Estimated difficulty: 💜💜💜🤍🤍 Why Android Attack? Because it sounds like Art Attack and it reminds me of my childhood. Much like the arty thing I used to do back then, in my mind, reversing Android malware is also similar to an art form. Yes things are more “black and white”; pardon the pun, but there …
Estimated difficulty: 💜💜💜🤍🤍 What is Frida? Frida is a potent tool used by reverse engineers to perform several different tasks. It is open source and once downloaded includes an extensive tool suite. These tools are: Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. https://frida.re/ For this post, I wanted to walk through some basic …
Estimated difficulty: 💜💜🤍🤍🤍 This post will walk you through what a JavaScript interface is and how you might retrieve the Java object from the application into the application WebView using this method. A WebView is pretty much what it says on the tin. Android applications can define a WebView within an Activity class in order …
Read more “Android Attack: JavaScript Interfaces and WebViews”
Estimated difficulty: 💜💜🤍🤍🤍 This post is going to walk you through how to reverse engineer an Android application that is built using React Native. It is more common to see applications being built using this mobile framework, as it supports the development of an app in both Android and iOS platforms. Let’s unpack this further! …
Read more “Android Attack: Reversing React Native Applications”
Estimated difficulty: 💜💜💜💜🤍 We are continuing on our quest to conquer the OWASP Mobile Top 10, and if you have been following this series then congratulations, you have made it to M4: Insecure Authentication! This post is going to delve into the world of how mobile apps can use weak authentication methods and how an …
Estimated difficulty: 💜💜💜🤍🤍 Oh no, it’s another one from the MOBster series coming to get you! Hide… Run… Read with intrigue! This post is covering, M2: Insecure Data Storage, the second listing from the OWASP Top 10 Mobile Risks list. The last post in the MOBster series covered M1: Improper Platform Usage. Insecure data storage …
Estimated difficulty: 💜💜💜💜🤍 Welcome back to the MOBster series! The last post I published, covered the different aspects of an APK file – otherwise known as an app. This post I want to take some of these principles a step further and look at the possible effects of a misconfigured app! Following the guidelines of …
Read more “What’s that coming over the hill? Is it a MOBster, is it a MOBster!?”
Estimated difficulty: 💜💜💜🤍🤍 This week I wanted to write the first post of a mini mobile application reverse engineering series! There has been a lot of attention in the news about apps such as TikTok and the COVID-19 NHS track and trace app, where they have been shown to have certain security flaws. By writing …