Android Hacking

• This week we are learning how to hack android apps
• We should have some root phones but not enough for one each
• Make sure to install an android emulator (we recommend genymotion) so you can still do the challenges
• Alternatively if you do have your own already rooted devices feel free to bring them!
• Warning! We do not recommend rooting your personal phone/device! This can be a big security risk to you and may lead to some apps and functionality (e.g banking apps) not working.

Todays slides

• Slides

APKs for today:

• Uncrackable 1 and 2: https://github.com/OWASP/owasp-mstg/tree/master/Crackmes
• Crackme 2 and 3: https://persianov.net/crackme-challenges-for-android

Bytecode viewer

• https://github.com/Konloch/bytecode-viewer

Frida

• pip3 install frida frida-tools ###Download Frida Server:
• https://github.com/frida/frida/releases
• Version 17.6.2 is broken so get 17.6.1
  • frida-server--android-x86_64.xz for emulator
  • frida-server--android-arm64.xz for phones

Genymotion Android Emulator

Installing

• Genymotion is an android emulator that can give you a full, rooted phone on your laptop
• Installation guides can be found with the download links
• Genymotion does need an account to use, but if you select "Personal use" during setup and agree to their terms then thats all you need
• Troubleshooting step: If you already have VirtualBox installed it may still prompt you to install again, if it is trying install an older version of VBox than you already have then skip the VBox installation.

Phone setup

• Once Genymotion is installed and set up you need to create a phone to use
• We would recommend a Custom Phone with Android 11 and leaving all other settings as default
• It must be on Android 11 or lower as Genymotion will make you pay to have the device rooted on newer versions of Android.
• Now you can boot the phone and start using it! :)