OWASP ZAP Proxy with Android on Genymotion

It can be fun to reverse engineer some android applications. I think it’s better to do this on your workstation instead of your phone because it’s way more flexible and you don’t ruin your phone when you break things 😉

In my case, I use Debian 11. But of course, you can do this with any OS.

Requirements

  • An app you want to debug
  • OWASP ZAP Proxy
  • Genymotion
  • NPM
  • APK Export (Android App)

OWASP ZAP Proxy

I use the snap package for ZAP because it’s easy to install and you’ve always the latest version.

$ sudo snap install zaproxy --classic

Start ZAP and export the dynamic certificate (tools > options)

Dynamic SSL Certificate
  • Click on the save button an place the file somewhere on your disk.

You can check if the OWASP ZAP is running with:

$ netstat -tulpen | grep 8080
tcp6       0      0 127.0.0.1:8080          :::*                    LISTEN      1000       89190      14016/java    

Genymotion

Now the proxy is in place it’s time to install genymotion for the android emulation. First install virtualbox.

Install virtualbox APT keys

$ wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
$ wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -

Edit the /etc/apt/sources file and add this line:

deb [arch=amd64] https://download.virtualbox.org/virtualbox/debian bullseye contrib

Update the repo and install virtualbox

$ sudo apt-get update
$ sudo apt-get install virtualbox-6.1
  • Now go the the genymotion website and download the latest bin file
Download Genymotion
  • Make the file executable and run the installer
$ chmod +x genymotion-3.2.1-linux_x64.bin 
$ ./genymotion-3.2.1-linux_x64.bin
  • Follow the wizards, create an genymotion account and create a new virtual device. In my example I used a google Pixel 3 with Android 10.
Overview virtual devices

Now it’s time to configure the proxy within the android device!

Configure proxy in Android

Start the created virtual genymotion android device and copy the certificate file we create earlier with a simple drag and drop.

drag & drop the certificate file
Succesfull copy
  • Now we can can configure the proxy in the wifi settings.
  • Go to settings > search for certificate and install the certificate.
settings > find >certificates
Import the certificate

Edit the wifi connection, add the proxy and restart the wifi.

  • Edit the Wifi
  • Go to the advance options
  • Set the proxy to Manual
  • The IP is always: 10.0.3.2 This is the “localhost” setting for the genymotion host server
  • Port 8080
Genymotion Proxy Settings

When you (re)connect the the wifi you have the accept the proxy error (but this is a good thing).

Sign in the the wifi
Accept the warning

Now you will see all the traffic. But only the traffic for the apps who respect the android HTTP_PROXY settings. So this is what you can do when an app don’t respect this setting:

Rebuild the APK with APK-MITM

Now everything is in place. So the last thing we need to do is rebuild the APK file so we can proxing all the network traffic. So:

  • First export the APK file trough the APK Export
  • Place the APK somewhere on your disk
  • Install npm (at least version 14)
$ curl -sL https://deb.nodesource.com/setup_14.x | sudo bash -
$ sudo apt-get install nodejs npm
  • Install java
$ sudo apt install openjdk-17-jre openjdk-17-jdk 
  • And rebuild the APK
$ npx apk-mitm SomeAppName.apk 
Some nice MITM patching

And here we go!

Everything is in place now. So the only thing you have to do is drag & drop the *-patched.apk file to genymotion, install this file and you are fully in control 🙂

ZAP Proxy with MITM Apk

Happy hacking!

HTC One “Un-Brick” steps

Steps to take if you have an bootloop after a wrong ROM update

Requirements:

  1. First off all your device must be unlocked
  2. HTC Sync manager (install it)@ http://www.htc.com/www/software/htc-sync-manager/
  3. MiniSDK (extract to C:\mini-sdk)
  4. Download recovery image and place the file in C:\mini-sdk\ @ http://clockworkmod.com/rommanager
  5. New ROM and place the zip in C:\mini-sdk
  • Shutdown your phone to hold it in direct light and hold down the power button
  • When the power is off hold down volume and press the power button
  • Select fastboot
  • Connect the device with your pc
  • start cmd.exe

cd c:\mini-sdk
fastboot flash recovery recovery-clockwork-6.0.3.1-m7.img

  • select recovery on your phone and recovery-clockwork will start
  • in clockwork recovery “activate ADB siteload”
  • Now give this command from your pc


adb sideload Android_Revolution_HD-One_31.6.zip

  • Follow the wizard on screen

Android Troubleshoot Battery Drain Problem

Today my mother calls me that she had some battery drain issue’s on her HTC Desire Android phone. Because she had an older stock ROM not all battery and cpu options where available. After some phone troubleshooting I found the cause.

