Hi guys! In the last week, I read some lab series for exploit app on android Mobile. I feel it is useful for mobile security. So, in this post I will guide you to install environment for this lab series.
Our labs will help you learn about:
1. Parameter manipulation of mobile traffic
2. Encryption of traffic
3. Password lock screens
4. File system access permissions
5. Insecure storage of files
6. Insecure logging
You can download Labs in link: Click here
Our labs are organized within the following branches:
ExploitMeMobile’s (EMM) Android app contains six labs within the Base branch. Each of the other branches are solutions to the vulnerability, how one can fix the security vulnerability demonstrated.
We recommend taking the following approach to hacking this Android application.
* Download and build the EMM “Base” project and install it to the emulator. This is the vulnerable android app. It contains all six lab exercises. * Run through each exercise to understand how the Android application works and the vulnerabilities. * Inspect the solutions to each lab and see what the best practices are to securely programming the application.
I will using Android Studio to guide you.
You can run “Base” as follows:
Run: Android Studio
Select File -> New -> Import Project
Note: You must make sure you’ve installed an configured the Android SDK properly including the Android platform tools, such as “adb” and “emulator”. We can’t help too much here, but you can see Google’s instructions here. If you can’t run “adb” from the command line, you have likely not configured the SDK properly, or haven’t included “adb” in your path.
In Android Studio, you can Create new Virtual Device(using emulator Android Device).
Click AVD Manager.
In this windows, you choose Crate Virtual Device…
You can turn on Virtual Device by using command line or Click turn on in Android Device Virtual Manager.
With command line you can using as follow:
Run the emulator by using AVD and emulator:
If you’ve never used AVD, you have to create a name and configuration for your emulator. AVD can be found in your SDK/platform-tools folder. Run:
After creating your emulator, run it by clicking “Start” or through command line by:
./emulator -avd name_of_emulator
Now that your emulator is up and running (it will take a while on first start), you can build and push the apk into the emulator by running:
./adb install emm.apk
or you could also run through the Android Studio debugger as shown below:
Now, run lab server:
In this LabServer: python app.py
And finally open the EMM Android application on your emulator device. Upon first login, you’ll be prompted with a login screen.
The default users as configured with this mobile application server are:
jdoe / password
bsmith / password
Login successful you can see as follow:
So, we have completed the Android development installation. In next post i will show how to check your application mobile is secure of not with our installed environment.