Author: <span class="vcard">elcapitan</span>

Androguard usage

Androguard is a python tool for analyzing Android applications. It can decompile and analyze APK files.   Install Androguard Androguard is written in python 2.7. The first step in installing Androguard is determining the path to python 2.7 and creating a virtual environment. The virtual environment is a container and has its own installation directories…


How to debug an iOS application with Appmon and LLDB

How to install Appmon here. LLDB reference can be found here. More on ASLR and debugging with LLDB here.   If we install Appmon, then we have an LLDB window, where we can debug the IOS application. Debugging is one way to examine/manipulate an application. The best way to debug the application is to load it…


OWASP Uncrackable – Android Level3

This is the solution of the OWASP Uncrackable Android Level3. The binary can be found under https://github.com/OWASP/owasp-mstg/tree/master/Crackmes. In my previous post I detailed: how to patch an apk file with apktool how to patch a binary with IdaPro how to debug an android binary with gdb I will not detail these steps here. This challenge…


OWASP Uncrackable – Android Level2

This is the solution of the OWASP Uncrackable Android Level2. The binary can be found under https://github.com/OWASP/owasp-mstg/tree/master/Crackmes.   I started the analysis with loading the apk file into Jadx-GUI. I opened the MainActivity first. The system loads a native library called foo. The native function init is called in the onInit of the MainActivity. The…


How to install Appmon and Frida on a Mac

Appmon is a framework which makes it easier to deploy iOS application with frida. It inserts a Frida gadget dylib into the iOS application, resigns it and install it onto a connected device. I found it helpful, because it is not necessary to use a jailbroken device for mobile application testing. However the installation is…


OWASP Uncrackable – Android Level1

This is the solution of the OWASP Uncrackable Android Level1. The binary can be found under https://github.com/OWASP/owasp-mstg/tree/master/Crackmes.   I started the analysis with loading the apk file into Jadx-GUI. I opened the MainActivity first. This is a very simple application. The onCreate contains two checks. The first one tests if the device is rooted, the…


Offensive IoT Exploitation Exam – Remote debugging with MIPS Creator Ci40

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   In this post I will show how I debugged an application with gdb remotely. The application can be debugged on the IoT device. In this case the gdb should be installed…


Offensive IoT Exploitation Exam – Replay attack with HackRF

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   In this post I show you how I used the HackRF to capture a remote controller signal of a smart plug and used the captured signal for a replay attack. Replay…


Offensive IoT Exploitation Exam – JTAG on MIPS Creator Ci40

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   In this post I will show how I connected to the MIPS Creator Ci40 with Bus Blaster V3c via JTAG. The MIPS Creator Ci40 board has a MIPS EJTAG interface. I…


Offensive IoT Exploitation Exam – Determine JTAG pinout with Arduino

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   The most interesting part of the Offensive IoT Exploitation course was the JTAG part. I did not have any device with JTAG capabilities, so I bought a MIPS Creator Ci40 IoT…