Static Analysis

• unzip the apk
  • it's basically a zip file
• apktool
  • Decompiles the apk
• MOBSF
  • The Nessus of mobile applications
• dex2jar
  • Turn complied code into readable java code
• jd-gui
  • Read the readable java code

Workflow:

• unzip → see what's in there → d2j classes.dex → jd-gui classes-dex2jar.jar → search for hardcoded secrets, code auditing/analysis
• apktool →AndroidManifest.xml → permissions, activities, content provider → grep smali files
• Run MOBSF

Dynamic Analysis

• FRIDA
  • Frida server → Phone
  • Frida client → Laptop
• DROZER
  • https://resources.infosecinstitute.com/topic/android-penetration-tools-walkthrough-series-drozer/
• Runtime Mobile Security (RMS)
• Objection
• Burp Suite

Test Frida and Objection

$ adb push frida.server /data/local/tmp/
$ adb shell
	$ su
	# cd /data/local/tmp/
	# chmod +x frida.server
	# ./frida.server &
$ frida-ps -Uai # to get the package
$ objection --gadget com.androidpentesting.securestore explore # explore with objection
$ frida -U -n "com.androidpentesting.securestore" # don't know why it doesn't work for me