  • First go the the android marked and download the app: Quick System Info Pro.
  • Start the app scroll down a little and press battery
  • The press Battery History
  • Press Other Usage  and press CPU usage
  • Now you can see the program who sucks the live of your battery

My mother her phone was AKMD at the top of her list (34%). After a quick google search this was her phone “G-Sensor”. I kill the rotate function and then the problem was fixed by a nasty workaround 😉

Cyanogenmod 7 move all applications to sd card without data loss

I have an HTC Desire phone. I like the phone but there is one big problem; the NAND (internal storage) is way to small. I installed a lot of ROM’s but the last time I install Cyanogenmod 7.1 with the “Launcher 7” and I did a lot of customization I don’t want to reinstall my phone.

There is an crappy android workaround to move some of your apps to the SD card but when you connect/mount your phone to your pc you cannot start these apps and if you disconnect some of the settings are ruined.

So I searched the internet and read a lot of articles to find the best method to repartition my SD card and move the application and dalvik cache to my SD card. So I wrote this tutorial so you can move all the apps to your phone without any data loss also.

What do you need:

  1. Cyanogenmod 7
  2. S2E (free on the android marked)
  3. App 2 SD free (android marked)
  4. Linux operating system with Gparted or Gparted live CD

The steps

  1. Shutdown the phone and put out your SD card
  2. Make a backup of your SD card
  3. Run GParted and make a primary FAT32 partiton and 1 GB (or more) EXT3 partition. Because I have an 16GB SD card I make a 2GB EXT3 partition. You can check a Gparted youtube tutorial here: http://www.youtube.com/watch?v=6z1Tu9l8WNc
  4. Now copy your backup back to the SD card and place the SD in to the phone
  5. Start the phone and start S2E
  6. Select Applications, Dalvik cache and Download cache
  7. Press the menu button and reboot the phone
  8. Have some patience now (5min-10min)
  9. Now start the phone and start apps 2 sd
  10. Press the “On SD Card” tab, press menu and press move all apps
  11. Now press on the move to phone button for every app you haved placed to the SD card.

Because  you have place the /data/app folder to the EXT3 partition (/sd-ext/app) you do not move the app to your phone but to your EXT3 partition 🙂

If this article helps you, please leave a comment below 🙂

Easiest way for custom on ROM Samsung Galaxy S

The Samsung Galaxy S default (aka stock) ROM has a good ROM but after some time the ROM become slower and slower. I will describe the steps for rooting the phone, backup the phone and install a nice cutom ROM.

I rooted a stock phone with android 2.3.3. Older versions can use this tutorial also. Newer versions maybe work.

I am not responsible when you brick your phone with this steps.

  1. Turn on USB debugging mode on your phone (settings > programs > enable usb debugging)
  2. Download and install the samsung galaxy s drivers
  3. Download SuperOneClick and extract it (e.g. c:\android\root\)
  4. Start SuperOneClick and press update
  5. Now click root. SuperOneClick then must download an exploit to root your phone
  6. After the software download the exploit close SuperOneClick
  7. Go to the extracted directory e.g. c:\android\root\devices\samsung\common\ and start odin.exe
  8. All the default settings are fine. Click on PDA then select c:\android\root\devices\samsung\gti9000\CF-Root-XW_NEE_JVH-v3.2-CWM3RFS.tar
  9. Start flashing

ok your phone is rooted now 🙂 Now we want to backup the phone to SD so we can always back to stock settings

  1. In your apps list there is a new program CWM recovery start these
  2. Now make a full backup
  3. After you have the full backup make a backup of all your contacts, sms, etc and download MyBackup root at the marked (free) and make a backup of everything you want.

ok youre phone is rooted and we have a backup. Now we can install the ROM

  1. Download a nice and stable ROM like Darky ROM 10.2 and put this file on the root of your SD card
  2. Go to the market and download DarkyROM Tool
  3. Now start the DarkyROM Tool go to the second tab and select all (important: delete user data must selected otherwise you get a very unstable ROM)
  4. Go to the first tab and select flash rom. Select the file you’ve put on the SD card and flash it
  5. The flashing take a minute of ten. After that the new rom is started and you think you have a new phone 🙂
  6. Now download MyBackup root again and restore your call recordings, sms, phone numbers etc.

