Mobile Application Pentesting-Part 5

Piyush Patil
May 17, 2019 · 3 min read

Andbug

It provides much more interactive shell compared to JDB

adb shell ps | grep -i bank =>to find PID

andbug shell -p 30275

classes package_name_of_app

methods class_path

We can hook into these methods using method-trace command and monitor them while the application is running. If you want to analyze all the methods within a class, you can simply run ct command, which is short for class-trace.

method-trace com.android.insecurebank.RestClient.dotransfer

Now whenever dotransfer method gets called ,it will show the result.

When you click on Transfer ,you see the all parameters

One of drawback of Andbug is it does not allow bydefault to setup breakpoint and change the variable at that point of time.

Lets solve this problem using JDB


JDB(Java Debugger)

adb shell ps | grep -i appname

Now we will get app PID

adb forward tcp:localport jdwp:App_PID

jdb -attach localhost:localport

classes => show all the classes

We will get all classes,but we cannot filter out main classes which is responsible for application,so refer andbug.

Once you know the main classes which is responsible for application, lets use it in jdb.

methods com.android.insecurebank.RestClient

stop in com.android.insecurebank.RestClient.dotransfer

And when you try to transfer some amount then breakpoint will be hit

locals =>to see all parameters

We can also change any parameter and forward it.

set amount=”50"

locals => to see if it changed or not

resume


Android Backup Vulnerability

Android allows backups and restoration of its data. Attacker could take the backup of the app, modify the contents and restore it back again.

https://sourceforge.net/projects/adbextractor/

Extract the downloaded folder from sourceforge, there will be abe.jar .

adb backup package_name -f backup.ab

java -jar abe.jar unpack backup.ab backup.tar

tar -tf backup.tar > backup.list

tar -xvf backup.tar

//Editing//

We can do like grep -iRn ´ṕin´

Or any other things,and then do some modification

//Editing Finished//

star -c -v -f backup_new.tar -no-dirslash list=backup.list

java -jar abe.jar pack backup_new.tar backup_new.ab

adb restore backup_new.ab

Piyush Patil

Written by

Reverse Engineering, Penetration Testing( Web, Mobile, IoT, Network, Infra)

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade