Try Hack Me — Mobile Application Penetration Testing — Android Hacking 101

https://tryhackme.com/room/androidhacking101

Task 1 Introduction

Read Only Task !!

Task 2 Setup the environment

Read Only Task !!

Task 3 Methodology

Read Only Task !!

Task 4 Information Gathering

Answer the questions below

Q 1. What is the package name of the Black Hat Europe?

Ans. com.swapcard.apps.android.blackhat

Task 5 Reversing

Answer the questions below

Q 1. Tool for convert dex file to smali code?

Ans. d2j-dex2smali

Q 2 . Which is the option for build apps with apktool?

Ans. b

Q 3. What is the apk path of Black Hat Europe?

Ans. /data/app/com.swapcard.apps.android.blackhat=/base.apk

Solution: — Install Black hat Europe application in simulator

(If don’t want to sign in in playstore, we can download apk from below link)

Download Black Hat Europe Apk file (12.94Mb) 4.18.0-1, com.swapcard.apps.android.blackhat.apk

C:\platform-tools> .\adb install “C:\Users\Deepak Kushwah\Downloads\com.swapcard.apps.android.blackhat.apk”

.\adb shell pm path com.swapcard.apps.android.blackhat

Q 4. Command for extract apk of Back Hat Europe?

Note: command and path

Ans. adb pull /data/app/com.swapcard.apps.android.blackhat=/base.apk

Task 6 Static analysis

Answer the questions below

Q 1. What is the name of the firebase instance in the app Black Hat Europe?

Ans. swapcard-android-app-2014

Q 2. Android-InsecureBankv2 debug realease, check this and what activity is not Protected.

Ans. com.android.insecurebankv2.ChangePassword

Using MobSF

Q 3. what is the malicious permissions in the app Android-InsecureBankv2?

Ans. android.permission.SEND_SMS

Task 7 Static analysis — Complications

Read Only Task !!

Task 8 Dynamic Analysis

Read Only Task !!

Task 9 Dynamic Analysis — Complications

Read Only Task !!

Task 10 Bypass — Complications in Dynamic Analysis

Read Only Task !!

Task 11 Final

Read Only Task !!