Android Pentesting

Mobile Testing

Android testing involves analyzing APK files, bypassing root detection, and inspecting local storage.

Static Analysis

Extract and decompile the APK:

bash

# Download APK from device
adb shell pm list packages | grep target
adb shell pm path com.target.app
adb pull /data/app/com.target.app-1/base.apk

# APK extraction and decompilation
apktool d app.apk -o app_decoded
jadx app.apk -d app_source

Analyze AndroidManifest.xml for exported components, permissions, and debug flags.

Search for sensitive data and insecure configurations:

bash

# Search for sensitive data
grep -r "api_key|password|secret|token" app_source/
grep -r "http://" app_source/  # Insecure connections

# Find hardcoded URLs
grep -rE "https?://[a-zA-Z0-9.-]+" app_source/

# Check for insecure storage
grep -r "MODE_WORLD_READABLE|MODE_WORLD_WRITEABLE" app_source/
grep -r "getSharedPreferences|openFileOutput" app_source/

Dynamic Analysis with Frida

Setup Frida:

bash

# Install Frida
pip install frida-tools

# Push Frida server to device
adb push frida-server /data/local/tmp/
adb shell chmod 755 /data/local/tmp/frida-server
adb shell /data/local/tmp/frida-server &

# List running processes
frida-ps -U

# Attach to app
frida -U -f com.target.app

Root Detection Bypass

Save this as bypass_root.js:

bypass_root.js

javascript

Java.perform(function() {
    var RootCheck = Java.use("com.target.app.security.RootCheck");
    RootCheck.isRooted.implementation = function() {
        console.log("Root check bypassed!");
        return false;
    };
});

Run with Frida:

bash

frida -U -f com.target.app -l bypass_root.js

SSL Pinning & Memory Dumping

Using objection:

bash

# SSL Pinning bypass (using objection)
pip install objection
objection -g com.target.app explore

# Inside objection:
# android sslpinning disable

# Dump application memory
# memory dump all memory_dump/

Android Tools

apktool

Reverse Engineering

Docs

A tool for reverse engineering 3rd party, closed, binary Android apps.

Installation

bash

brew install apktool

jadx

Decompiler

Docs

Dex to Java decompiler. Produces Java source code from Android Dex and Apk files.

Installation

bash

brew install jadx

Drozer

Assessment

Docs

Comprehensive security assessment framework for Android.

Installation

bash

pip install drozer

Genymotion

Emulator

Docs

Android emulator for app testing and presentation.

Installation

bash

# Download from website

Android Pentesting

Static Analysis

Dynamic Analysis with Frida

Root Detection Bypass

SSL Pinning & Memory Dumping

Android Tools

apktool

jadx

Drozer

Genymotion

Related Topics

Mobile Testing

iOS Pentesting

Burp Suite Cheatsheet