GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → darvincisec → VirtualDynamicAnalysis

darvincisec / VirtualDynamicAnalysis

Licence: other
A basic android pentest environment to instrument apps without root or repackaging an app

Programming Languages

java
68154 projects - #9 most used programming language
c
50402 projects - #5 most used programming language
C++
36643 projects - #6 most used programming language
kotlin
9241 projects
Makefile
30231 projects
assembly
5116 projects

VirtualDynamicAnalysis

PoC app to demonstrate how to perform dynamic analysis on apps installed inside a cloning app without root or repackaging the application. This app is based on VirtualApp Changes required to use Virtual App in 9.0 is cloned from VirtualAppEx

License and Warning

Since this app is derived from Virtual app. Please refer to VirtualApp's declaration.

Demo

Attacking Popular apps with fake security provider

Google Authenticator

Google Authenticator depends on the default Security Provider. By executing it inside the cloning app OTP seed used in HMAC operation can be fetched from the logcat

GoogleAuthenticator

Microsoft Authenticator

The same case with Microsoft Authenticator

GoogleAuthenticator

Attacking Android Keystore

This is to demonstrate how a Fake Biometric Authentication App installed alongside a benign Biometric Authentication app inside cloning app can make use of the AES Key generated inside Android Keystore to decrypt a secret message

Demo

Debugging a playstore application

This is to demonstrate any guest app can be made debuggable if the host app is debuggable

Demo

Blog

For more details please visit my blog Part 1 blog Part 2

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].