frida
-
Read more: BSides San Francisco CTF 2017 – flag-receiverDescription: Here is a simple mobile application that will hand you the flag.. if you ask for it the right way.P.S, it is meant to have a blank landing activity 🙂 Use string starting with Flag:Note: For this challenge, we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation Download APK: https://lautarovculic.com/my_files/flagstore.apk…
-
Read more: 0CTF 2015 Quals CTF – VezelDescriptionEvermars says he is good at repackaging Android applications. For this challenge, we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation For download the APKhttps://lautarovculic.com/my_files/vezel.apk Install it with adb adb install -r vezel.apk We can see a text edit and an button.Let’s decompile the apk with apktool apktool d vezel.apk The package name is com.ctf.vezel Let’s inspect the source code with jadx.We just…
-
Read more: AHE17: Android Hacking Events 2017 (Why Should I Pay?)For this challenge, probably we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation For download the APKhttps://team-sik.org/wp-content/uploads/2017/06/WhyShouldIPay.apk_.zip Install the apk with adb adb install -r WhyShouldIPay.apk And decompile the apk with apktool Load the apk to jadx-gui for see the source codeWe can see in the first activity that we have the VERIFY button, that give us an error.And the PREMIUM CONTENT button, that show us…
-
Read more: Pinned – Hack The Box – @lautarovculicDifficult: Easy Category: Mobile OS: Android Description: This app has stored my credentials and I can only login automatically. I tried to intercept the login request and restore my password, but this seems to be a secure connection. Can you help bypass this security restriction and intercept the password in plaintext? Download the .zip file…
-
Read more: Angler – Hack The Box – @lautarovculicDifficult: Medium Category: Mobile OS: Android Description: The skilled fisherman used his full strength and expertise to hook the fish. Can you beat him and set the fish free? First we’ll download the .apk file. The pass is hackthebox And then decompile with apktool ☝️🤓 apktool d Angler.apk The SDK version is 32, then we…
-
Read more: Supermarket – Hack The Box – @lautarovculicDifficult: Medium Category: Mobile OS: Android Description: My supermarket list is too big and I only have $50. Can you help me get the Discount code? Download the .zip and install the APK vía ADB. adb install -r supermarket.apk Reading the application code and taking into account the description of the challenge, apparently we have…
-
Read more: SAW – Hack The Box – @lautarovculicDifficult: Medium Category: Mobile OS: Android (SDK ≥ 29) Description: The malware forensics lab identified a new technique for hiding and executing code dynamically. A sample that seems to use this technique has just arrived in their queue. Can you help them? When you download the .zip file and extract them, we can see that…
-
Read more: Bypass restrictions with FRIDAI recomment read this post first: Post First, we need install FRIDA with pip install frida-tools Now, we need know the arch of our Android device: adb shell If you have more than one device, you can run this command: adb -s -genymotion device ip-:5555 shell And, with uname -a We get the arch of…
-
Read more: Intercept Android App Traffic with BurpSuiteFirst, we need install genymotion in our machine. Genymotion And then, we will install virtualbox and adb. sudo apt-get install virtualbox adb And, obviously, we need install burpsuite. You can follow some guide for setup burpsuite in your machine, configure browser with foxyproxy or your preferred method. Once genymotion is installed, we are going to…