hacktricks/mobile-pentesting/android-checklist.md

Android APK Checklist

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Check the subscription plans!
• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}

Learn Android fundamentals

• Misingi
• Dalvik & Smali
• Nukta za kuingia
• Shughuli
• Mipango ya URL
• Watoa maudhui
• Huduma
• Vipokezi vya matangazo
• Mawasiliano
• Filita ya Mawasiliano
• Vipengele vingine
• Jinsi ya kutumia ADB
• Jinsi ya kubadilisha Smali

Static Analysis

• Check for the use of obfuscation, checks for noting if the mobile was rooted, if an emulator is being used and anti-tampering checks. Read this for more info.
• Maombi nyeti (kama programu za benki) yanapaswa kuangalia kama simu imejikita na yanapaswa kuchukua hatua kwa mujibu wa hilo.
• Search for interesting strings (nywila, URL, API, usimbuaji, milango ya nyuma, tokeni, Bluetooth uuids...).
• Umakini maalum kwa firebase APIs.
• Soma hati:
• Check if the application is in debug mode and try to "exploit" it
• Check if the APK allows backups
• Shughuli zilizotolewa
• Watoa maudhui
• Huduma zilizofichuliwa
• Vipokezi vya matangazo
• Mipango ya URL
• Je, programu inasaidia kuhifadhi data kwa njia isiyo salama ndani au nje?
• Je, kuna nywila iliyowekwa kwa nguvu au kuhifadhiwa kwenye diski? Je, programu inatumia algorithimu za usimbuaji zisizo salama?
• Maktaba zote zimeundwa kwa kutumia bendera ya PIE?
• Usisahau kwamba kuna kundi la waanalyzer wa Android wa statiki ambao wanaweza kukusaidia sana katika awamu hii.

Dynamic Analysis

• Prepare the environment (online, local VM or physical)
• Je, kuna kuvuja kwa data zisizokusudiwa (kuandika, nakala/paste, kumbukumbu za ajali)?
• Taarifa za siri zinahifadhiwa katika SQLite dbs?
• Shughuli zilizofichuliwa zinazoweza kutumika?
• Watoa maudhui wanaoweza kutumika?
• Huduma zilizofichuliwa zinazoweza kutumika?
• Vipokezi vya matangazo wanaoweza kutumika?
• Je, programu inasambaza taarifa kwa maandiko wazi/ikatumia algorithimu dhaifu? Je, MitM inawezekana?
• Kagua trafiki ya HTTP/HTTPS
• Hii ni muhimu sana, kwa sababu ikiwa unaweza kukamata trafiki ya HTTP unaweza kutafuta udhaifu wa kawaida wa Mtandao (Hacktricks ina habari nyingi kuhusu udhaifu wa Mtandao).
• Check for possible Android Client Side Injections (labda uchambuzi wa msimbo wa statiki utaweza kusaidia hapa)
• Frida: Just Frida, use it to obtain interesting dynamic data from the application (maybe some passwords...)

Some obfuscation/Deobfuscation information

• Soma hapa

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Check the subscription plans!
• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}