This site is for learning about Android Forensics

Scenario:
Jack and Jill are friends who trust each other. Jack is using an app in her cellphone which asks for a username and password. Jill wants to surprise Jack with her hacking skills. So, she wants to modify this app in a way that puts the input username and password in the log and send them to a prepared server.

Catch The Flags (CTF) :
The whole process to capture Jack's login credentials is divided into multiple activities each with a challenge to capture flags.

                                                Approximate Time required for all Activities: 2 Hours 30 Minutes

Activity 1

Signing an APK File and downloading 'EMM - Vulnerable App'

Activity 2

Disassembling APK File, Adding Trojan Code and Re-building App

Activity 3

Re-signing modified APK, Sending through Email and Installing

Activity 4

Setting up Server and Monitoring the Device Logs

Activity 5

Setting up Server and Monitoring the Device Logs

Source & Reference

Project 9: Decompiling and Trojaning an Android App with Smali Code