SlideShare a Scribd company logo

Android application analyzer

Download as PPTX, PDF
Sanjay Gondaliya
Sanjay Gondaliya

The android application analyzer is the GUI to do the process of static analysis during the android application penetration testing with single-click support of jd-gui, apktool, MobSF, frida script hook and android logcat.

Mobile
1 of 30
Android Application Analyzer - Sanjay Gondaliya
Agenda - Android Application Penetration Testing - Static Analysis - Dynamic Analysis - Common tools used - Demo - Android Application Analyzer
#Whoami - 8+ Years of experience in Information Technology - Sr. Security Consultant @NotSoSecure - Website: sanjaygondaliya.com
Android Application Penetration Testing - Static Analysis - Android Manifest Analysis - Exported Component - Debuggable, Backup Flag - Shared Preferences - SQLite Database - Sensitive information in logcat - Application Source Analysis - Source code obfuscation - Root Detection Check - SSL Pinning Implementation - Application Memory Dump - Dynamic Analysis - API Testing (OWASP Web Top 10)
Common Tools Used - Application manifest and code analysis (MobSF) - Apktool (To reverse the APK file) - Sandbox content analysis (shared preference file, SQLite DB) - sqlite3, cat, grep command in “adb shell” - Sensitive information in logcat (adb logcat) - Source code obfuscation (dex2jar -> jd-gui) - Frida universal ssl unpinning (To bypass ssl pinning) - Fridump (Memory dump analysis)
Static Analysis To check for Source-code obfuscation
Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes
Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider
Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To check Sensitive information in Logcat
Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To check Sensitive information in Logcat
Shared Preference Analysis
Sqlite Database Analysis
Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To check Sensitive information in Logcat To bypass checks and carryon penetration testing
Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To Hook the code, To Bypass SSL Pinning and other client- side validation To check Sensitive information in Logcat To bypass checks and carryon penetration testing
Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To bypass checks and carryon penetration testing To Hook the code, To Bypass SSL Pinning and other client- side validation To bypass client-side check, To trace certain function • Decompile Using APK • Modify the source using Text Editor • Compile APK from Modified Source • Sign APK using Sign.Jar • Uninstall old APK • Install New APK Source-Code Obfuscated To check Sensitive information in Logcat
Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To bypass checks and carryon penetration testing To Hook the code, To Bypass SSL Pinning and other client- side validation To bypass client-side check, To trace certain function • Decompile Using APK • Modify the source using Text Editor • Compile APK from Modified Source • Sign APK using Sign.Jar • Uninstall old APK • Install New APK Source-Code Obfuscated To check Sensitive information in Logcat To dump App Memory
Android Application Analyzer - GUI for Android Application static analysis - To Save Time - To cover all the test cases during penetration testing
Android Application Analyzer Android Application Analyzer
Prerequisites - Python3 - Frida client installed on host machine - MobSF available on http://localhost:8000 - For Universal Frida SSL Unpinning, Replace the burp certificate in “tools” directory - For Fridump, Application needs to be running on the device
Android Application Analyzer - Setup - Clone Repo from Git - git clone https://github.com/NotSoSecure/android_application_analyzer.git - Install pre-requisite - Linux/Unix - ./setup.sh - Windows - ./setup.bat
Demo - Sandbox content analysis (shared pref file, sqlite db) - Source code obfuscation (dex2jar -> jd-gui) - Apktool (To reverse the apk file) - Fridump (Memory dump analysis) - Frida universal ssl unpinning (To bypass ssl pinning) - Sensitive information in logcat (adb logcat) - Application manifest and code analysis (MobSF) - Smali debug/ apk code injection (Required uninstall app -> build app using apktool -> install app again) - Application sandbox snapshot for future reference
Demo Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder
Demo Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder To check Sensitive information in Logcat
Demo Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To check Sensitive information in Logcat
Demo To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To check Sensitive information in Logcat
Demo To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To Hook the code, To Bypass SSL Pinning and other client- side validation To check Sensitive information in Logcat To bypass checks and carryon penetration testing
Demo To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To bypass checks and carryon penetration testing To Hook the code, To Bypass SSL Pinning and other client- side validation To bypass client-side check, To trace certain function • Decompile Using APK • Modify the source using Text Editor • Compile APK from Modified Source • Sign APK using Sign.Jar • Uninstall old APK • Install New APK Source-Code Obfuscated To check Sensitive information in Logcat
Demo To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To bypass checks and carryon penetration testing To Hook the code, To Bypass SSL Pinning and other client- side validation To bypass client-side check, To trace certain function • Decompile Using APK • Modify the source using Text Editor • Compile APK from Modified Source • Sign APK using Sign.Jar • Uninstall old APK • Install New APK Source-Code Obfuscated To check Sensitive information in Logcat To dump App Memory
Thank you :)

