mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-21 20:23:18 +00:00
6.8 KiB
6.8 KiB
Android APK Checklist
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
Try Hard Security Group
{% embed url="https://discord.gg/tryhardsecurity" %}
Learn Android fundamentals
Static Analysis
- Check for the use of obfuscation, checks for noting if the mobile was rooted, if an emulator is being used and anti-tampering checks. Read this for more info.
- Sensitive applications (like bank apps) should check if the mobile is rooted and should actuate in consequence.
- Search for interesting strings (passwords, URLs, API, encryption, backdoors, tokens, Bluetooth uuids...).
- Special attention to firebase APIs.
- Read the manifest:
- Check if the application is in debug mode and try to "exploit" it
- Check if the APK allows backups
- Exported Activities
- Content Providers
- Exposed services
- Broadcast Receivers
- URL Schemes
- Is the application saving data insecurely internally or externally?
- Is there any password hard coded or saved in disk? Is the app using insecurely crypto algorithms?
- All the libraries compiled using the PIE flag?
- Don't forget that there is a bunch of static Android Analyzers that can help you a lot during this phase.
Dynamic Analysis
- Prepare the environment (online, local VM or physical)
- Is there any unintended data leakage (logging, copy/paste, crash logs)?
- Confidential information being saved in SQLite dbs?
- Exploitable exposed Activities?
- Exploitable Content Providers?
- Exploitable exposed Services?
- Exploitable Broadcast Receivers?
- Is the application transmitting information in clear text/using weak algorithms? is a MitM possible?
- Inspect HTTP/HTTPS traffic
- This one is really important, because if you can capture the HTTP traffic you can search for common Web vulnerabilities (Hacktricks has a lot of information about Web vulns).
- Check for possible Android Client Side Injections (probably some static code analysis will help here)
- Frida: Just Frida, use it to obtain interesting dynamic data from the application (maybe some passwords...)
Some obfuscation/Deobfuscation information
Try Hard Security Group
{% embed url="https://discord.gg/tryhardsecurity" %}
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.