Description I asked this APK from Fareed after I saw his post in X and decided to have a look into it. Analyzing APK This is interesting because this is my first time playing around malicious APK and I have no idea if it would affect anything on both my devices and my machine. As usual, I started out with static analysis first. Static Analysis I started out with both jadx and apktool but it has some error which fail to decompile the APK. ...
Prerequisite Android Studio kotlin Android Emulator or physical devices Discord as C2 I tested out this project in API 33 rooted device. Anything above API 33 might need to perform some modification to get everything works. Creating the spyware I created this project using Android Studio and Kotlin. This project took me around 16 hours to complete with massive help of GPT. Part 0 I started off by creating a project in Android Studio by pressing New Project > Empty Activity and provide a name. It will have some generated code and function. ...
Challenge Description Welcome to the Config Editor Challenge! In this lab, you’ll dive into a realistic situation involving vulnerabilities in a widely-used third-party library. Your objective is to exploit a library-induced vulnerability to achieve RCE on an Android application. configeditor.apk Solution As usual, I started out by performing static analysis to read the code. Static Analysis I started by looking into the AndroidManifest.xml. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 <activity android:name="com.mobilehackinglab.configeditor.MainActivity" android:exported="true"> <intent-filter> <action android:name="android.intent.action.MAIN"/> <category android:name="android.intent.category.LAUNCHER"/> </intent-filter> <intent-filter> <action android:name="android.intent.action.VIEW"/> <category android:name="android.intent.category.DEFAULT"/> <category android:name="android.intent.category.BROWSABLE"/> <data android:scheme="file"/> <data android:scheme="http"/> <data android:scheme="https"/> <data android:mimeType="application/yaml"/> </intent-filter> </activity> There’s only one activity and it has a intent filter which accept URI parameter. ...