2024

Unidbg to production

Introduction

In the last blogpost, we covered how to use unidbg from scratch to emulate an Android native library. As some might have noticed, the Proof of Concept code is not production ready as it does not allow for a way to call the signing functionality externally. More importantly, the code is too slow for practical use. Let’s add some time measuring code to our previous main method to see this in action:

3 min read

Emulating Android native libraries using unidbg

Introduction

Unidbg is an open-source framework to emulate Android native libraries (and to a certain extent has experimental iOS emulation capabilities). There are a few use cases where emulating Android libraries is beneficial. I will cover a single use case to demonstrate how to use unidbg as I believe the security and reverse engineering scene lacks English written tutorials regarding this powerful tool. This blogpost will contain a step-by-step guide on how to use unidbg along with some errors you might encounter and how to fix them.

12 min read

Security assessing gRPC & gRPC-web services

Introduction

gRPC is getting increasingly popular and as a result, it is encountered more often during security assessments. In this blog post, I explain the different approaches to security test gRPC services depending on the type of assessment. At the end, I will show how to extend the blackboxprotobuf Burp extension to support gRPC-web.

6 min read
Back to Top ↑

2023

Decompile APK programmatically using JEB

Introduction

For a project, I needed to decompile programmatically certain classes from an Android APK file. Usually this is done by first extracting the DEX file using apktool, then converting it to a JAR file using dex2jar, and finally decompiling it using tools like JAD or CFR.

3 min read
Back to Top ↑

2021

Back to Top ↑

2020

Android adb reverse tethering mitm setup

Introduction

Traditionally, to inspect traffic for Android apps, the mobile phone and the security analyst’s PC are connected to the same Wi-Fi hotspot. The proxy settings on the mobile phone are configured to point to the analyst’s PC. Typically, an intercepting software such as Burp Suite Pro is configured on the PC to listen on all incoming connections.

2 min read
Back to Top ↑

2019

Automated Frida hook generation with JEB

Introduction

Certain mobile app pentests are done on a recurrent basis (Agile security). Some of these pentests have common repeating tasks. Since repetition is boring, we want to automate as much as possible.

6 min read

Frida Android libbinder

Introduction

While doing some security research on the Android operating system, I stumbled upon the following blackhat presentation. It turns out that Android has a unique inter-process communication (IPC) mechanism. Although the internal workings of this mechanism is quite complex, it is abstracted away for Android app developers. The gist of the story is that Android uses Binder for inter-process communications and that it might be a good place for malware to eavesdrop for sensitive information.

11 min read

Frida Android Helper

One of my favorite tools for Android app security assessments is frida. Frida is a cross platform dynamic instrumentation tool that can help with dynamic analysis of apps and bypass security mechanisms implemented in these apps. The community behind Frida is also extremely active and supportive. Sometimes a few releases are pushed per week with a ton of improvements and bug fixes!

2 min read

Ingredients for effective mobile app testing

From small note taking apps to critical financial apps, mobile apps are augmenting our daily lives. The presence of mobile apps is undeniably increasing and so is the demand for mobile app security.

3 min read
Back to Top ↑

2018

Regex tricks

Modern regex engines have some powerful features which are not used quite often. Maybe because regexes are considered cryptic and hard to begin with? In this blogpost I want to document a few of my favourite tricks.

3 min read

Ten tips after a year of pentesting

For the past years I was very hesitant about my future career choices. Originally, I’m a developer but I liked security and hacking a lot. I was doing all kinds of CTFs in my spare time. For my bachelor degree I had to do a final project (thesis) and thought it might be the best moment to shift into the (professional) security world. I finished my internship at Securify and was offered a job/traineeship. I’ve learned a lot in the last year and I would like to share some tips. The following tips are in no particular order and might even be applied to some other disciplines.

5 min read

Regex subroutines and recursion

Introduction

Subroutines and recursion are powerful expressions that are sometimes ignored or forgotten. Maybe because the number of languages that support it are relatively scarce? If you’re using PCRE, PHP which uses PCRE under the hood, Perl or Python with the regex module then keep reading!

5 min read
Back to Top ↑