Recommended

Reverse engineering android apps
Reverse engineering android appsReverse engineering android apps
Reverse engineering android appsPranay Airan
 
Ddd reboot (english version)
Ddd reboot (english version)Ddd reboot (english version)
Ddd reboot (english version)Thomas Pierrain
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5Jesus Perez Franco
 
Databases in Android Application
Databases in Android ApplicationDatabases in Android Application
Databases in Android ApplicationMark Lester Navarro
 
Database, data storage, hosting with Firebase
Database, data storage, hosting with FirebaseDatabase, data storage, hosting with Firebase
Database, data storage, hosting with FirebaseTu Pham
 
SQLite database in android
SQLite database in androidSQLite database in android
SQLite database in androidGourav Kumar Saini
 
DSL, Page Object and Selenium – a way to reliable functional tests
DSL, Page Object and Selenium – a way to reliable functional testsDSL, Page Object and Selenium – a way to reliable functional tests
DSL, Page Object and Selenium – a way to reliable functional testsMikalai Alimenkou
 
Grails with swagger
Grails with swaggerGrails with swagger
Grails with swaggerNexThoughts Technologies
 

Recommended

Reverse engineering android apps
Reverse engineering android appsReverse engineering android apps
Reverse engineering android appsPranay Airan
 
Ddd reboot (english version)
Ddd reboot (english version)Ddd reboot (english version)
Ddd reboot (english version)Thomas Pierrain
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5Jesus Perez Franco
 
Databases in Android Application
Databases in Android ApplicationDatabases in Android Application
Databases in Android ApplicationMark Lester Navarro
 
Database, data storage, hosting with Firebase
Database, data storage, hosting with FirebaseDatabase, data storage, hosting with Firebase
Database, data storage, hosting with FirebaseTu Pham
 
SQLite database in android
SQLite database in androidSQLite database in android
SQLite database in androidGourav Kumar Saini
 
DSL, Page Object and Selenium – a way to reliable functional tests
DSL, Page Object and Selenium – a way to reliable functional testsDSL, Page Object and Selenium – a way to reliable functional tests
DSL, Page Object and Selenium – a way to reliable functional testsMikalai Alimenkou
 
Grails with swagger
Grails with swaggerGrails with swagger
Grails with swaggerNexThoughts Technologies
 
Android webservices
Android webservicesAndroid webservices
Android webservicesKrazy Koder
 
Orion Context Broker 20220301
Orion Context Broker 20220301Orion Context Broker 20220301
Orion Context Broker 20220301Fermin Galan
 
Introduction to SOLID Principles
Introduction to SOLID PrinciplesIntroduction to SOLID Principles
Introduction to SOLID PrinciplesGanesh Samarthyam
 
Core_Java_with_SCJP_OCJP_Notes_By_Durga.pdf
Core_Java_with_SCJP_OCJP_Notes_By_Durga.pdfCore_Java_with_SCJP_OCJP_Notes_By_Durga.pdf
Core_Java_with_SCJP_OCJP_Notes_By_Durga.pdfkmspega
 
