Decompile APK programmatically using JEB
Android adb reverse tethering mitm setup revised
In a previous blogpost, I’ve written how to combine Gnirehtet & proxychains in order to intercept traffic from mobile apps over adb while on a VPN. After some time, the setup seemed to be somewhat buggy and slow. A contact of @FSDominguez suggested to look into port forwarding. I’d like to present a revised adb reverse tethering MITM setup.
Android adb reverse tethering mitm setup
Traditionally, to inspect traffic for Android apps, the mobile phone and the security analyst’s PC are connected to the same Wi-Fi hotspot. The proxy settings on the mobile phone are configured to point to the analyst’s PC. Typically, an intercepting software such as Burp Suite Pro is configured on the PC to listen on all incoming connections.
Android Frida hooking: disabling FLAG_SECURE
In Android land, it is possible to protect specific components (ex: activities) from being screenshotted. This is achieved by adding the
FLAG_SECURE flag on the desired component:
Automated Frida hook generation with JEB
Certain mobile app pentests are done on a recurrent basis (Agile security). Some of these pentests have common repeating tasks. Since repetition is boring, we want to automate as much as possible.
Frida Android libbinder
While doing some security research on the Android operating system, I stumbled upon the following blackhat presentation. It turns out that Android has a unique inter-process communication (IPC) mechanism. Although the internal workings of this mechanism is quite complex, it is abstracted away for Android app developers. The gist of the story is that Android uses Binder for inter-process communications and that it might be a good place for malware to eavesdrop for sensitive information.
Frida Android Helper
One of my favorite tools for Android app security assessments is frida. Frida is a cross platform dynamic instrumentation tool that can help with dynamic analysis of apps and bypass security mechanisms implemented in these apps. The community behind Frida is also extremely active and supportive. Sometimes a few releases are pushed per week with a ton of improvements and bug fixes!
Ingredients for effective mobile app testing
From small note taking apps to critical financial apps, mobile apps are augmenting our daily lives. The presence of mobile apps is undeniably increasing and so is the demand for mobile app security.
Modern regex engines have some powerful features which are not used quite often. Maybe because regexes are considered cryptic and hard to begin with? In this blogpost I want to document a few of my favourite tricks.
Ten tips after a year of pentesting
For the past years I was very hesitant about my future career choices. Originally, I’m a developer but I liked security and hacking a lot. I was doing all kinds of CTFs in my spare time. For my bachelor degree I had to do a final project (thesis) and thought it might be the best moment to shift into the (professional) security world. I finished my internship at Securify and was offered a job/traineeship. I’ve learned a lot in the last year and I would like to share some tips. The following tips are in no particular order and might even be applied to some other disciplines.
Regex subroutines and recursion
Subroutines and recursion are powerful expressions that are sometimes ignored or forgotten. Maybe because the number of languages that support it are relatively scarce? If you’re using PCRE, PHP which uses PCRE under the hood, Perl or Python with the
regex module then keep reading!
Meepwn 2018 CTF - babysandbox pwn challenge
I participated with Sec.SE CTF team at Meepwn 2018 CTF. I focussed mainly on the baby pwn challenge. Although I couldn’t get the flag during the competition. I think I was close enough to write a blogpost about this.