12 KiB
Cordova Apps
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @carlospolopm.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
For further details check https://infosecwriteups.com/recreating-cordova-mobile-apps-to-bypass-security-implementations-8845ff7bdc58. This is a sumary:
Apache Cordova is recognized for enabling the development of hybrid applications using JavaScript, HTML, and CSS. It allows the creation of Android and iOS applications; however, it lacks a default mechanism for securing the application's source code. In contrast to React Native, Cordova does not compile the source code by default, which can lead to code tampering vulnerabilities. Cordova utilizes WebView to render applications, exposing the HTML and JavaScript code even after being compiled into APK or IPA files. React Native, conversely, employs a JavaScript VM to execute JavaScript code, offering better source code protection.
Cloning a Cordova Application
Before cloning a Cordova application, ensure that NodeJS is installed along with other prerequisites like the Android SDK, Java JDK, and Gradle. The official Cordova documentation provides a comprehensive guide for these installations.
Consider an example application named Bank.apk with the package name com.android.bank. To access the source code, unzip bank.apk and navigate to the bank/assets/www folder. This folder contains the complete source code of the application, including HTML and JS files. The application's configuration can be found in bank/res/xml/config.xml.
To clone the application, follow these steps:
npm install -g cordova@latest
cordova create bank-new com.android.bank Bank
cd bank-new
Translation:
bank/assets/www jup 'ej bank-new/www Daq yIqem, cordova_plugins.js, cordova.js, cordova-js-src/, 'ej plugins/ loghDI'wI' jImej.
Cordova project chaw' 'ejwI' (Android pe'vIl iOS) jImej. Android app clone laH, Android platform jImej. Cordova platform versions 'ej Android API levels vItlhutlh. Cordova documentation yIlo'laHbe'chugh platform versions 'ej supported Android APIs.
Cordova Android platform version qar'a' 'ejwI'wI' 'ejmey cordova.js file 'e' vItlhutlh PLATFORM_VERSION_BUILD_LABEL yIlo'.
Platform qay'be'chugh, required plugins jImej. 'ejwI'wI' 'e' vItlhutlh bank/assets/www/cordova_plugins.js file plugins 'ej versions jImej. 'ejwI'wI'wI' plugin individually jImej, vaj:
cd bank-new
cordova plugin add cordova-plugin-dialogs@2.0.1
ghu'vam npm Daq plugin vItlhutlh. GitHub vItlhutlh:
If a plugin is not available on npm, it can be sourced from GitHub:
<b>ghu'vam npm Daq plugin vItlhutlh. GitHub vItlhutlh:</b>
cd bank-new
cordova plugin add https://github.com/moderna/cordova-plugin-cache.git
Ensure all prerequisites are met before compiling:
Klingon Translation:
ghItlhvam: ghItlhvamDaq vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhutlhlaHbe'chugh, vItlhut
cd bank-new
cordova requirements
To'wI' 'e' vItlhutlh 'e' vItlhutlh.
cd bank-new
cordova build android — packageType=apk
MobSecco is a recommended tool for automating the cloning process of Android applications. It simplifies the steps outlined above.
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @carlospolopm.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.