Hi guys, today we will continue to do our series about exploitMe mobile android. In the previous post, we have discussed PARAMETER MANIPULATION and INSECURE FILE STORAGE. In this post, we will discuss about Secure Logging, Basic Encryption and Advanced Encryption on mobile android.
Now, let’s go!
Many developers used to write their information to the android log ( for debugging ). Sometimes sensitive data as well. To inspect the android emulators log files you have to run the command ( use ADB tool ) :
The command will allow putting the log on to the console.
In here, I will take action money transfer money via mobile application, then we will follow up on the log information is given.
- View logcat
By logcat, we can view information account.
In this lab, we will extract some sensitive information from the filesystem of the device. In this case, the information we need that was not be encrypted, and we simply need to find it.
Connect to the emulator with adb shell. You will be given shell access to the Android emulator. Browse to the data store of the app.
After, we will go to folder contain application, open file preferences.xml
Because the information uncrypted in files should have to disclose sensitive information.
We can view information: serveruser and serverpass
In this lab, we will use the solution to solve the sensitive problem in the Basic Encryption Lab.
First, we will have to install android BasicEncryptionSolution.apk up emulation.
Login and set local password .
Successful Config . Let’s think about the password will be stored on the machine look like?
In adb shell go to path:
In lab Basic Encryption of user information stored in the preferences file and it is not safe, to expose sensitive information. Solution for labs that perform encryption of information stored in the preferences file.
View file preferences.xml
We can see sensitive information is encryption.
There are times when assessing mobile applications you can find that keys are hard coded within the binary itself. There are numerous reasons for this, but one thing’s for sure, its not best practice and should be avoided.
There are several tools that can be used to view the application’s commands. Here we will use apktool to decompile the program code.
Apktool will decompile or decode apk files into Android smali format. The tool itself works on any APK to extract and reinsert code into the APK file without needing to recomiple. It’s a very powerful tool but for this lab, we will just use it to open up the APK and get the smali from the BasicEncryptionSolution.apk lab.
Download Apk Tool
To use apktool, we run the following:
apktool d file_name.apk -o path
with path is path file we will be creted.
If you use Android Studio you can see file .apk with path:
OK! Then we’ll get the whole file folders containing the application.
We will view all file in folder.
We can’t see information we need.
Why? I will be done with the help of two more tool that is dex2jar and ByteCodeViewer
In folder unknown in folder created to apktool we will see file instant-run.zip.
In this file contains file .dex. Maybe that will contain the program code.
Extract and use dex2jar convert from file .dex to file .jar.
Then, we will use tool ByteCode Viewer opne file .jar.
The results were interesting:
We have the complete source code of the application. However, this is not my purpose. We need to find the key to decrypt the encrypted section above.
View file CryptoTool.class
We have obtained key. So we can use it to decrypt the encrypted information later. This is a basic example to show the key in the source code is not secure. We can obtain the key from the decompiled code easily.
Hope you guys could understand this insecure problems. In the next post, I will show you how to inspect memory dump and use client-side Password complexity.