Collection of notes on Android.
Android App Recon
Get certificate information of an app :
unzip -p app.apk META-INF/CERT.RSA | openssl pkcs7 -inform DER -noout -print_certs -text
Android Shell Commands
- Get all packages :
pm list packages
- Get all packages along with apk file path :
pm list packages -f
- Get only the package names :
pm list packages -f | sed -e 's/.*=//' | sed 's/\r//g' | sort
- Get all activities of a package (Source) :
dumpsys package | grep -i "com.package.name" | grep Activity
Viewing .so file content
- List function names:
nm -D --defined-only filename.so
- List function names from dynamic symbol table using
objdump -T filename.so | grep text
- Get full info:
objdump -Dslx filename.so | more
- Get only source code:
objdump -S filename.so | more
If you are on Mac, the default
objdump program may not be very handy. Install
brew install binutils.
SSL Pinning with BKS file: https://medium.com/trendyol-tech/ssl-pinning-in-android-using-public-certificate-and-bks-file-63148aca42b1
Thoughts to myself
It’s a common security practice to recommend SSL Pinning to Android apps. But the real pain is when the SSL certificate expires. The devs will have a really hard time when they have a lot of customers who are reluctant to update the app on their device. If the SSL certificate expires, the app will stop working.
Never think of pinning the whole Let’s Encrypt SSL cert to the app because it expires every 3 months. A developer could have a pinning logic which says the certificate should be signed by Let’s Encrypt. Its not a bad idea, but remember if Let’s Encrypt could be abused to create a SSL certificate, then the app could be compromised by using the cert.