Enjoy 🙂

Youtube video for the DarkyROM flash:

DarkyROM video

Manage multiple passwords for different websites

One of the worst things you can do on the internet is use the same password for different websites. When one of the webites is hacked or there is an bad sysadmin they can use your password to login your email or other sites to steal all your private information and worst case scenario your bank account.

Every self respected browser has an built-in password safer but when your computer/laptop is stolen or hacked by a mad person (in dutch we call them klootzakken 😉 ) they can easily steal all your passwords. So don’t use the built-in password safer (or configure a strong master password).

There are two great solutions for managing your passwords. One is a local and one is a cloud solution. I will describe them both so you can choose what is best for you.

KeePass (local):
KeePass is a great tool for managing your passwords. There is an built-in password generator, the passwords saved in one local encrypted file and you must always give up a master key to access the passwords. The tool is crossplatform (using .net/mono) and there are a lot of plugins, example; there is a browser plugin to replace the insecure built-in pass safer. The great thing about this tool is that is is an local tool so only you can access and manage the password files. If you want to share the password file on multiple places you can use dropbox to synchronise/centralise the password files.

LastPass (cloud):
LastPass is also a great tool for managing your password especialy when you use multiple computers and different operating systems. LastPass replaces the default integrated browser password safer with his own. Your password stored localy and in the cloud and are encrypted. Without the master password it is not possible to automatic login or see your password. I like LastPass because tons of options and integration with all the operating systems and smartphones. The default settings are good but I recommend that you change the setting that the LastPass is logoff automaticly when you close the browser.

The only thing you must keep in mind that you password is in sync at LastPass (cloud) so you must trust the company.

Keep in mind
That using multiple random words password (example: “correct battery horse staple”) mostly of the time is better then using complex passwords (“Tr0ub4dor&3”). This picture tells why:

Last but not least
Always
use a BIOS password on a laptop. Most of the thief’s are very dumb people and if they stole you laptop they cannot remove the BIOS password and your laptop is useless for them.

HTC Desire APPS2SD Performance

Because the HTC Desire has a very small NAND I decide to buy a fast Transcend 16GB Class 10 SDHC to run APPS2SD or DATA2SD hacks.

Test tool: SD Card Tester

Old speed (Samsung Micro SDHC Class2 4GB)
Write: 300MB at 2.26MB/s
Read: 301MB at 7.53MB/s

New speed (Transcend Micro SDHC Class10 16GB)
Write: 300MB at 7.46MB/s
Read: 301MB at 9.8MB/s

Nice 🙂

Setup ADB and Fastboot with Android SDK on Mac OSX

[banner]

Download Android SDK (original article @ http://androidtricks.net/setup-adb-and-fastboot-android-sdk-mac-osx-18)

Download and extract Android SDK from http://developer.android.com/sdk/index.html to your desktop

Browse to Tools and double click “android”. It will open up a terminal window and load the SDK.

Install packages

Here go to “Available Packages” and select what you want to download. I selected everything. Wait for the packages to download and install.

Set the Path

Next you need to update the PATH for tools/ and platform-tools/ folder. To do this you need to edit your ~/.bash_profile (create it if you don’t already have one). Add the following two lines

export PATH=${PATH}:/Users/(username)/Desktop/android-sdk/tools
export PATH=${PATH}:/Users/(username)/Desktop/android-sdk/platform-tools

Download Fastboot

Now go to http://developer.htc.com/adp.html scroll to the middle of the page and download Fastboot binary for OSX. Because HTC host no longer the fastboot binary you can download the version on my blog. Unzip it and place it in /tools/

 

Now your all set for ADB and Fastboot

Tnx http://androidtricks.net/ for the article!

To check if your fastboot works you can start your terminal and cd /Users/(username)/Desktop/android-sdk/tools
then run ./fastboot-mac devices

When you some output you are connected. Happy modding!! 🙂

Note: please check the comments for more feedback

[banner]

HTC Restore to stock / factory ROM

If you must sent your phone back to the factory because of your hardware warranty, make sure your phone is running a stock rom. I will tell you how to restore your phone back to stock.

After this tutorial your phone is completly unrooted, s-on and with a HTC stock radio 🙂

Ok, lets started

  1. Make a backup of all your files
  2. Connect your phone to your pc
  3. Pull down the android menu and switch from charging to HTC Sync (on the phone)
  4. With HTC Sync wizard (PC) give your phone some name (if you run HTC Sync for the first time)
  5. Now run the signed exe file your downloaded @ shipped-rom
  6. Follow the wizard to flash the rom

Now your phone is back to stock. Enjoy your warranty 😀