i EXPLOITME MOBILE ANDROID – Secure Logging – Basic Encryption – Advanced Encrytion – All things in moderation

EXPLOITME MOBILE ANDROID – Secure Logging – Basic Encryption – Advanced Encrytion

Hi guys, today we will continue to do our series about exploitMe mobile android. In the previous post, we have discussed PARAMETER MANIPULATION and INSECURE FILE STORAGE. In this post, we will discuss about Secure Logging, Basic Encryption and Advanced Encryption on mobile android.
Now, let’s go!

SECURE LOGGING
Many developers used to write their information to the android log ( for debugging ). Sometimes sensitive data as well. To inspect the android emulators log files you have to run the command ( use ADB tool ) :

adb logcat

exploitMe Mobile Android logcat

The command will allow putting the log on to the console.
In here, I will take action money transfer money via mobile application, then we will follow up on the log information is given.

transfer money

  • View logcat

information logcat

By logcat, we can view information account.

BASIC ENCRYPTION

In this lab, we will extract some sensitive information from the filesystem of the device. In this case, the information we need that was not be encrypted, and we simply need to find it.

Connect to the emulator with adb shell. You will be given shell access to the Android emulator. Browse to the data store of the app.

adb shell connection

adb shell connection

After, we will go to folder contain application, open file preferences.xml

view file preferences

Because the information uncrypted in files should have to disclose sensitive information.

We can view information: serveruser and serverpass

ADVANCE ENCRYPTION

In this lab, we will use the solution to solve the sensitive problem in the Basic Encryption Lab.
First, we will have to install android BasicEncryptionSolution.apk up emulation.
Login and set local password .

login

set password local

password local

Successful Config . Let’s think about the password will be stored on the machine look like?

main menu

In adb shell go to path:

adb shell

/data/data/com.securitycompass.androidlabs.basicencryptionsolution/shared_prefs

In lab Basic Encryption of user information stored in the preferences file and it is not safe, to expose sensitive information. Solution for labs that perform encryption of information stored in the preferences file.
View file preferences.xml

view file preferences

We can see sensitive information is encryption.
There are times when assessing mobile applications you can find that keys are hard coded within the binary itself. There are numerous reasons for this, but one thing’s for sure, its not best practice and should be avoided.
There are several tools that can be used to view the application’s commands. Here we will use apktool to decompile the program code.

Apktool will decompile or decode apk files into Android smali format. The tool itself works on any APK to extract and reinsert code into the APK file without needing to recomiple. It’s a very powerful tool but for this lab, we will just use it to open up the APK and get the smali from the BasicEncryptionSolution.apk lab.
Download Apk Tool

To use apktool, we run the following:
apktool d file_name.apk -o path
with path is path file we will be creted.
If you use Android Studio you can see file .apk with path:
\AndroidStudioProjects\AndroidLabs-BasicEncryptionSolution\app\build\outputs\apk

Run apktool:
run apktool

OK! Then we’ll get the whole file folders containing the application.

view_folder

We will view all file in folder.
Oh, no!
We can’t see information we need.
Why? I will be done with the help of two more tool that is dex2jar and ByteCodeViewer

In folder unknown in folder created to apktool we will see file instant-run.zip.

file instant-run

In this file contains file .dex. Maybe that will contain the program code.

Extract and use dex2jar convert from file .dex to file .jar.

use dex2jar

Then, we will use tool ByteCode Viewer opne file .jar.
The results were interesting:

use bytecode viewer

We have the complete source code of the application. However, this is not my purpose. We need to find the key to decrypt the encrypted section above.

View file CryptoTool.class

view crytotool

We have obtained key. So we can use it to decrypt the encrypted information later. This is a basic example to show the key in the source code is not secure. We can obtain the key from the decompiled code easily.

Hope you guys could understand this insecure problems. In the next post, I will show you how to inspect memory dump and use client-side Password complexity.

Leave a Reply