JUnit 4
JUnit 4JUnit 4
JUnit 4Sunil OS
 
Java 8 - CJ
Java 8 - CJJava 8 - CJ
Java 8 - CJSunil OS
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android SecurityAsanka Dilruk
 
Solid Principles
Solid PrinciplesSolid Principles
Solid PrinciplesNexThoughts Technologies
 
Easy data-with-spring-data-jpa
Easy data-with-spring-data-jpaEasy data-with-spring-data-jpa
Easy data-with-spring-data-jpaStaples
 
Google Firebase presentation - English
Google Firebase presentation - EnglishGoogle Firebase presentation - English
Google Firebase presentation - EnglishAlexandros Tsichouridis
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentestingMinali Arora
 
Hibernate Presentation
Hibernate PresentationHibernate Presentation
Hibernate Presentationguest11106b
 
Kotlin InDepth Tutorial for beginners 2022
Kotlin InDepth Tutorial for beginners 2022Kotlin InDepth Tutorial for beginners 2022
Kotlin InDepth Tutorial for beginners 2022Simplilearn
 
Api presentation
Api presentationApi presentation
Api presentationTiago Cardoso
 
Action Bar in Android
Action Bar in AndroidAction Bar in Android
Action Bar in AndroidProf. Erwin Globio
 
Data Storage In Android
Data Storage In Android Data Storage In Android
Data Storage In Android Aakash Ugale
 
用 Kotlin 做自動化工具
用 Kotlin 做自動化工具用 Kotlin 做自動化工具
用 Kotlin 做自動化工具Shengyou Fan
 
NestJS
NestJSNestJS
NestJSWilson Su
 
Google Firebase
Google FirebaseGoogle Firebase
Google FirebaseAliZaidi94
 
Programmazione funzionale e Stream in Java
Programmazione funzionale e Stream in JavaProgrammazione funzionale e Stream in Java
Programmazione funzionale e Stream in JavaCristina Attori
 
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...Ajin Abraham
 
Attacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsAttacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsJerod Brennen
 

More Related Content

What's hot

Android webservices
Android webservicesAndroid webservices
Android webservicesKrazy Koder
 
Orion Context Broker 20220301
Orion Context Broker 20220301Orion Context Broker 20220301
Orion Context Broker 20220301Fermin Galan
 
Introduction to SOLID Principles
Introduction to SOLID PrinciplesIntroduction to SOLID Principles
Introduction to SOLID PrinciplesGanesh Samarthyam
 
Core_Java_with_SCJP_OCJP_Notes_By_Durga.pdf
Core_Java_with_SCJP_OCJP_Notes_By_Durga.pdfCore_Java_with_SCJP_OCJP_Notes_By_Durga.pdf
Core_Java_with_SCJP_OCJP_Notes_By_Durga.pdfkmspega
 
Java 8 - CJ
Java 8 - CJJava 8 - CJ
Java 8 - CJSunil OS
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android SecurityAsanka Dilruk
 
Easy data-with-spring-data-jpa
Easy data-with-spring-data-jpaEasy data-with-spring-data-jpa
Easy data-with-spring-data-jpaStaples
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentestingMinali Arora
 
Hibernate Presentation
Hibernate PresentationHibernate Presentation
Hibernate Presentationguest11106b
 
Kotlin InDepth Tutorial for beginners 2022
Kotlin InDepth Tutorial for beginners 2022Kotlin InDepth Tutorial for beginners 2022
Kotlin InDepth Tutorial for beginners 2022Simplilearn
 
Data Storage In Android
Data Storage In Android Data Storage In Android
Data Storage In Android Aakash Ugale
 
用 Kotlin 做自動化工具
用 Kotlin 做自動化工具用 Kotlin 做自動化工具
用 Kotlin 做自動化工具Shengyou Fan
 
Google Firebase
Google FirebaseGoogle Firebase
Google FirebaseAliZaidi94
 
Programmazione funzionale e Stream in Java
Programmazione funzionale e Stream in JavaProgrammazione funzionale e Stream in Java
Programmazione funzionale e Stream in JavaCristina Attori
 

