Reverse engineering aps Flashcards
(20 cards)
What command is used to find APK files?
$ find . -name “*.apk”
What is the output of the command ‘file ./app/build/outputs/apk/debug/app-debug.apk’?
./app/build/outputs/apk/debug/app-debug.apk: Zip archive data
What command is used to unzip an APK file?
$ unzip app-debug.apk
What is the file type of AndroidManifest.xml?
AndroidManifest.xml: Android binary XML
What tool is recommended for reverse engineering APKs?
https://apktool.org/
What command is used to decode an APK with Apktool?
$ apktool d ../app/build/outputs/apk/debug/app-debug.apk
What is the output of the command ‘file app-debug/AndroidManifest.xml’?
app-debug/AndroidManifest.xml: XML 1.0 document text
How can you find your classes in an APK?
$ find . -name “MainActivity*”
What does the command ‘invoke-direct {v1, p0}’ do?
It calls the constructor of a class.
How can you obtain APKs for real apps?
Download from app store, e.g. via Chrome extension ‘APK Downloader’.
What is a safer way to install APKs?
Install on phone/emulator, use adb.
What command lists packages on an Android device?
adb shell pm list packages
How do you download an APK from your phone?
Use the command: adb pull /data/app/com.example.app.apk
What is the implication of apps from the same producer communicating?
They could potentially collude.
Why capture network traffic from an app?
To see what an app is doing or to recreate functionality.
What is a problem with capturing network traffic?
TLS encryption makes it difficult.
What tools can be used for capturing TLS encrypted traffic?
Wireshark & mitmproxy
What is a man-in-the-middle attack?
It involves intercepting and decrypting traffic between two parties.
What is a countermeasure against man-in-the-middle attacks?
Certificate pinning.
What is required for the phone to trust a proxy’s certificate?
The phone needs to trust the certificate authority (CA).
