Mobile Testing 1

Static Analysis

# Signing Information
unzip -p diva.apk META-INF/CERT.RSA | keytool -printcert

# MD5Sum
md5sum diva.apk

Reverse Engineering

# Unzipping archive
unzip diva.apk -d folder
strings classes.dex | grep -i "content://\|getdevice"

# Jadx (generate java code)
/usr/share/jadx/bin/jadx diva.apk -d folder
grep -ir "sharedpreferences\|externalstorage\|sms" .

# Jadx GUI
/usr/share/jadx/bin/jadx-gui diva.apk

# To read AndroidManifest.xml and generate smali files
apktool d diva.apk -o folder
apktool b folder

# Bytecode Viewer
https://github.com/Konloch/bytecode-viewer/releases
java -jar Bytecode-Viewer-2.9.22.jar

Signing

# Generate Key
keytool -genkey -keyalg RSA -keysize 2048 -validity 1000 -alias my_alias -keystore result.key -storepass 123456

# Signing
jarsigner -sigalg SHA1withRSA -digestalg SHA1 -keystore result.key my_application.apk my_alias

# Verify
jarsigner -verify -verbose -certs InsecureBankv2.apk
# OR
apksigner verify --verbose InsecureBankv2.apk

# Align
zipalign -v 4 InsecureBankv2.apk InsecureBankv2-aligned.apk

Manifest Analysis

# Package Name where the data will be stored (/data/data/jakhar.aseem.diva/)
package="jakhar.aseem.diva"

# API Version (API 23 -> Android 6)
<uses-sdk android:minSdkVersion="19" android:targetSdkVersion="30" />

# Android Flags
<application android:debuggable="true" android:allowBackup="true">

# Permissions
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.CAMERA" />

# Application Component (Public Ones)
# Exported IPC through Intent-Filter
<activity android:name="jakhar.aseem.diva.APICredsActivity">
    <intent-filter>
        <action android:name="jakhar.aseem.diva.action.VIEW_CREDS" />
        <category android:name="android.intent.category.DEFAULT" />
    </intent-filter>
</activity>

# Exported IPC through Export Flag
<provider android:name="jakhar.aseem.diva.NotesProvider" android:exported="true" />

PreviousMobile Testing NextMobile Testing 2

Last updated 3 years ago