hacktricks/mobile-pentesting/cordova-apps.md
Carlos Polop 2775c16b69 arte
2024-01-05 12:02:33 +01:00

6.8 KiB
Raw Blame History

Cordova Apps

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Info taken from the post https://infosecwriteups.com/recreating-cordova-mobile-apps-to-bypass-security-implementations-8845ff7bdc58

Basic Information

Apache Cordova is a popular framework that allows you to create hybrid applications (Android & iOS) using JavaScript, HTML and CSS.

One of the major issues with Cordova is it doesnt come with a default method to secure the source of the application, unlike react-native. The source of the Cordova application doesnt have a default method to compile it which makes it easy for code tampering. The Cordova application uses WebView to render the application using HTML and JS which discloses the source code even after compiling it to APK or IPA whereas to react native use JavaScript VM to run the JavaScript Code.

Cloning Cordova Application

To create a Cordova app we need to install the NodeJS. Apart from NodeJS, we need a few other things installed to complete the build process like Android SDK, Java JDK and Gradle. You can follow the official documentation for the list of requirements.

For this example, we can assume that the original application name is Bank.apk and package name com.android.bank

Unzip the bank.apk and open the bank/assets/www folder. We can view the complete source of the Cordova application. All the HTML and JS code can be used to create a clone of the application. We can also find the config file of the application inbank/res/xml/config.xml.

Now we can create a new Cordova application project:

npm install -g cordova@latest
cordova create bank-new com.android.bank Bank
cd bank-new

Now we need to copy all the files and folders from bank/assets/www to bank-new/www.

When we copy the source code we need to exclude a few files and folders like cordova_plugins.js,cordova.js, cordova-js-src/, plugins/. We can copy all the files and folders excluding those mentioned above.

When we create a new Cordova project we need to mention whether the app is for Android or iOS. Since we are cloning the Android app we need to add an Android platform to it. In Cordva we have the platform versions, each version has different features and support for Android APIs or Android versions.

The Android API and Cordova Android platform versions both are different. You can check out the list of platform versions and their support for Android APIs.

To add the Cordova Android platform we need to find out which version was originally used by the application. If you use a different version you might face issues since we are using the same source code to clone the application. You can open the cordova.js file and search PLATFORM_VERSION_BUILD_LABEL to find the version used by the application.

\

Now we have added Android platform support we can add all the required plugins used by the application. In the original application bank/assets/www/cordova_plugins.js , We can find a list of all the plugins used by the application. We need to install those plugins one by one. Search for module.exports.metadata in cordova_plugins.js file. We can see all the plugins with versions as well.

Cordova Plugins

Cordva Plugins

We need to install all the plugins one by one with the help of the below command

cd bank-new
cordova plugin add cordova-plugin-dialogs@2.0.1

{% hint style="warning" %} If a plugin isn't available in npm search it on Github:

cd bank-new
cordova plugin add https://github.com/moderna/cordova-plugin-cache.git

{% endhint %}

To compile the application, we need to make sure to have all requirements already installed.

cd bank-new
cordova requirements

Once we have all the setup ready we can build the apk.

cd bank-new
cordova build android — packageType=apk

The above build command will create an apk with debug method enabled which allows us to debug the application using Google Chrome. Before installing the apk make sure to sign the apk. If the application has code tampering detection it will be bypassed unless there is no specific configuration set.

Automatic Tool

MobSecco: A tool that automates the complete process of cloning the Android application.

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks: