This article will list the first steps to perform a security review of
an Android application. These steps will cover an initial information
collection, APK decompilation for static analysis and APK modification
to enable debugging and dynamic analysis.
If you feel that any of these steps can be improved or simplified through existing tools, please leave your comment and I will update the article.
The number of tools available to assist in understanding Android applications has significantly increased offering powerful and robust features to easily understand and review our target application.
For the initial assessment we will be using the following tools:
Drozer: https://www.mwrinfosecurity.com/products/drozer/
APKTool: https://code.google.com/p/android-apktool/
Androguard: http://code.google.com/p/androguard/
ApkAnalyser: http://developer.sonymobile.com/knowledge-base/tools/analyse-your-apks-with-apkanalyser/
Netbeans IDE: https://netbeans.org/downloads/
Android SDK: https://developer.android.com/sdk/index.html#ExistingIDE
APK Downloader: http://www.01net.com/telecharger/windows/Internet/plugins/fiches/118788.html
If you feel that any of these steps can be improved or simplified through existing tools, please leave your comment and I will update the article.
The number of tools available to assist in understanding Android applications has significantly increased offering powerful and robust features to easily understand and review our target application.
For the initial assessment we will be using the following tools:
Drozer: https://www.mwrinfosecurity.com/products/drozer/
APKTool: https://code.google.com/p/android-apktool/
Androguard: http://code.google.com/p/androguard/
ApkAnalyser: http://developer.sonymobile.com/knowledge-base/tools/analyse-your-apks-with-apkanalyser/
Netbeans IDE: https://netbeans.org/downloads/
Android SDK: https://developer.android.com/sdk/index.html#ExistingIDE
APK Downloader: http://www.01net.com/telecharger/windows/Internet/plugins/fiches/118788.html
1- APK Retrieval
To download the target APK, the easiest way is using APK downloader. The
tool is a Chrome extension that add a download button at the address
once an APK URL is detected.
2- Android SDK Installation & Emulator Setup
The installation of Android SDK is very straightforward and available at the Android Developer portal.
To test our application we will be using the Android Emulator, which could be created using the AVD Manager. The rest of these steps can also be performed on a root'd phone.
To test our application we will be using the Android Emulator, which could be created using the AVD Manager. The rest of these steps can also be performed on a root'd phone.
To execute the Emulator we won't be using the start button as several options are only accessible from the command line. Among the interesting option is the http-proxy feature which allow proxification of HTTP/HTTPS.
./emulator -avd watchever -http-proxy http://127.0.0.1:8081 -scale 0.6
Other traffic will requirea slightly complex setup which is already covered in this blog post: https://intrepidusgroup.com/insight/2010/12/mallory-and-me-setting-up-a-mobile-mallory-gateway/
We can this way inspect the HTTP traffic using our favorite Proxy like ZAP or Burp.
3- Installation and Information Collection
APK should be installed using the following command:
$ adb install uk.co.aifactory.chessfree.apk
1986 KB/s (7412910 bytes in 3.644s)
pkg: /data/local/tmp/uk.co.aifactory.chessfree.apk
Success
Once the application is installed, we might want to identify its different feature like authentication which might trigger storage of password for instance, which will allow result in the creation of Data files . The location of these files will depend on your application, but the usual folders are /data/data/
$ adb install uk.co.aifactory.chessfree.apk
1986 KB/s (7412910 bytes in 3.644s)
pkg: /data/local/tmp/uk.co.aifactory.chessfree.apk
Success
Once the application is installed, we might want to identify its different feature like authentication which might trigger storage of password for instance, which will allow result in the creation of Data files . The location of these files will depend on your application, but the usual folders are /data/data/
More...
Fuente: Yet Another P0wn Blog
No hay comentarios:
Publicar un comentario