bump
This commit is contained in:
parent
bed4ce36cf
commit
1dd476623f
|
@ -1,6 +1,16 @@
|
||||||
# Misc
|
## Android Reverse Engineering
|
||||||
|
|
||||||
* `Dalvik` is the JVM of Android
|
* [HTB's Android Hacking Guide](https://www.hackthebox.com/blog/intro-to-mobile-pentesting)
|
||||||
|
|
||||||
|
## APK Structure
|
||||||
|
|
||||||
|
* `AndroidManifest.xml`, binary XML
|
||||||
|
* `classes.dex`, app code compilation as dex
|
||||||
|
* `resource.arsc`, precompiled resources in XML
|
||||||
|
* `res`, resource dir
|
||||||
|
* `assets` app assets
|
||||||
|
* `lib`, libraries
|
||||||
|
* `META/INF`, contains metadata file `MANIFEST.MF` and signature of the apk.
|
||||||
|
|
||||||
## SMALI
|
## SMALI
|
||||||
|
|
||||||
|
@ -19,7 +29,12 @@ D double
|
||||||
[ array
|
[ array
|
||||||
```
|
```
|
||||||
|
|
||||||
|
# Misc
|
||||||
|
|
||||||
|
* `Dalvik` is the JVM of Android
|
||||||
|
|
||||||
### Registers
|
### Registers
|
||||||
|
|
||||||
* Registers are 32 bits
|
* Registers are 32 bits
|
||||||
* Type long and double use two registers 32+32=64 bits
|
* Type long and double use two registers 32+32=64 bits
|
||||||
* `.registers`, total number of regs in method
|
* `.registers`, total number of regs in method
|
||||||
|
@ -31,17 +46,6 @@ D double
|
||||||
* Normal local register are name v0, v1, v2 ...
|
* Normal local register are name v0, v1, v2 ...
|
||||||
* Parameter register are a second naming on top, e.g.v2 and p0 or v3 and p1 are the same registers.
|
* Parameter register are a second naming on top, e.g.v2 and p0 or v3 and p1 are the same registers.
|
||||||
|
|
||||||
|
|
||||||
## APK Structure
|
|
||||||
|
|
||||||
* `AndroidManifest.xml`, binary XML
|
|
||||||
* `classes.dex`, app code compilation as dex
|
|
||||||
* `resource.arsc`, precompiled resources in XML
|
|
||||||
* `res`, resource dir
|
|
||||||
* `assets` app assets
|
|
||||||
* `lib`, libraries
|
|
||||||
* `META/INF`, contains metadata file `MANIFEST.MF` and signature of the apk.
|
|
||||||
|
|
||||||
## Tools
|
## Tools
|
||||||
|
|
||||||
* `jadx -d <outdir> <apk or dex>` as a decompiler
|
* `jadx -d <outdir> <apk or dex>` as a decompiler
|
||||||
|
|
|
@ -2,21 +2,50 @@
|
||||||
|
|
||||||
## Tools
|
## Tools
|
||||||
|
|
||||||
|
#### Extraction
|
||||||
|
|
||||||
* binwalk
|
* binwalk
|
||||||
* unlzma
|
* unlzma
|
||||||
* tar
|
* tar
|
||||||
|
|
||||||
* [fat](https://github.com/attify/firmware-analysis-toolkit.git)
|
* [fat](https://github.com/attify/firmware-analysis-toolkit.git)
|
||||||
* Create usable environment and start firmware inside it
|
* Create usable environment and start firmware inside it
|
||||||
```sh
|
```sh
|
||||||
./fat.py <firmware>
|
./fat.py <firmware>
|
||||||
```
|
```
|
||||||
|
* [Firmware-Mod-Kit](https://github.com/rampageX/firmware-mod-kit.git) contains `extract-firmware.sh`
|
||||||
* [Jefferson](https://github.com/sviehb/jefferson) or AUR package `jefferson-git`
|
* [Jefferson](https://github.com/sviehb/jefferson) or AUR package `jefferson-git`
|
||||||
* Squashfs
|
* [squashfs-tools](https://github.com/plougher/squashfs-tools)
|
||||||
|
* [squashfs-tools-ng](https://github.com/AgentD/squashfs-tools-ng.git)
|
||||||
|
|
||||||
|
|
||||||
|
### Dynamic Analysis
|
||||||
|
|
||||||
|
gdb (remote debugging feature) and qemu.
|
||||||
|
|
||||||
|
### Enumeration
|
||||||
|
|
||||||
|
* [Firmwalker](https://github.com/craigz28/firmwalker.git)
|
||||||
|
* An image may contain files like
|
||||||
|
* Usernames and Passwords
|
||||||
|
* __Keys__ and __Paraphrase__ for gpg keys. Import them
|
||||||
|
```sh
|
||||||
|
grep -ir -E "key|paraphrase"
|
||||||
|
```
|
||||||
|
* URLS
|
||||||
|
* Email Addresses
|
||||||
|
|
||||||
## Usage
|
|
||||||
|
|
||||||
* Check image via `strings`
|
* Check image via `strings`
|
||||||
* Check CRC via `cksum -a crc <image>`
|
* Check CRC via `cksum -a crc <image>`
|
||||||
|
|
||||||
|
### Binwalk
|
||||||
|
|
||||||
|
Use the following for file entropy check. If the image is encrypted it will be stated as "rising entropy edge".
|
||||||
|
```sh
|
||||||
|
binwalk -E -N <firmware>
|
||||||
|
```
|
||||||
|
|
||||||
* Use `binwalk` to extract. There are to methods
|
* Use `binwalk` to extract. There are to methods
|
||||||
* `-e` extract by offset
|
* `-e` extract by offset
|
||||||
* `--dd=".*"` by file extension
|
* `--dd=".*"` by file extension
|
||||||
|
|
Loading…
Reference in New Issue