bump

2022-12-22 15:25:05 +01:00 · 2022-12-22 15:25:05 +01:00 · 1dd476623f
parent bed4ce36cf
commit 1dd476623f
2 changed files with 48 additions and 15 deletions
--- a/Engineering/Android.md
+++ b/Engineering/Android.md
@ -1,6 +1,16 @@
-# Misc
+## Android Reverse Engineering

-* `Dalvik` is the JVM of Android
+* [HTB's Android Hacking Guide](https://www.hackthebox.com/blog/intro-to-mobile-pentesting)
+
+## APK Structure
+
+* `AndroidManifest.xml`, binary XML
+* `classes.dex`, app code compilation as dex
+* `resource.arsc`, precompiled resources in XML
+* `res`, resource dir 
+* `assets` app assets
+* `lib`, libraries
+* `META/INF`, contains metadata file `MANIFEST.MF` and signature of the apk.

 ## SMALI

@ -19,7 +29,12 @@ D double
 [ array
 ```

+# Misc
+
+* `Dalvik` is the JVM of Android
+
 ### Registers
+
 * Registers are 32 bits
 * Type long and double use two registers 32+32=64 bits
 * `.registers`, total number of regs in method
@ -31,17 +46,6 @@ D double
 * Normal local register are name v0, v1, v2 ...
 * Parameter register are a second naming on top, e.g.v2 and p0 or v3 and p1 are the same registers.

-
-## APK Structure
-
-* `AndroidManifest.xml`, binary XML
-* `classes.dex`, app code compilation as dex
-* `resource.arsc`, precompiled resources in XML
-* `res`, resource dir 
-* `assets` app assets
-* `lib`, libraries
-* `META/INF`, contains metadata file `MANIFEST.MF` and signature of the apk.
-
 ## Tools

 * `jadx -d <outdir> <apk or dex>` as a decompiler
--- a/Engineering/Firmware.md
+++ b/Engineering/Firmware.md
@ -2,21 +2,50 @@

 ## Tools

+#### Extraction
+
 * binwalk
 * unlzma
 * tar
+
 * [fat](https://github.com/attify/firmware-analysis-toolkit.git)
    * Create usable environment and start firmware inside it
    ```sh
    ./fat.py <firmware>
    ```
+* [Firmware-Mod-Kit](https://github.com/rampageX/firmware-mod-kit.git) contains `extract-firmware.sh`
 * [Jefferson](https://github.com/sviehb/jefferson) or AUR package `jefferson-git`
-* Squashfs
+* [squashfs-tools](https://github.com/plougher/squashfs-tools)
+* [squashfs-tools-ng](https://github.com/AgentD/squashfs-tools-ng.git)
+
+
+### Dynamic Analysis
+
+gdb (remote debugging feature) and qemu.
+
+### Enumeration
+
+* [Firmwalker](https://github.com/craigz28/firmwalker.git)
+* An image may contain files like
+    * Usernames and Passwords
+    * __Keys__ and __Paraphrase__ for gpg keys. Import them
+    ```sh
+    grep -ir -E "key|paraphrase"
+    ```
+    * URLS
+    * Email Addresses

-## Usage

 * Check image via `strings`
 * Check CRC via `cksum -a crc <image>`
+
+### Binwalk
+
+Use the following for file entropy check. If the image is encrypted it will be stated as "rising entropy edge".
+```sh
+binwalk -E -N <firmware>
+```
+
 * Use `binwalk` to extract. There are to methods
    * `-e` extract by offset
    * `--dd=".*"` by file extension