What's hot (20)

Android webservices
Android webservicesAndroid webservices
Android webservices
 
Orion Context Broker 20220301
Orion Context Broker 20220301Orion Context Broker 20220301
Orion Context Broker 20220301
 
Introduction to SOLID Principles
Introduction to SOLID PrinciplesIntroduction to SOLID Principles
Introduction to SOLID Principles
 
Core_Java_with_SCJP_OCJP_Notes_By_Durga.pdf
Core_Java_with_SCJP_OCJP_Notes_By_Durga.pdfCore_Java_with_SCJP_OCJP_Notes_By_Durga.pdf
Core_Java_with_SCJP_OCJP_Notes_By_Durga.pdf
 
JUnit 4
JUnit 4JUnit 4
JUnit 4
 
Java 8 - CJ
Java 8 - CJJava 8 - CJ
Java 8 - CJ
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android Security
 
Solid Principles
Solid PrinciplesSolid Principles
Solid Principles
 
Easy data-with-spring-data-jpa
Easy data-with-spring-data-jpaEasy data-with-spring-data-jpa
Easy data-with-spring-data-jpa
 
Google Firebase presentation - English
Google Firebase presentation - EnglishGoogle Firebase presentation - English
Google Firebase presentation - English
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentesting
 
Hibernate Presentation
Hibernate PresentationHibernate Presentation
Hibernate Presentation
 
Kotlin InDepth Tutorial for beginners 2022
Kotlin InDepth Tutorial for beginners 2022Kotlin InDepth Tutorial for beginners 2022
Kotlin InDepth Tutorial for beginners 2022
 
Api presentation
Api presentationApi presentation
Api presentation
 
Action Bar in Android
Action Bar in AndroidAction Bar in Android
Action Bar in Android
 
Data Storage In Android
Data Storage In Android Data Storage In Android
Data Storage In Android
 
用 Kotlin 做自動化工具
用 Kotlin 做自動化工具用 Kotlin 做自動化工具
用 Kotlin 做自動化工具
 
NestJS
NestJSNestJS
NestJS
 
Google Firebase
Google FirebaseGoogle Firebase
Google Firebase
 
Programmazione funzionale e Stream in Java
Programmazione funzionale e Stream in JavaProgrammazione funzionale e Stream in Java
Programmazione funzionale e Stream in Java
 

Similar to Android application analyzer

G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...Ajin Abraham
 
Attacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsAttacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsJerod Brennen
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseScott Sutherland
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseNetSPI
 
Steelcon 2015 Reverse-Engineering Obfuscated Android Applications
Steelcon 2015 Reverse-Engineering Obfuscated Android ApplicationsSteelcon 2015 Reverse-Engineering Obfuscated Android Applications
Steelcon 2015 Reverse-Engineering Obfuscated Android ApplicationsTom Keetch
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2Mohammed Adam
 
DAST в CI/CD, Ольга Свиридова
DAST в CI/CD, Ольга СвиридоваDAST в CI/CD, Ольга Свиридова
DAST в CI/CD, Ольга СвиридоваMail.ru Group
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with pythonJose Manuel Ortega Candel
 
OWASP SF - Reviewing Modern JavaScript Applications
OWASP SF - Reviewing Modern JavaScript ApplicationsOWASP SF - Reviewing Modern JavaScript Applications
OWASP SF - Reviewing Modern JavaScript ApplicationsLewis Ardern
 
Modern Web 2019 從零開始加入自動化資安測試
Modern Web 2019 從零開始加入自動化資安測試Modern Web 2019 從零開始加入自動化資安測試
Modern Web 2019 從零開始加入自動化資安測試Secview
 
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試Secview
 
[UniteKorea2013] Protecting your Android content
[UniteKorea2013] Protecting your Android content[UniteKorea2013] Protecting your Android content
[UniteKorea2013] Protecting your Android contentWilliam Hugo Yang
 
