whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

bump

This commit is contained in:
Stefan Etringer 2022-12-22 15:25:05 +01:00
parent bed4ce36cf
commit 1dd476623f
2 changed files with 48 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
Reverse Engineering/Android.md
View File

@ -1,6 +1,16 @@
# Misc ## Android Reverse Engineering
* `Dalvik` is the JVM of Android * [HTB's Android Hacking Guide](https://www.hackthebox.com/blog/intro-to-mobile-pentesting)
## APK Structure
* `AndroidManifest.xml`, binary XML
* `classes.dex`, app code compilation as dex
* `resource.arsc`, precompiled resources in XML
* `res`, resource dir
* `assets` app assets
* `lib`, libraries
* `META/INF`, contains metadata file `MANIFEST.MF` and signature of the apk.
## SMALI ## SMALI
@ -19,7 +29,12 @@ D double
[ array [ array
``` ```
# Misc
* `Dalvik` is the JVM of Android
### Registers ### Registers
* Registers are 32 bits * Registers are 32 bits
* Type long and double use two registers 32+32=64 bits * Type long and double use two registers 32+32=64 bits
* `.registers`, total number of regs in method * `.registers`, total number of regs in method
@ -31,17 +46,6 @@ D double
* Normal local register are name v0, v1, v2 ... * Normal local register are name v0, v1, v2 ...
* Parameter register are a second naming on top, e.g.v2 and p0 or v3 and p1 are the same registers. * Parameter register are a second naming on top, e.g.v2 and p0 or v3 and p1 are the same registers.
## APK Structure
* `AndroidManifest.xml`, binary XML
* `classes.dex`, app code compilation as dex
* `resource.arsc`, precompiled resources in XML
* `res`, resource dir
* `assets` app assets
* `lib`, libraries
* `META/INF`, contains metadata file `MANIFEST.MF` and signature of the apk.
## Tools ## Tools
* `jadx -d <outdir> <apk or dex>` as a decompiler * `jadx -d <outdir> <apk or dex>` as a decompiler

33
Reverse Engineering/Firmware.md
View File

@ -2,21 +2,50 @@
## Tools ## Tools
#### Extraction
* binwalk * binwalk
* unlzma * unlzma
* tar * tar
* [fat](https://github.com/attify/firmware-analysis-toolkit.git) * [fat](https://github.com/attify/firmware-analysis-toolkit.git)
* Create usable environment and start firmware inside it * Create usable environment and start firmware inside it
```sh ```sh
./fat.py <firmware> ./fat.py <firmware>
``` ```
* [Firmware-Mod-Kit](https://github.com/rampageX/firmware-mod-kit.git) contains `extract-firmware.sh`
* [Jefferson](https://github.com/sviehb/jefferson) or AUR package `jefferson-git` * [Jefferson](https://github.com/sviehb/jefferson) or AUR package `jefferson-git`
* Squashfs * [squashfs-tools](https://github.com/plougher/squashfs-tools)
* [squashfs-tools-ng](https://github.com/AgentD/squashfs-tools-ng.git)
### Dynamic Analysis
gdb (remote debugging feature) and qemu.
### Enumeration
* [Firmwalker](https://github.com/craigz28/firmwalker.git)
* An image may contain files like
* Usernames and Passwords
* __Keys__ and __Paraphrase__ for gpg keys. Import them
```sh
grep -ir -E "key|paraphrase"
```
* URLS
* Email Addresses
## Usage
* Check image via `strings` * Check image via `strings`
* Check CRC via `cksum -a crc <image>` * Check CRC via `cksum -a crc <image>`
### Binwalk
Use the following for file entropy check. If the image is encrypted it will be stated as "rising entropy edge".
```sh
binwalk -E -N <firmware>
```
* Use `binwalk` to extract. There are to methods * Use `binwalk` to extract. There are to methods
* `-e` extract by offset * `-e` extract by offset
* `--dd=".*"` by file extension * `--dd=".*"` by file extension