Code obfuscation Detection

iOS Change ipa to zip Unzip the file Run below command $ cd payload $ class-dump -H target.app -o ../raspinfo Android Method 1 - dex2jar 1). Download dex2jar 2). Run below command $ ./d2j-dex2jar.sh -f -o nino.jar target.apk 3). Download jd-gui 4). Open nino.jar with jd-gui. Method 2…

Mobile Debugging

iOS When you are assessing an application, attaching a debugger can be a powerful technique for understanding the application's inner workings. A couple of debuggers work on iOS and the one that works best for you will depend upon what you are trying to debug and the resources available to…

Repackaging attack

Android 主要有两种方式: Add new Malicious Smali files Modify existing Smali files Example 1 Mobile Security Labs Example 2 Mobile Security Certificate Pinning Exploit $ keytool -genkey -keystore example.keystore -keyalg RSA -validity 10000 -alias example $ apktool d [app_name].apk // Modify your app $ apktool b <app_folder> $ mv dist/…