2024
Unidbg to production
Introduction
In the last blogpost, we covered how to use unidbg from scratch to emulate an Android native library. As some might have noticed, the Proof of Concept code is not production ready as it does not allow for a way to call the signing functionality externally. More importantly, the code is too slow for practical use. Let’s add some time measuring code to our previous main method to see this in action:
Emulating Android native libraries using unidbg
Introduction
Unidbg is an open-source framework to emulate Android native libraries (and to a certain extent has experimental iOS emulation capabilities). There are a few use cases where emulating Android libraries is beneficial. I will cover a single use case to demonstrate how to use unidbg as I believe the security and reverse engineering scene lacks English written tutorials regarding this powerful tool. This blogpost will contain a step-by-step guide on how to use unidbg along with some errors you might encounter and how to fix them.
Security assessing gRPC & gRPC-web services
Introduction
gRPC is getting increasingly popular and as a result, it is encountered more often during security assessments. In this blog post, I explain the different approaches to security test gRPC services depending on the type of assessment. At the end, I will show how to extend the blackboxprotobuf Burp extension to support gRPC-web.
2023
Back to Top ↑2021
Android adb reverse tethering mitm setup revised
Introduction
In a previous blogpost, I’ve written how to combine Gnirehtet & proxychains in order to intercept traffic from mobile apps over adb while on a VPN. After some time, the setup seemed to be somewhat buggy and slow. A contact of @FSDominguez suggested to look into port forwarding. I’d like to present a revised adb reverse tethering MITM setup.
2020
Android adb reverse tethering mitm setup
Introduction
Traditionally, to inspect traffic for Android apps, the mobile phone and the security analyst’s PC are connected to the same Wi-Fi hotspot. The proxy settings on the mobile phone are configured to point to the analyst’s PC. Typically, an intercepting software such as Burp Suite Pro is configured on the PC to listen on all incoming connections.
2019
Android Frida hooking: disabling FLAG_SECURE
Introduction
In Android land, it is possible to protect specific components (ex: activities) from being screenshotted. This is achieved by adding the FLAG_SECURE flag on the desired component:
Automated Frida hook generation with JEB
Introduction
Certain mobile app pentests are done on a recurrent basis (Agile security). Some of these pentests have common repeating tasks. Since repetition is boring, we want to automate as much as possible.
Frida Android libbinder
Introduction
While doing some security research on the Android operating system, I stumbled upon the following blackhat presentation. It turns out that Android has a unique inter-process communication (IPC) mechanism. Although the internal workings of this mechanism is quite complex, it is abstracted away for Android app developers. The gist of the story is that Android uses Binder for inter-process communications and that it might be a good place for malware to eavesdrop for sensitive information.
Frida Android Helper
One of my favorite tools for Android app security assessments is frida. Frida is a cross platform dynamic instrumentation tool that can help with dynamic analysis of apps and bypass security mechanisms implemented in these apps. The community behind Frida is also extremely active and supportive. Sometimes a few releases are pushed per week with a ton of improvements and bug fixes!
Ingredients for effective mobile app testing
From small note taking apps to critical financial apps, mobile apps are augmenting our daily lives. The presence of mobile apps is undeniably increasing and so is the demand for mobile app security.
2018
Regex tricks
Modern regex engines have some powerful features which are not used quite often. Maybe because regexes are considered cryptic and hard to begin with? In this blogpost I want to document a few of my favourite tricks.
Ten tips after a year of pentesting
For the past years I was very hesitant about my future career choices. Originally, I’m a developer but I liked security and hacking a lot. I was doing all kinds of CTFs in my spare time. For my bachelor degree I had to do a final project (thesis) and thought it might be the best moment to shift into the (professional) security world. I finished my internship at Securify and was offered a job/traineeship. I’ve learned a lot in the last year and I would like to share some tips. The following tips are in no particular order and might even be applied to some other disciplines.
Regex subroutines and recursion
Introduction
Subroutines and recursion are powerful expressions that are sometimes ignored or forgotten. Maybe because the number of languages that support it are relatively scarce? If you’re using PCRE, PHP which uses PCRE under the hood, Perl or Python with the regex module then keep reading!
Meepwn 2018 CTF - babysandbox pwn challenge
0x00 Preface
I participated with Sec.SE CTF team at Meepwn 2018 CTF. I focussed mainly on the baby pwn challenge. Although I couldn’t get the flag during the competition. I think I was close enough to write a blogpost about this.