Mobile Application Hacking Diary Ep.2

Android Patching 利用Jadx, dex2jar-jdgui, Bytecode Viewer等工具 decompile App. NIN: 作者推荐 Bytecode Viewer. // APKTool zeq3ul@home:~/Desktop$ java -jar apktool.jar d vulnapp.apk 改 Smali Using apktool to build new app Signing the app using Apk Sign which can automatically sign an apk with the Android test certificate that embed…

Reverse engineering the Humble Bundle app to get API access

本文讲述了如何通过读smali code来还原api的调用情况,简单地说就是写翻出个swagger出来。本来这工作完全可以通过一个proxy来进行,不过作者用RE的方式来实现也挺特别。 此外,作者还推荐了smali的教程. You can read more about Smali syntax at its GitHub page (in particular, I definitely recommend checking out the useful links in the README and the files in the 'examples' directory). Ref Reverse engineering the Humble Bundle app to get API access | Hayden…

Reverse Engineering the Drexel One API

通过MiTM得知App先通过authentication获取一个key,然后利用这个key进行一系列的hashing计算获得一个authentication_key,之后每次call api都将该authentication_key加载到HTTP header之上。 RE Android App,知道authentication_key的组成就是 {my username}:{Utils.generateHash method}:{timestamp} Hashing的alg是HmacSHA1. 借助Free Online HMAC Generator,我们可以做个小测试. 最后作者将这个流程写成一个python script. Ref Reverse Engineering the Drexel One API – Tomer Shemesh – Medium…

Intro to Android Hacking with Frida

Watch on YouTube NIN: 头50min 可以略过, 作者尝试用 emulator 玩 frida,不过失败了. frida -U --no-pause -f com.your.app frida -U -l script.js com.your.app Java.perform(function(){ console.log("debug"); Java.enumerateLoadedClasses({ "onMatch": function(){ console.log(className); }, "onComplete": function(){ } }); }); ADB related adb…