Estimated difficulty: 💜💜💜🤍🤍 Why Android Attack? Because it sounds like Art Attack and it reminds me of my childhood. Much like the arty thing I used to do back then, in my mind, reversing Android malware is also similar to an art form. Yes things are more “black and white”; Continue Reading
Android Attack: Intro to Frida
Estimated difficulty: 💜💜💜🤍🤍 What is Frida? Frida is a potent tool used by reverse engineers to perform several different tasks. It is open source and once downloaded includes an extensive tool suite. These tools are: Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. https://frida.re/ For this post, I wanted Continue Reading
Android Attack: JavaScript Interfaces and WebViews
Estimated difficulty: 💜💜🤍🤍🤍 This post will walk you through what a JavaScript interface is and how you might retrieve the Java object from the application into the application WebView using this method. A WebView is pretty much what it says on the tin. Android applications can define a WebView within Continue Reading
Android Attack: Reversing React Native Applications
Estimated difficulty: 💜💜🤍🤍🤍 This post is going to walk you through how to reverse engineer an Android application that is built using React Native. It is more common to see applications being built using this mobile framework, as it supports the development of an app in both Android and iOS Continue Reading
MOBster4: Insecure Authentication
Estimated difficulty: 💜💜💜💜🤍 We are continuing on our quest to conquer the OWASP Mobile Top 10, and if you have been following this series then congratulations, you have made it to M4: Insecure Authentication! This post is going to delve into the world of how mobile apps can use weak Continue Reading
Liability: Insecure Data Storage
Estimated difficulty: 💜💜💜🤍🤍 Oh no, it’s another one from the MOBster series coming to get you! Hide… Run… Read with intrigue! This post is covering, M2: Insecure Data Storage, the second listing from the OWASP Top 10 Mobile Risks list. The last post in the MOBster series covered M1: Improper Continue Reading
What’s that coming over the hill? Is it a MOBster, is it a MOBster!?
Estimated difficulty: 💜💜💜💜🤍 Welcome back to the MOBster series! The last post I published, covered the different aspects of an APK file – otherwise known as an app. This post I want to take some of these principles a step further and look at the possible effects of a misconfigured Continue Reading
What in the APK?!
Estimated difficulty: 💜💜💜🤍🤍 This week I wanted to write the first post of a mini mobile application reverse engineering series! There has been a lot of attention in the news about apps such as TikTok and the COVID-19 NHS track and trace app, where they have been shown to have Continue Reading