ANDROID HACKING

ANDROID HACKING
• Reverse Engineering:
Use tools like APKTool, JADX, and dex2jar to decompile APKs into
readable formats. This allows inspection of source code, extracting
secrets, and analyzing app behavior. Essential for understanding how
an app works internally.

• Dynamic Instrumentation:
Frida and Objection allow real-time hooking and behavior
manipulation. These tools are great for bypassing security checks or
inspecting encrypted communications. Ideal for black-box testing
and runtime analysis.
• Bypass Techniques:
Learn to bypass root detection, SSL pinning, and anti-debugging
methods. This gives testers full access to app functionality and
sensitive flows. Often involves modifying smali code or hooking
sensitive methods.

• Security Testing Tools:

MobSF automates static and dynamic analysis of APKs. Burp Suite can
be used with Android apps for intercepting network traffic. Custom
scripts enhance detection of logic flaws and data leaks.
 ANDROID ARCHITECTURE
• Linux Kernel:
Forms the foundation of Android OS, managing memory, processes,
and drivers. Vulnerabilities here allow root access and system-level
exploits. Kernel exploits can bypass user-level sandboxing entirely.

• HAL (Hardware Abstraction Layer):

Acts as a bridge between the Android framework and hardware.
Standardizes hardware access across different devices. Malicious HAL
implementations can compromise device functionality.
• Android Runtime (ART):
Executes bytecode from apps and replaces the older Dalvik VM.
Improves performance and security. Some vulnerabilities specifically
target ART internals.

• Application Framework:
Provides APIs for developers to build apps and manage permissions.
Includes core services like Activity Manager and Package Manager.
Misuse can lead to component abuse or privilege escalation.

• System & User Apps:

System apps hold higher privileges and can expose dangerous APIs.
User apps are sandboxed but can interact with system services.
Misconfigured apps increase attack surface.
Linux Kernel (Base Layer)
• Based on Linux 3.6 with ~115 patches.
• Acts as an abstraction layer between hardware and software.
• Handles:
⚬ Hardware drivers (camera, display, keypad, etc.)
⚬ Networking
⚬ Memory & power management
⚬ Process management
⚬ Security settings
Native Libraries (C/C++)
• Built on top of the kernel.

• Key libraries include:

⚬ WebKit – browser engine
⚬ libc – standard C library
⚬ SQLite – lightweight database
⚬ Media libraries – audio/video playback & recording
⚬ SSL – secure network communication
Android Runtime:
• Contains:
⚬ Dalvik Virtual Machine (DVM) – optimized Java VM for Android
⚬ Core Java Libraries – standard Java classes for app
development
• Each app runs in its own VM instance and process.
• Uses Linux features like memory management and multi-
threading.

Android Libraries (Java-based):

• android.app – app model access
• android.content – data publishing & messaging
• android.database – database access (SQLite)
• android.opengl – 3D graphics with OpenGL ES
• android.os – OS-level services
• android.text – text display and manipulation
• android.view – UI building blocks
• android.widget – pre-built UI components
• android.webkit – web browsing features in apps
Application Framework:
• Provides high-level APIs via Java classes.
• Key components:
⚬ Activity Manager – app lifecycle control
⚬ Content Providers – data sharing between apps
⚬ Resource Manager – access to non-code resources (UI, strings,
etc.)
⚬ Notification Manager – user notifications and alerts
⚬ View System – UI components framework

Applications (Top Layer):

• End-user apps like:
⚬ Contacts
⚬ Browser
⚬ Games
⚬ Custom apps (developed by users/developers)
• Built using the application framework & core libraries
 ANDROID VULNERABILITIES
• Insecure Storage:
Sensitive data stored in plaintext can be accessed by attackers.
Includes SharedPreferences, SQLite DBs, or external storage. Data
should always be encrypted and access-restricted.

• Weak Network Security:

Use of HTTP or improperly validated SSL leads to MITM risks. SSL pinning
prevents interception of encrypted traffic. Always validate certificates
and avoid cleartext communication.

• Component Exposure:
Exported Activities, Services, or BroadcastReceivers can be hijacked.
Lack of permission enforcement invites unauthorized access. Mark
unused components as non-exported.
• WebView Issues:
JavaScript interfaces and unsafe input in WebViews are common
attack vectors. Leads to XSS and RCE in mobile context. Sanitize input
and disable unnecessary JavaScript bridges.

• Outdated Libraries:
Third-party SDKs may have known security issues. Exploiting these can
lead to RCE, DoS, or data leakage. Regular updates are crucial for
security.
 ANDROID EXPLOITS
• Intent Hijacking:
Crafted Intents can be sent to exposed components. If improperly
handled, attackers can trigger dangerous app behavior. Always
validate incoming Intents and restrict component exposure.

• Privilege Escalation:
Bugs in the kernel or system apps can grant elevated access. Used by
rooting tools and attackers alike. Such exploits can bypass Android’s
sandbox model.

• Code Injection:
Malicious payloads can be injected through WebViews or dynamic
class loading. Often achieved through insecure eval() or
DexClassLoader misuse. Results in arbitrary code execution on the
device.

• Malware Techniques:
Malware uses obfuscation, dynamic code loading, and overlays to
hide. It may also escalate privileges or persist post-reboot. Studying
these helps in creating effective defenses.
SECURING ANDROID DEVICES
• Code Obfuscation:
ProGuard and R8 obscure code and logic from reverse engineers.
Slows down attackers trying to analyze or tamper with your app. Use
in combination with encryption for stronger defense.

• Component Hardening:
Mark components as non-exported unless necessary. Use permission
checks for exposed services and receivers. Prevents unauthorized
access by third-party apps.

• SSL Pinning & Networking:

Pin trusted certificates to prevent MITM attacks. Use HTTPS exclusively
and configure `network_security_config.xml`. Avoid trusting all
certificates or disabling hostname verification.
• Root Detection:
Use Play Integrity API or SafetyNet to detect root/jailbroken devices.
Also check for root binaries or altered system paths. Can be
bypassed, but still useful for raising the bar.

• Security Auditing:
Analyze APKs using MobSF and static analyzers during development.
Keep all dependencies updated and patched. Perform regular
security reviews to catch new threats.
IOS HACKING
iOS hacking involves bypassing Apple’s strict security controls to
analyze, modify, or exploit system and app behavior. It is commonly
used by security researchers, ethical hackers, and jailbreak developers.
Due to Apple’s closed ecosystem and hardware-level security, it’s more
complex than Android hacking but offers valuable insights when done
responsibly.

iOS Hacking Tools

• Tools like Frida, Objection, and Cycript are used to hook into live apps
and inspect or modify behavior at runtime. Checkra1n and unc0ver
are jailbreak tools that enable root access and tool installation. Static
analysis tools like class-dump, Hopper, and Ghidra are used to
reverse engineer app binaries.
iOS Hacking Methods
• Jailbreaking is the first step, allowing full access to the device
filesystem and services. After that, hackers may reverse engineer
apps, intercept encrypted traffic, or patch binaries to bypass
protections. Advanced methods involve runtime hooking, bypassing
SSL pinning, or exploiting kernel-level bugs.