for Android Smartphones as a research for my dissertation. I have never used android, java and honeypots. This the way i'm thinking to start this. I thought to use the source code (written in C language) of Honeyd which is a honeypot designed by Mr. Niels Provos. In this case I like to use eclipse 3.7 indigo for java developers. But the problem is even if i conv开发者_开发百科ert the source code of Honeyd to java, will the features work same as the way they did in Honeyd. Also I'm going to run android gingerbread (version 2.3) ISO in VMware workstation and try to install the converted Honeyd inside of it as a .apk application. after that i'm going to set up the virtual machine in the network to be attacked. Also I can't set up a physical high interaction honeypot as it is dangerous. so i'm concentrating on setting up a virtual low-interaction honeypot. I have some question dwelling in my head.
1) converting the Honeyd to java 2) Will Honeyd structure work for android platform? 3) As honeypots put on its own network behind a firewall, how to use this step regarding Android? 4) How to give a good alerting mechanism?
Could you please suggest me any help regarding this.
You can probably build the existing C code using the NDK.
The "proper" way would be to build it as a library and call into it from your dalvik (ie, what you code in java) application process. This also makes it easy to use java ui components for an alerting mechanism (otherwise you could have a java app or even something remote on the host that is monitoring the honeypot process for alerts)
While unsupported, many people have also had success building stand-alone command-line executables using the ndk toolchain and launching these. Since you are dealing with a customized android rather than a device, you shouldn't have too many problems with that - you can set OOM killer values on your stand alone process, and if you want you don't even need to run the android framekwork at all - you could just run on the linux that underlies it. Though one might ask what the point of the exercise would then be.
Essentially, if you are on a customized "device" (in this case virtual) and you don't really need any UI, then the only thing really unique about android is having to build C code against the bionic libc rather than a more normal embedded linux one; and even then, you can use a different libc if you statically link.
If you try to use java code to do it, you will likely run into the limitation that there is no good way to grant root access to java code, so you would have to either modify the platform to more easily run custom java code as root, or modify the underlying linux to let unprivileged code open privileged ports.
Frankly, I don't think this is a very good project idea, as you are talking about exposing a specific platform to a threat that probably isn't focused on it.
精彩评论