Prerequisite If you have look into my previous post, Android Penetration Testing Setup Guide, do have a look into it to ensure that you have installed the tools. Summary I created this blog post to showcase how I intercept android traffic using Burp Suite. Creating an Android Emulator To create an android emulator, I will be using Android Studio as an example. Select “More Actions” > “Virtual Device Manager”. This is where the android emulator is managed. ...
Summary I created this blog post to showcase how I setup my android penetration testing environment in Windows. Tools The list of tools that I will be installing: Android Studio build-tools platform-tools android virtual device (AVD) OpenJDK Apktool Jadx / Jadx-gui Frida (Required Python) Objection (Required Python) Burp Suite CE Tools that are required to add into system environment (PATH) to make it work: OpenJDK (java.exe) Apktool Jadx build-tools from Android Studio platform-tools from Android Studio Video To make things easier, I decided to just demo in a video instead. ...
Description This is a continuation of the Android Spyware Maybank2u APK where I dig deeper specifically on the decompilation failure. Although several solution was found previously, I did not fully understand on the issue and thats the reason I’m having the research here The Issue The APK was not able to decompile as shown below. 1 2 3 4 5 6 unzip Maybank2u.apk Archive: Maybank2u.apk [Maybank2u.apk] AndroidManifest.xml password: skipping: AndroidManifest.xml incorrect password inflating: classes.dex ...[snip]... 1 2 3 4 5 6 7 jadx .\Maybank2u.apk INFO - loading ... ERROR - Failed to process zip file: .\Maybank2u.apk jadx.core.utils.exceptions.JadxRuntimeException: Failed to process zip file: .\Maybank2u.apk ...[snip]... Caused by: java.util.zip.ZipException: invalid CEN header (encrypted entry) ...[snip]... 1 2 3 4 5 6 7 apktool d .\Maybank2u.apk I: Using Apktool 2.10.0 on Maybank2u.apk with 8 thread(s). Exception in thread "main" brut.androlib.exceptions.AndrolibException: brut.directory.DirectoryException: java.util.zip.ZipException: invalid CEN header (encrypted entry) ...[snip]... Caused by: brut.directory.DirectoryException: java.util.zip.ZipException: invalid CEN header (encrypted entry) ...[snip]... Caused by: java.util.zip.ZipException: invalid CEN header (encrypted entry) Analysis To fully understand that happened, I used apkInspector tool to understand the information behind it. ...