Security in general, and Android security in particular is a topic of interest to me so Frida is a tool that’s caught my attention. To learn more about it’s capabilities and how to use it, I’m solving various reverse engineering challenges using Frida and writing about it on this blog.
If you don’t have any experience with Frida I suggest that you start with the first post (Installing Frida), and continue from there.
Being able to intercept https traffic can often be useful when analyzing applications. Some apps are however using certificate pinning as a defense-in-depth strategy which makes this more difficult. In this article I’m going to show how you can bypass the certificate pinning using Frida. To follow along you need to have Frida installed, if you don’t have it installed, please start by reading Installing Frida.
While going through the Awesome Android security git repository I found an old HackerOne CTF called H1-702 2018 which contained a few mobile challenges. The second challenge is somewhat Frida friendly, so I decided to give it a try.
Someone shared the Awesome-Android-Security repository on Twitter recently and I’ve started looking at some of the resources there. One thing that caught my attention was the FridaLab which is a beginner friendly Frida intro. It consists of eight challenges meant to be used to practice your Frida skills. The first ones are very easy, but it gets a bit more difficult toward the end, but all in all it’s a good introduction resource.
In the article Sniffing https traffic on Android 11 I described how you can intercept https traffic on Android. This is often very convenient, but sometimes you need to go deeper and look at the raw network packets. If TLS is used things get complicated, so in this article I’m going to explain how to intercept generic TLS traffic that goes to and from an Android device.
Last time we started with the hpAndro Vulnerable Application CTF and solved several different challenges. Now it’s time to take on another batch of challenges. Like last time I’ve been working on these challenges using several different versions of the app, so my code might not work with the latest version.
hpAndro Vulnerable Application is an Android CTF with a lot of challenges (100 at the time of writing) and new challenges are added every now and then. The challenges are based on the OWASP Mobile Security Testing Guide and there are many different types of challenges available. I’ve solved all the challenges and in this and the next two blog posts (part 2, part 3), I’m going to write about the ones I used Frida to solve.
Being able to intercept, inspect and modify https traffic between an app and a server can be very useful. In this post I’m going to describe how you can do this with Burp Suite and the Android Studio Emulator running any Android version from 4 until 11 which is the latest version at the time of writing.
This time it’s time to tackle the DEFCON Quals 2019 Veryandroidoso challenge. It’s a reverse engineering challenge with one flag that you’re supposed to find. It’s a bit different from the challenges I’ve done earlier with more focus on reversing the algorithm rather than just finding the right place to pick up the secret from.
While writing my previous post about CyberTruckChallenge19 I noticed that it’s possible intercept individual instructions in native code in addition to just functions. With this new knowledge I decided take on the third part of the CyberTruck challenge one more time.
The CyberTruckChallenge19 is an Android Crackme / CTF with a couple of challenges intended to be solved using Frida which I’m taking doing in this post.
Hacker101 is a free class for web security with many different CTF challenges. A couple of these are Android challenges and I’m going to tackle the Oauthbreaker challenge here. This challenge have two flags. There is no need to use Frida to find the first flag, but for the second flag Frida comes in handy, so that’s what I’ll be focusing on.
EVABS is an “Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners”. It has 12 different challenges of varying difficulties and the last one is intended to be solved with Frida, so that’s what I’m going to do in this post.
With level 1 and level 2 of the OWASP MSTG UnCrackable App for Android under our belt it’s time to take a stab at level 3. They call it “The crackme from hell!” and it is indeed significantly more difficult than the previous two.
The first thing we need to do is to install the Frida CLI tools, which is is fairly straight forward. Basically you need to have python installed, then you just run
pip install frida-toolsand you’re done.
subscribe via RSS