Video Screencast Help
Cyber Readiness and Response
Showing posts tagged with Mobile Security
Showing posts in English
Christopher.Emerson | 24 Jan 2012 | 4 comments

There are times in security engagements when having an application’s source code can make your life infinitely easier.  Fortunately, there are publicly available tools to make this a painless process.

If you you are looking for how to install apps into your environment, take a look here, or check here for a list of all the previous entries in this series.


Convert The Android Application Package File (.apk) File To A Java Archive (.jar)

Remember that copy of the .apk file that our project team gave us (or that we downloaded from the Marketplace)?  You are going to need that.

The Android .apk file is essentially a compressed file, containing the manifest file, certificates, resources, assets and the program code, compiled in the Dalvik Executable (.dex) format.

Converting your target .apk file into a .jar file...

Christopher.Emerson | 17 Jan 2012 | 0 comments

If you were using your Android device for testing, this could be as simple as visiting the Marketplace, searching for your app and pressing Install.  But we already went through the effort of setting up our testing environment, and the Android emulator cannot download apps directly, so we are going to have to jump through a few hoops to get your target application installed.


Obtain The Android Application Package File (.apk)

In most situations, you should simply ask your project contact “Hey, can you please send me the .apk file?”  Do not forget to say please!

If, for whatever reason, that is not an option for you, all hope is not lost.

  1. Download the target application from the marketplace to your physical Android Device...
Christopher.Emerson | 10 Jan 2012 | 1 comment

You now should have a working test environment with all of the primary assessment tools.  Time to create our Android Virtual Device (AVD) and connect it via proxy!

Create an AVD

To start, you will want to run the android file (located in the ‘tools/’ directory).  This will launch the Android SDK and AVD Manager.

  • Linux: $ ./android
  • Windows: C:\>android

            Click on ‘Virtual Devices’ (if it is not already selected) in the menu on the left.

            On the far right, press the “New” button.

            Fill in the data for your new AVD (...

Christopher.Emerson | 03 Jan 2012 | 1 comment

Last time we took a look and setting up our environment for Windows users.  Now let’s take a look at the setup for Ubuntu Linux users.


If you need help installing Ubuntu, there are many useful sites to walk you through the process.  Once your OS is ready, you will need to install Java.  I personally prefer the official JDK from Oracle and I will show you how to install that.  If you choose to use OpenJDK, let me know how that goes for you.

Start by determining what the currently available version of java is:

        $ apt-cache search jdk | grep sun

Next, download and install java via apt-get:

        $ apt-get install sun-java6-jdk sun-java6-jre

Confirm your install has...

Christopher.Emerson | 19 Dec 2011 | 4 comments

Welcome to the exciting world of Android Application Security Assessments.  You are presumably here to learn how to perform vulnerability assessments against Android applications.  If you are looking for tips on growing organic produce, please head one blog over.

Let’s start by setting up our test environment, in this case, a Windows XP system.  The Linux setup will be detailed in the next blog posting. 

Android SDK

Let’s assume you already have Windows XP installed.  You will need to download the Android SDK.  Grab the installer and run it.  During the installation, the Windows installer will check to see if the proper Java SE Development Kit (JDK) is already installed.  If not, it will install it on your behalf.  (Yay!)