Mobile Testing 1
Static Analysis
# Signing Information
unzip -p diva.apk META-INF/CERT.RSA | keytool -printcert
# MD5Sum
md5sum diva.apkReverse Engineering
# Unzipping archive
unzip diva.apk -d folder
strings classes.dex | grep -i "content://\|getdevice"
# Jadx (generate java code)
/usr/share/jadx/bin/jadx diva.apk -d folder
grep -ir "sharedpreferences\|externalstorage\|sms" .
# Jadx GUI
/usr/share/jadx/bin/jadx-gui diva.apk
# To read AndroidManifest.xml and generate smali files
apktool d diva.apk -o folder
apktool b folder
# Bytecode Viewer
https://github.com/Konloch/bytecode-viewer/releases
java -jar Bytecode-Viewer-2.9.22.jarSigning
# Generate Key
keytool -genkey -keyalg RSA -keysize 2048 -validity 1000 -alias my_alias -keystore result.key -storepass 123456
# Signing
jarsigner -sigalg SHA1withRSA -digestalg SHA1 -keystore result.key my_application.apk my_alias
# Verify
jarsigner -verify -verbose -certs InsecureBankv2.apk
# OR
apksigner verify --verbose InsecureBankv2.apk
# Align
zipalign -v 4 InsecureBankv2.apk InsecureBankv2-aligned.apkManifest Analysis
# Package Name where the data will be stored (/data/data/jakhar.aseem.diva/)
package="jakhar.aseem.diva"
# API Version (API 23 -> Android 6)
<uses-sdk android:minSdkVersion="19" android:targetSdkVersion="30" />
# Android Flags
<application android:debuggable="true" android:allowBackup="true">
# Permissions
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.CAMERA" />
# Application Component (Public Ones)
# Exported IPC through Intent-Filter
<activity android:name="jakhar.aseem.diva.APICredsActivity">
<intent-filter>
<action android:name="jakhar.aseem.diva.action.VIEW_CREDS" />
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
</activity>
# Exported IPC through Export Flag
<provider android:name="jakhar.aseem.diva.NotesProvider" android:exported="true" />
Last updated