ANDROID PENTESTING SERIES PART 7 : Static Application Analysis

by Posted on

In static application analysis the application is analyzed by looking its source code and resources for vulnerabilities, sensitive data leaks like api key, hardcoded passwords, api endpoints etc. To perform static analysis we first have to decompile the app or we can also use GUI decompilers like JD-gui etc. Now before decompiling the file first we have to download them. Either you can download apps from third party sites like apkmirror.com, apkpure.com or you can install app on android emulator via playstore and then extract the apk file via adb. But first look at some basic adb commands which we are frequently going to use.

Basic ADB Commands

List all the devices

adb devices

Connect to a device

adb connect host_ip:port

If only one device is up then no need to connect (connected by default).

Install apps on a device

adb instll file.apk

List all the installed app

adb list packages

Getting a shell on device 

adb shell

Executing a command without getting shell on device 

adb shell COMMAND_NAME

List all the installed app

adb shell pm list packages

uninstall a package/app 

adb shell pm uninstall app_package_name

Push data to a device/emulator

adb push file.apk /sdcard

Pull data from device/emulator 

adb pull /sdcard file.apk

For ADB Package manager commands Look at here, and for Activity manager commands look at here.

Extracting apk file from android Device

For example lets look at the below example of extracting an app from Genymotion emulator. Suppose we are running an app.

Steps :

  1. First we have to get the full package name of the app to extract its apk file. launch the app on device/emulator

2. Start an adb shell with adb shell command on emulator/device

3. Now get the app name by running below command

dumpsys activity activities | grep mFocusedActivity

The output looks something like this 

mFocusedActivity: ActivityRecord{ac11c57 u0 com.elancier.talkmate/.BottomNavigationLight t22}

4. Name is something like com.elancier.talkmate. Now run pm path command to get the full path of application

pm path com.elancier.talkmate

package:/data/app/com.elancier.talkmate-1/base.apk

now exit from shell and copy the app file using adb pull command

adb pull /data/app/com.elancier.talkmate-1/base.apk

Decompiling apk

Some important tools to decompile/reverse-engineer apk files are

apktool

Used to decompile/recompile the apk files.

  • Decompiling apk file 
apktool d base.apk

define outout directory 

apktool d base.apk -o myapp
  • Recompiling decoded resources back to binary APK
apktool b my_decompiled_app_ddir

Now lets see an example 

$ apktool d base.apk -o talknew

I: Using Apktool 2.6.0 on base.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: C:\Users\bbot\AppData\Local\apktool\framework\1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Baksmaling classes2.dex...
I: Baksmaling classes3.dex...
I: Baksmaling assets/audience_network.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
I: Copying META-INF/services directory

The decompiled file structure

There are also folder named smali.

GDA

GDA is gui tool

Bytecode-Viewer

Jadx

Published by Admin

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.