beau
/
relab
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
RE env for inspecting APKs
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19 Commits
1 Branch
0 Tags
10 MiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
relab/README.md

55 lines
2.2 KiB
Raw Permalink Normal View History

Initial commit
1 year ago
adding re env setup
1 year ago
Initial commit
1 year ago
adding re env setup
1 year ago
Update 'README.md'
1 year ago
adding re env setup
1 year ago
  1. # relab
  2. Lab for reverse engineering APKs
  5. ### RE environment for dynamic and static analysis of APKs
  7. Includes:
  9. 1. mitmproxy
  10. 2. Frida
  11. 3. Genymotion
  12. 4. Jadx
  13. 5. apktool
  15. _**Note:** Setup scripts built and tested on Ubuntu 20_
  17. #### Prereqs:
  19. 1. Python3: `sudo apt install python3`
  20. 2. pip3: `sudo apt install python3-pip`
  21. 3. dev-tools: `apt install build-essential`)
  24. #### Install Dynamic Analysis Tools
  26. 1. Run install script for mitmproxy and genymotion emulator: `./install_all.sh`
  27. 2. Create and start Android emulated device in Genymotion OR attach physical rooted test Android device over USB.
  28. 3. Make sure test device is accessible over adb with root access: `adb shell` -> `su`
  29. 4. Run script to copy mitmproxy cert to be system cert on device: `cd setup_scripts; ./make_root_ca.sh`
  30. 5. Install frida: `cd frida; ./install_frida.sh`
  31. 6. Get frida-server binary then push to test Android device: `./get_frida_server.sh`
  32. 7. Start frida-server on Android: `adb shell` -> `su` -> `/data/local/tmp/frida-server &`
  33. 8. Verify frida is attaching to device over adb: `frida-ps -U`
  36. _**Note:**_ May need to mount Android filesystem as writable after step 3: `adb shell; su; mount -o rw,remount /system`
  38. #### Capturing Live HTTPS from app
  40. 1. Start mitmproxy on desktop: `cd mitmprox; ./mitmweb`
  41. 2. Make sure test Android is connected to proxy: `Settings` -> `Network` -> `Wi-Fi` -> `Click then hold down connected network` -> `Modify network` -> `(click) Advanced options drop down` -> `Set Proxy to "Manual"` -> `hostname = IP of desktop` -> `proxy port = 8080`
  42. 3. View decrypted traffic panel in `mitmweb` browser on desktop at: `localhost:8081`
  43. 4. Visit any site in browser on Android to verify decryption is working
  47. #### Use Frida to bypass SSL pinning and capture files accessed
  49. 1. Make sure frida server is started on Android and verify connection: `frida-ps -U`
  50. 2. Find name of app package to target with frida: `adb shell pm list packages`
  51. 3. Bypass SSL for targeted app: `frida -l frida_scripts/multiple_unpinning.js -U -f <package_id> --no-pause`
  52. 4. Trace files being opened by app on device: `frida-trace -U -i open -f <package_id>`
  55. _**Note:** Most Android apps do not need SSL pinning bypass for mitmproxy to work_