<aside> 📌 Sommaire
</aside>
The examples of this page are done on the training app https://github.com/B3nac/InjuredAndroid.git.
Before trying to analyse anything, we need to retrieve the apk file of the target app. We first install the app on our emulator or connected phone. Then we can connect to it using adb with the command :
adb shell
Then, we look for information about the installed package using the pm command. We're looking for the package name and path.
pm list packages | grep <package name>
pm path <complete package name>
From there we go back to our machine and pull the apk file with adb :
adb pull <package path> <output file dot apk>
Finally, we can open it with either jadx or esptool and look for interesting data, more detailed folder architecture of application file in Work in progress.
jadx-gui <target.apk>
apktool d <target.apk>
Alternatively we can statically analyse the apk file with https://github.com/MobSF/Mobile-Security-Framework-MobSF . (Find more in the raw notes Automated Analysis using MobSF)
docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
The Android Manifest contains information about the application itself. We may be interested in a few of them :
minSDKVersion: apps available on old Android versions may suffer from more vulnerabilities. In addition to this, the app behaviour may vary depending on the Android version.permission: abusive permission leads to vulnerabilities.activities: those are UI elements, on each page of the app.
intent-filter: conditions required to access a page.exported="True": activities accessible from outside of the app.