2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open StandardsAPIsecure_ Official
 
Android Malware and Machine Learning
Android Malware and Machine LearningAndroid Malware and Machine Learning
Android Malware and Machine Learningcaleb194331
 
Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdf
Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdfFinding vulnerabilities with Burp Suite Custom Scan Profiles.pdf
Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdfNullHyderabad
 
Improving DroidBox
Improving DroidBoxImproving DroidBox
Improving DroidBoxKelwin Yang
 
Mobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und KibanaMobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und Kibanainovex GmbH
 
Proactive Security AppSec Case Study
Proactive Security AppSec Case StudyProactive Security AppSec Case Study
Proactive Security AppSec Case StudyAndy Hoernecke
 

Similar to Android application analyzer (20)

G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
 
Attacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsAttacking and Defending Mobile Applications
Attacking and Defending Mobile Applications
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash Course
 
In app search 1
In app search 1In app search 1
In app search 1
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
 
Steelcon 2015 Reverse-Engineering Obfuscated Android Applications
Steelcon 2015 Reverse-Engineering Obfuscated Android ApplicationsSteelcon 2015 Reverse-Engineering Obfuscated Android Applications
Steelcon 2015 Reverse-Engineering Obfuscated Android Applications
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2
 
DAST в CI/CD, Ольга Свиридова
DAST в CI/CD, Ольга СвиридоваDAST в CI/CD, Ольга Свиридова
DAST в CI/CD, Ольга Свиридова
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with python
 
OWASP SF - Reviewing Modern JavaScript Applications
OWASP SF - Reviewing Modern JavaScript ApplicationsOWASP SF - Reviewing Modern JavaScript Applications
OWASP SF - Reviewing Modern JavaScript Applications
 
Modern Web 2019 從零開始加入自動化資安測試
Modern Web 2019 從零開始加入自動化資安測試Modern Web 2019 從零開始加入自動化資安測試
Modern Web 2019 從零開始加入自動化資安測試
 
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
 
[UniteKorea2013] Protecting your Android content
[UniteKorea2013] Protecting your Android content[UniteKorea2013] Protecting your Android content
[UniteKorea2013] Protecting your Android content
 
2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards
 
Android Malware and Machine Learning
Android Malware and Machine LearningAndroid Malware and Machine Learning
Android Malware and Machine Learning
 
Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdf
Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdfFinding vulnerabilities with Burp Suite Custom Scan Profiles.pdf
Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdf
 
Improving DroidBox
Improving DroidBoxImproving DroidBox
Improving DroidBox
 
Mobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und KibanaMobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und Kibana
 
Proactive Security AppSec Case Study
Proactive Security AppSec Case StudyProactive Security AppSec Case Study
Proactive Security AppSec Case Study
 
SOHOpelessly Broken
SOHOpelessly BrokenSOHOpelessly Broken
SOHOpelessly Broken
 

Recently uploaded

Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Pooja Nehwal
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceanilsa9823
 
9892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x79892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x7Pooja Nehwal
 
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceanilsa9823
 
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPsychicRuben LoveSpells
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRnishacall1
 
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 

Recently uploaded (7)

Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
 
9892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x79892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x7
 
