Sana147
/
relab
forked from beau/relab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Debug Server
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23 Commits
1 Branch
0 Tags
9.2 MiB
 
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Sana147 237f48ea1f
Upload files to 'server' 		12 months ago
NetGuard@0350e46d6d netgenie-server: Added skeleton for network genie server 12 months ago
frida adding re env setup 1 year ago
jadx adding re env setup 1 year ago
root-android shadowsocks setup and Android rooting steps 1 year ago
server Upload files to 'server' 12 months ago
setup_scripts adding re env setup 1 year ago
socks_setup shadowsocks setup and Android rooting steps 1 year ago
.gitmodules ng: Added NetGuard (ng) as a submodule. 1 year ago
README.md Update 'README.md' 1 year ago
grab_apk.sh adding re env setup 1 year ago
install_all.sh adding re env setup 1 year ago
start_all.sh adding re env setup 1 year ago
stop_all.sh adding re env setup 1 year ago

README.md

relab

Lab for reverse engineering APKs

RE environment for dynamic and static analysis of APKs

Includes:

  1. mitmproxy
  2. Frida
  3. Genymotion
  4. Jadx
  5. apktool

Note: Setup scripts built and tested on Ubuntu 20

Prereqs:

  1. Python3: sudo apt install python3
  2. pip3: sudo apt install python3-pip
  3. dev-tools: apt install build-essential)

Install Dynamic Analysis Tools

  1. Run install script for mitmproxy and genymotion emulator: ./install_all.sh
  2. Create and start Android emulated device in Genymotion OR attach physical rooted test Android device over USB.
  3. Make sure test device is accessible over adb with root access: adb shell -> su
  4. Run script to copy mitmproxy cert to be system cert on device: cd setup_scripts; ./make_root_ca.sh
  5. Install frida: cd frida; ./install_frida.sh
  6. Get frida-server binary then push to test Android device: ./get_frida_server.sh
  7. Start frida-server on Android: adb shell -> su -> /data/local/tmp/frida-server &
  8. Verify frida is attaching to device over adb: frida-ps -U

Note: May need to mount Android filesystem as writable after step 3: adb shell; su; mount -o rw,remount /system

Capturing Live HTTPS from app

  1. Start mitmproxy on desktop: cd mitmprox; ./mitmweb
  2. Make sure test Android is connected to proxy: Settings -> Network -> Wi-Fi -> Click then hold down connected network -> Modify network -> (click) Advanced options drop down -> Set Proxy to "Manual" -> hostname = IP of desktop -> proxy port = 8080
  3. View decrypted traffic panel in mitmweb browser on desktop at: localhost:8081
  4. Visit any site in browser on Android to verify decryption is working

Use Frida to bypass SSL pinning and capture files accessed

  1. Make sure frida server is started on Android and verify connection: frida-ps -U
  2. Find name of app package to target with frida: adb shell pm list packages
  3. Bypass SSL for targeted app: frida -l frida_scripts/multiple_unpinning.js -U -f <package_id> --no-pause
  4. Trace files being opened by app on device: frida-trace -U -i open -f <package_id>

Note: Most Android apps do not need SSL pinning bypass for mitmproxy to work