6.8 KiB
Cordova Apps
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦 @carlospolopm.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
Info taken from the post https://infosecwriteups.com/recreating-cordova-mobile-apps-to-bypass-security-implementations-8845ff7bdc58
Basic Information
Apache Cordova is a popular framework that allows you to create hybrid applications (Android & iOS) using JavaScript, HTML and CSS.
One of the major issues with Cordova is it doesn’t come with a default method to secure the source of the application, unlike react-native. The source of the Cordova application doesn’t have a default method to compile it which makes it easy for code tampering. The Cordova application uses WebView to render the application using HTML and JS which discloses the source code even after compiling it to APK or IPA whereas to react native use JavaScript VM to run the JavaScript Code.
Cloning Cordova Application
To create a Cordova app we need to install the NodeJS. Apart from NodeJS, we need a few other things installed to complete the build process like Android SDK, Java JDK and Gradle. You can follow the official documentation for the list of requirements.
For this example, we can assume that the original application name is Bank.apk
and package name com.android.bank
Unzip the bank.apk
and open the bank/assets/www
folder. We can view the complete source of the Cordova application. All the HTML and JS code can be used to create a clone of the application. We can also find the config file of the application inbank/res/xml/config.xml
.
Now we can create a new Cordova application project:
npm install -g cordova@latest
cordova create bank-new com.android.bank Bank
cd bank-new
Now we need to copy all the files and folders from bank/assets/www
to bank-new/www.
When we copy the source code we need to exclude a few files and folders like cordova_plugins.js,cordova.js, cordova-js-src/, plugins/
. We can copy all the files and folders excluding those mentioned above.
When we create a new Cordova project we need to mention whether the app is for Android or iOS. Since we are cloning the Android app we need to add an Android platform to it. In Cordva we have the platform versions, each version has different features and support for Android APIs or Android versions.
The Android API and Cordova Android platform versions both are different. You can check out the list of platform versions and their support for Android APIs.
To add the Cordova Android platform we need to find out which version was originally used by the application. If you use a different version you might face issues since we are using the same source code to clone the application. You can open the cordova.js
file and search PLATFORM_VERSION_BUILD_LABEL
to find the version used by the application.
\
Now we have added Android platform support we can add all the required plugins used by the application. In the original application bank/assets/www/cordova_plugins.js
, We can find a list of all the plugins used by the application. We need to install those plugins one by one. Search for module.exports.metadata
in cordova_plugins.js
file. We can see all the plugins with versions as well.
We need to install all the plugins one by one with the help of the below command
cd bank-new
cordova plugin add cordova-plugin-dialogs@2.0.1
{% hint style="warning" %} If a plugin isn't available in npm search it on Github:
cd bank-new
cordova plugin add https://github.com/moderna/cordova-plugin-cache.git
{% endhint %}
To compile the application, we need to make sure to have all requirements already installed.
cd bank-new
cordova requirements
Once we have all the setup ready we can build the apk.
cd bank-new
cordova build android — packageType=apk
The above build command will create an apk with debug method enabled which allows us to debug the application using Google Chrome. Before installing the apk make sure to sign the apk. If the application has code tampering detection it will be bypassed unless there is no specific configuration set.
Automatic Tool
MobSecco: A tool that automates the complete process of cloning the Android application.
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦 @carlospolopm.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.