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
 
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
 
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
 

Android application analyzer

  • 2. Agenda - Android Application Penetration Testing - Static Analysis - Dynamic Analysis - Common tools used - Demo - Android Application Analyzer
  • 3. #Whoami - 8+ Years of experience in Information Technology - Sr. Security Consultant @NotSoSecure - Website: sanjaygondaliya.com
  • 4. Android Application Penetration Testing - Static Analysis - Android Manifest Analysis - Exported Component - Debuggable, Backup Flag - Shared Preferences - SQLite Database - Sensitive information in logcat - Application Source Analysis - Source code obfuscation - Root Detection Check - SSL Pinning Implementation - Application Memory Dump - Dynamic Analysis - API Testing (OWASP Web Top 10)
  • 5. Common Tools Used - Application manifest and code analysis (MobSF) - Apktool (To reverse the APK file) - Sandbox content analysis (shared preference file, SQLite DB) - sqlite3, cat, grep command in “adb shell” - Sensitive information in logcat (adb logcat) - Source code obfuscation (dex2jar -> jd-gui) - Frida universal ssl unpinning (To bypass ssl pinning) - Fridump (Memory dump analysis)
  • 6. Static Analysis To check for Source-code obfuscation
  • 7. Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes
  • 8. Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider
  • 9. Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To check Sensitive information in Logcat
  • 10. Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To check Sensitive information in Logcat
  • 13. Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To check Sensitive information in Logcat To bypass checks and carryon penetration testing
  • 14. Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To Hook the code, To Bypass SSL Pinning and other client- side validation To check Sensitive information in Logcat To bypass checks and carryon penetration testing
  • 15. Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To bypass checks and carryon penetration testing To Hook the code, To Bypass SSL Pinning and other client- side validation To bypass client-side check, To trace certain function • Decompile Using APK • Modify the source using Text Editor • Compile APK from Modified Source • Sign APK using Sign.Jar • Uninstall old APK • Install New APK Source-Code Obfuscated To check Sensitive information in Logcat
  • 16. Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To bypass checks and carryon penetration testing To Hook the code, To Bypass SSL Pinning and other client- side validation To bypass client-side check, To trace certain function • Decompile Using APK • Modify the source using Text Editor • Compile APK from Modified Source • Sign APK using Sign.Jar • Uninstall old APK • Install New APK Source-Code Obfuscated To check Sensitive information in Logcat To dump App Memory
  • 17. Android Application Analyzer - GUI for Android Application static analysis - To Save Time - To cover all the test cases during penetration testing
  • 18. Android Application Analyzer Android Application Analyzer
  • 19. Prerequisites - Python3 - Frida client installed on host machine - MobSF available on http://localhost:8000 - For Universal Frida SSL Unpinning, Replace the burp certificate in “tools” directory - For Fridump, Application needs to be running on the device
  • 20. Android Application Analyzer - Setup - Clone Repo from Git - git clone https://github.com/NotSoSecure/android_application_analyzer.git - Install pre-requisite - Linux/Unix - ./setup.sh - Windows - ./setup.bat
  • 21. Demo - Sandbox content analysis (shared pref file, sqlite db) - Source code obfuscation (dex2jar -> jd-gui) - Apktool (To reverse the apk file) - Fridump (Memory dump analysis) - Frida universal ssl unpinning (To bypass ssl pinning) - Sensitive information in logcat (adb logcat) - Application manifest and code analysis (MobSF) - Smali debug/ apk code injection (Required uninstall app -> build app using apktool -> install app again) - Application sandbox snapshot for future reference
  • 22. Demo Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder
  • 23. Demo Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder To check Sensitive information in Logcat
  • 24. Demo Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To check Sensitive information in Logcat
  • 25. Demo To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To check Sensitive information in Logcat
  • 26. Demo To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To Hook the code, To Bypass SSL Pinning and other client- side validation To check Sensitive information in Logcat To bypass checks and carryon penetration testing
  • 27. Demo To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To bypass checks and carryon penetration testing To Hook the code, To Bypass SSL Pinning and other client- side validation To bypass client-side check, To trace certain function • Decompile Using APK • Modify the source using Text Editor • Compile APK from Modified Source • Sign APK using Sign.Jar • Uninstall old APK • Install New APK Source-Code Obfuscated To check Sensitive information in Logcat
  • 28. Demo To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To bypass checks and carryon penetration testing To Hook the code, To Bypass SSL Pinning and other client- side validation To bypass client-side check, To trace certain function • Decompile Using APK • Modify the source using Text Editor • Compile APK from Modified Source • Sign APK using Sign.Jar • Uninstall old APK • Install New APK Source-Code Obfuscated To check Sensitive information in Logcat To dump App Memory
  • 29.