Posts

Showing posts with the label Android Application Hacking

Automated DEX Decompilation using Androguard

Image
Hey guys, its been a while since my last post and my blog is beginning to gather dust. So I though I would drop a couple posts about some new stuff I've been trying and learning. This post is about Androguard and how to write a simple python script that dumps decompiled dalvik bytecode from an Android APK.


About addJavascriptInterface abuse in Android Browsers

Image
So I started out writing this post like most of the other posts I've been writing this year, just another rash vulnerability disclosure; but I decided to turn it into more of a discussion about the addJavascriptInterface vulnerability.

I base my discussions here on some vulnerabilities I've found in various Android Browser apps. I'm going to specifically talk about some novel methods I used to enumerate Browser applications using JavaScript bridges insecurely. Obviously, in finding out how to detail the existence of the vulnerability you will also learn how to protect your applications from the discussed exploitation methods.


Path Traversal Vulnerability in OI File Manager for Android

Image
# Disclosure Date: 12/02/2014
# Author: Keith Makan
# Vendor or Software Link:org.openintents.filemanager
# Version: 2.0.5
# Tested on: Android 3.2.1 (HTC Flyer)
# Tools : Drozer, Bash










Path Traversal Vulnerability in 'com.smartwho.SmartFileManager' 3.1.2 for Android

Image
# Disclosure Date: 30/01/2014
# Author: Keith Makan
# Vendor or Software Link:com.smartwho.SmartFileManager
# Version: 3.1.2
# Tested on: Android 3.2.1 (HTC Flyer)
# Tools : Drozer, Bash




Critical Information Leakage Vulnerabilities in 'Next Browser' 1.16 for Android

Image
# Disclosure Date: 30/01/2014
# Author: Keith Makan
# Vendor or Software Link:https://play.google.com/store/apps/details?id=com.jiubang.browser&hl=en
# Version: 1.16
# Tested on: Android 3.2.1 (HTC Flyer)
# Tools : Drozer, Bash

Path Traversal Vulnerability in File Explorer (FX) for Android

Image
# Disclosure Date: 31 Jan 2014
# Author: Keith Makan
# Vendor or Software Link:https://play.google.com/store/apps/details?id=nextapp.fx&hl=en
# Version: 2.3.0.10 
# Tested on: Android 3.2.1 (HTC Flyer)
# Tools : Drozer, Bash

Grepping for Glory : using grep to uncover Android Application Level Vulns

Image
I've spent some time trawling through masses of Android App Sauce lately and I thought I'd share some quick tips and tricks that can help you uncover some critical vulnerabilities. In this post I'll discuss some basic bash scripting that pin points code being either in Java or Jasmin/Smali form.

A quick disclaimer, 

the screenshots below are from actual apps sourced from the play store, I've used real examples here to motivate the need to look for the mentioned vulnerabilities and detail how easy they are to find. Although I've made sure to santize them for any useable or exploitable information seeing that some of these apps have been downloaded hundreds of the thousands of times.


More Details on the Android JCA PRNG Flaw

Image
I've spent a couple days reading the source code for the Pseudo Random number generators in Android mostly because there aren't many breakdowns of the vulnerability around, none that walk through the code explicitly anyway. After some discussion with some people from the Android Security Discussion Google Group I realized that the issue goes a little deeper than  just the super calls and constructor definition as I previously thought.

I was also mislead by grepcode---the site I was using to read the code---since it it wasn't directing me to the Android SecureRandom Implementation but rather OpenJDK!

So I thought I'd correct myself re-post about the issue and study the code directly from the Android repo namely ( https://android.googlesource.com/platform/libcore/+/jb-release/luni/src/main/java/java/security/SecureRandom.java )

Labels

Show more