hacktricks/mobile-pentesting/cordova-apps.md
Carlos Polop a2ca955cb9 a
2024-02-09 01:36:13 +01:00

87 lines
5.7 KiB
Markdown

# Cordova Apps
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
**For further details check [https://infosecwriteups.com/recreating-cordova-mobile-apps-to-bypass-security-implementations-8845ff7bdc58](https://infosecwriteups.com/recreating-cordova-mobile-apps-to-bypass-security-implementations-8845ff7bdc58)**. This is a sumary:
Apache Cordova is recognized for enabling the development of **hybrid applications** using **JavaScript, HTML, and CSS**. It allows the creation of Android and iOS applications; however, it lacks a default mechanism for securing the application's source code. In contrast to React Native, Cordova does not compile the source code by default, which can lead to code tampering vulnerabilities. Cordova utilizes WebView to render applications, exposing the HTML and JavaScript code even after being compiled into APK or IPA files. React Native, conversely, employs a JavaScript VM to execute JavaScript code, offering better source code protection.
### Cloning a Cordova Application
Before cloning a Cordova application, ensure that NodeJS is installed along with other prerequisites like the Android SDK, Java JDK, and Gradle. The official Cordova [documentation](https://cordova.apache.org/docs/en/11.x/guide/cli/#install-pre-requisites-for-building) provides a comprehensive guide for these installations.
Consider an example application named `Bank.apk` with the package name `com.android.bank`. To access the source code, unzip `bank.apk` and navigate to the `bank/assets/www` folder. This folder contains the complete source code of the application, including HTML and JS files. The application's configuration can be found in `bank/res/xml/config.xml`.
To clone the application, follow these steps:
```bash
npm install -g cordova@latest
cordova create bank-new com.android.bank Bank
cd bank-new
```
Copy the contents of `bank/assets/www` to `bank-new/www`, excluding `cordova_plugins.js`, `cordova.js`, `cordova-js-src/`, and the `plugins/` directory.
Specify the platform (Android or iOS) when creating a new Cordova project. For cloning an Android app, add the Android platform. Note that Cordova's platform versions and Android API levels are distinct. Refer to the Cordova [documentation](https://cordova.apache.org/docs/en/11.x/guide/platforms/android/) for details on platform versions and supported Android APIs.
To determine the appropriate Cordova Android platform version, check the `PLATFORM_VERSION_BUILD_LABEL` in the original application's `cordova.js` file.
After setting up the platform, install the required plugins. The original application's `bank/assets/www/cordova_plugins.js` file lists all the plugins and their versions. Install each plugin individually as shown below:
```bash
cd bank-new
cordova plugin add cordova-plugin-dialogs@2.0.1
```
If a plugin is not available on npm, it can be sourced from GitHub:
```bash
cd bank-new
cordova plugin add https://github.com/moderna/cordova-plugin-cache.git
```
Ensure all prerequisites are met before compiling:
```bash
cd bank-new
cordova requirements
```
To build the APK, use the following command:
```bash
cd bank-new
cordova build android — packageType=apk
```
This command generates an APK with the debug option enabled, facilitating debugging via Google Chrome. It's crucial to sign the APK before installation, especially if the application includes code tampering detection mechanisms.
### Automation Tool
For those seeking to automate the cloning process, **[MobSecco](https://github.com/Anof-cyber/MobSecco)** is a recommended tool. It streamlines the cloning of Android applications, simplifying the steps outlined above.
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>