Android reverse engineering tools: not the usual suspects

Virus Bulletin :: Android reverse engineering tools: not the usual suspects Slide: Android Reverse Engineering tools Not the Usual Suspects Docker for RE JEB2 Script Debugging MITM Radare2 Docker for RE Github: androidre $ docker pull cryptax/android-re $ docker run -d --name androidre -p 5022:22 -p 5900:5900 cryptax/android-re $ vncviewer…

Attacking Android Applications With Debuggers

Attacking Android Applications With Debuggers 一文介绍了, 如何利用 Intellij 逐步调试 Android App. 具体流程: 查看 App 是否可 debug, 不行的话,需要自行 recompile 利用 jadx 等工具, 获取 java core 导入项目到 IDE Debug…

Jon Reeve – Reverse Engineering is not just for hackers

Watch on YouTube Slides aapt // General APK info: $ aapt dump badging myapk.apk // Get strings $ aapt dump strings myapk.apk // Get xml file: $ aapt dump xmltree myapk.apk AndroidManifest.xml adb // List installed packages $ adb shell pm list packages -f -3 // pull package $1 in one line $ adb pull "…

Frida on non-rooted device

1. jdwp-lib-injector (Recommended) Tool: Github Find Arch of your android $ adb shell getprop ro.product.cpu.abi arm64-v8a 下载jdwp-lib-injector $ git clone https://github.com/ikoz/jdwp-lib-injector.git NIN: frida-gadget.so需要放置在jdwp-lib-injector 同一个目录下. Download Gadget 因应 arch (arm/arm64/x86/x86_64) 下载相应 frida-server . $ unxz *.xz Inject Frida Go to developer options,…

State of security of Android banking apps in Poland

演讲提及了多个波兰银行的漏洞,其中一个比较特别:Android App生成SSO Link,打开Browser,进行SSO登陆。 实习的方式是通过Intent。然而,Android中可以安装多个浏览器,每一个浏览器都可以捕捉该Intent,假如用户安装了一个恶意的Browser,用它打开SSO Link,恶意Browser就可以拦截个SSO Link, 返回一个虚假的页面,并将此URL发送到黑客。黑客就能以用户的身份登陆。 Watch on YouTube Slide Paper…

Certificate Pinning in Android

Ineffective Certificate Pinning Implementations | Synopsys 一文介绍了Certificate Pinning在Android中实现的一些Flaw。 简单来说,假如黑客能够用某一个受信任的CA颁发certificate, 它就可以用CA Z颁发证书W。而由于App获取chain-of-trust的方式有误,令到获取回来的证书树,就是W-Z,server 返回的Pin值也按这两个certificate来计算,App就会以为自己的链接是一个合法的连接。 Attack prerequisites The attacker must be able to intercept network comms. The attacker must have the private key of a certificate trusted by the host system/device. Compromising a CA or intermediate CA…

Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop

Watch on YouTube 官网: Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop 1. Root Cause - Permissions 2. Clickjacking 101 在 App 上添加一层, 点击 click here时,实际是点击下面的 ok button. 3. Remediation (Failed) Google 建议使用"Obscured Flag", 检测是否有另一个 Layer 在上面. 不过, 黑客可以在除 OK…