Collection of notes for Android/iOS pentesting, and MDM configuration reviews.
Android
Apk Analysis
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
$ apktool d app.apk
$ cd app/
$ ls
AndroidManifest.xml apktool.yml assets kotlin lib original res smali smali_classes2 unknown
$ cat res/values/strings.xml | grep ... # grep for urls, apikeys, etc.
$ ls -laR | egrep '\.db$|\.sqlite' # grep for db or sqlite files
# can also grep through the source code for specific functions etc.
$ unzip app.apk
$ d2j-dex2jar classes.dex
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
dex2jar classes.dex -> ./classes-dex2jar.jar
$ jd-gui // insert the new jar file
MobSF
The mobile security framework (MobSF) essentially automates everything shown in the previous section and provides a detailed report once it’s finished processing the apk. The report includes application permissions, AndroidManifest configuration recommendations, source code analysis, and much more.
Emulators
Android Debug Bridge (adb)
1
2
3
4
5
6
7
8
adb connect host[:port]
adb disconnect [host | host:port]
adb shell
adb shell ls /system/bin
adb devices -l
adb install [apk]
adb push [local] [remote]
adb pull [local] [remote]
Repack and Sign
1
2
3
apktool b /path/to/folder -o app.apk
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore app.apk alias_name
Tools and Resources
iOS
More to add here.
MobSF
The mobile security framework can also be used on iOS applications.