apk reverse

• https://medium.com/dwarsoft/how-to-reverse-engineer-an-android-application-in-3-easy-steps-dwarsoft-mobile-880d268bdc90
• https://book.hacktricks.xyz/mobile-apps-pentesting/android-app-pentesting
• https://www.heise.de/ratgeber/IT-Sicherheit-Reverse-Engineering-von-Android-Apps-4994208.html?seite=all

apktool d a.apk

oder:

mv a.apk a.zip
unzip a.zip
d2j-dex2jar classes.dex
jd-gui #<--open classes-dex2jar.jar

• https://stackoverflow.com/a/62553537
• https://book.hacktricks.xyz/mobile-apps-pentesting/android-app-pentesting/react-native-application

• anbox
• https://www.genymotion.com/

• https://github.com/anbox/anbox/issues/123
• https://github.com/anbox/anbox/issues/211#issuecomment-298505634
• https://www.linuxquestions.org/questions/linux-software-2/anbox-fails-to-start-sparky-linux-rolling-4175695181/
• https://docs.anbox.io/userguide/install.html

sudo apt install anbox adb
sudo modprobe binder_linux
sudo modprobe ashmem_linux
sudo wget https://build.anbox.io/android-images/2018/07/19/android_amd64.img -O /var/lib/anbox/android.img
 
#start sessionmanager
anbox launch --package=org.anbox.appmgr --component=org.anbox.appmgr.AppViewActivity
 
adb devices
adb install a.apk

.ab files: –> https://android.stackexchange.com/a/73052

$ adb backup -f net.mx17.overridedns.ab -noapk net.mx17.overridedns
Now unlock your device and confirm the backup operation.
 
extract the compressed data
 
$ dd if=net.mx17.overridedns.ab bs=1 skip=24 > compressed-data
1285+0 records in
1285+0 records out
1285 bytes (1,3 kB) copied, 0,00745877 s, 172 kB/s
 
decompress the compressed data
 
$ printf "\x1f\x8b\x08\x00\x00\x00\x00\x00" \
    | cat - compressed-data | gunzip -c > decompressed-data.tar
gzip: stdin: unexpected end of file
 
"untar" the tar file
 
$ tar xf decompressed-data.tar

• https://phire.cc/Setup-Android-HTTPS-Proxy-using-mitmproxy-on-Linux.html
• https://quickref.me/mitmproxy
• https://github.com/rachmadaniHaryono/mitmproxy-image

#https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android/
cd ~/.mitmproxy/
hashed_name=`openssl x509 -inform PEM -subject_hash_old -in mitmproxy-ca-cert.cer | head -1` && cp mitmproxy-ca-cert.cer $hashed_name.0
adb devices                                                                                                                                                                             
* daemon not running; starting now at tcp:5037
* daemon started successfully
List of devices attached
6c0597d8        unauthorized

adb devices                                                                                                                                                                       List of devices attached
6c0597d8        device

copy c8750f0d.0 to /system/etc/security/cacerts/ with explorer
-->reboot

• pcapdroid –>

• ./mitmweb --mode socks5 --listen-port 8050

adb push <file> <target-dir>
adb install <apk-file>
adb devices
adb connect <ip>
adb shell
adb uninstall <app name.apk>
adb logcat
adb pull /sdcard/<file name><file location path>
adb reboot

#set proxy
adb shell settings put global http_proxy <ip>:<port>

#unset proxy
adb shell settings put global http_proxy :0 

• https://v0x.nl/articles/bypass-ssl-pinning-android
• https://medium.com/@pranavggang/ssl-pinning-bypass-with-frida-framework-6fb71ca43e33
• https://httptoolkit.tech/blog/frida-certificate-pinning/
• https://github.com/httptoolkit/frida-android-unpinning
• https://www.stevencampbell.info/Android-Testing-Cheatsheet/

ls
c8750f0d.0  frida-android-repinning_sa-1.js  frida-server-15.1.17-android-x86     mitmproxy-7.0.4-linux
f50b0909.0  frida-script.js                  frida-server-15.1.17-android-x86_64
                                                                                                                                                            
adb root                                                 
adb push frida-server-15.1.17-android-x86 /data/local/tmp/frida-server
adb shell "chmod 755 /data/local/tmp/frida-server"
adb shell "/data/local/tmp/frida-server --listen 0.0.0.0 &"

adb shell settings put global http_proxy 192.168.10.14:8080
~/.local/bin/frida -U -f net.ajcloud.wansviewplus -l frida-script.js --no-pause