It can be fun to reverse engineer some android applications. I think it’s better to do this on your workstation instead of your phone because it’s way more flexible and you don’t ruin your phone when you break things 😉
In my case, I use Debian 11. But of course, you can do this with any OS.
Requirements
An app you want to debug
OWASP ZAP Proxy
Genymotion
NPM
APK Export (Android App)
OWASP ZAP Proxy
I use the snap package for ZAP because it’s easy to install and you’ve always the latest version.
$ sudo snap install zaproxy --classic
Start ZAP and export the dynamic certificate (tools > options)
Click on the save button an place the file somewhere on your disk.
Follow the wizards, create an genymotion account and create a new virtual device. In my example I used a google Pixel 3 with Android 10.
Now it’s time to configure the proxy within the android device!
Configure proxy in Android
Start the created virtual genymotion android device and copy the certificate file we create earlier with a simple drag and drop.
Now we can can configure the proxy in the wifi settings.
Go to settings > search for certificate and install the certificate.
Edit the wifi connection, add the proxy and restart the wifi.
Edit the Wifi
Go to the advance options
Set the proxy to Manual
The IP is always: 10.0.3.2This is the “localhost” setting for the genymotion host server
Port 8080
When you (re)connect the the wifi you have the accept the proxy error (but this is a good thing).
Now you will see all the traffic. But only the traffic for the apps who respect the android HTTP_PROXY settings. So this is what you can do when an app don’t respect this setting:
Rebuild the APK with APK-MITM
Now everything is in place. So the last thing we need to do is rebuild the APK file so we can proxing all the network traffic. So:
Everything is in place now. So the only thing you have to do is drag & drop the *-patched.apk file to genymotion, install this file and you are fully in control 🙂
Today my mother calls me that she had some battery drain issue’s on her HTC Desire Android phone. Because she had an older stock ROM not all battery and cpu options where available. After some phone troubleshooting I found the cause.
Start the app scroll down a little and press battery
The press Battery History
Press Other Usage and press CPU usage
Now you can see the program who sucks the live of your battery
My mother her phone was AKMD at the top of her list (34%). After a quick google search this was her phone “G-Sensor”. I kill the rotate function and then the problem was fixed by a nasty workaround 😉
I have an HTC Desire phone. I like the phone but there is one big problem; the NAND (internal storage) is way to small. I installed a lot of ROM’s but the last time I install Cyanogenmod 7.1 with the “Launcher 7” and I did a lot of customization I don’t want to reinstall my phone.
There is an crappy android workaround to move some of your apps to the SD card but when you connect/mount your phone to your pc you cannot start these apps and if you disconnect some of the settings are ruined.
So I searched the internet and read a lot of articles to find the best method to repartition my SD card and move the application and dalvik cache to my SD card. So I wrote this tutorial so you can move all the apps to your phone without any data loss also.
What do you need:
Cyanogenmod 7
S2E (free on the android marked)
App 2 SD free (android marked)
Linux operating system with Gparted or Gparted live CD
The steps
Shutdown the phone and put out your SD card
Make a backup of your SD card
Run GParted and make a primary FAT32 partiton and 1 GB (or more) EXT3 partition. Because I have an 16GB SD card I make a 2GB EXT3 partition. You can check a Gparted youtube tutorial here:Â http://www.youtube.com/watch?v=6z1Tu9l8WNc
Now copy your backup back to the SD card and place the SD in to the phone
Start the phone and start S2E
Select Applications, Dalvik cache and Download cache
Press the menu button and reboot the phone
Have some patience now (5min-10min)
Now start the phone and start apps 2 sd
Press the “On SD Card” tab, press menu and press move all apps
Now press on the move to phone button for every app you haved placed to the SD card.
Because you have place the /data/app folder to the EXT3 partition (/sd-ext/app) you do not move the app to your phone but to your EXT3 partition 🙂
If this article helps you, please leave a comment below 🙂
The Samsung Galaxy S default (aka stock) ROM has a good ROM but after some time the ROM become slower and slower. I will describe the steps for rooting the phone, backup the phone and install a nice cutom ROM.
I rooted a stock phone with android 2.3.3. Older versions can use this tutorial also. Newer versions maybe work.
I am not responsible when you brick your phone with this steps.
Turn on USB debugging mode on your phone (settings > programs > enable usb debugging)
Download SuperOneClick and extract it (e.g. c:\android\root\)
Start SuperOneClick and press update
Now click root. SuperOneClick then must download an exploit to root your phone
After the software download the exploit close SuperOneClick
Go to the extracted directory e.g. c:\android\root\devices\samsung\common\ and start odin.exe
All the default settings are fine. Click on PDA then select c:\android\root\devices\samsung\gti9000\CF-Root-XW_NEE_JVH-v3.2-CWM3RFS.tar
Start flashing
ok your phone is rooted now 🙂 Now we want to backup the phone to SD so we can always back to stock settings
In your apps list there is a new program CWM recovery start these
Now make a full backup
After you have the full backup make a backup of all your contacts, sms, etc and download MyBackup root at the marked (free) and make a backup of everything you want.
ok youre phone is rooted and we have a backup. Now we can install the ROM
Download a nice and stable ROM like Darky ROM 10.2 and put this file on the root of your SD card
Go to the market and download DarkyROM Tool
Now start the DarkyROM Tool go to the second tab and select all (important: delete user data must selected otherwise you get a very unstable ROM)
Go to the first tab and select flash rom. Select the file you’ve put on the SD card and flash it
The flashing take a minute of ten. After that the new rom is started and you think you have a new phone 🙂
Now download MyBackup root again and restore your call recordings, sms, phone numbers etc.
One of the worst things you can do on the internet is use the same password for different websites. When one of the webites is hacked or there is an bad sysadmin they can use your password to login your email or other sites to steal all your private information and worst case scenario your bank account.
Every self respected browser has an built-in password safer but when your computer/laptop is stolen or hacked by a mad person (in dutch we call them klootzakken 😉 ) they can easily steal all your passwords. So don’t use the built-in password safer (or configure a strong master password).
There are two great solutions for managing your passwords. One is a local and one is a cloud solution. I will describe them both so you can choose what is best for you.
KeePass (local):
KeePass is a great tool for managing your passwords. There is an built-in password generator, the passwords saved in one local encrypted file and you must always give up a master key to access the passwords. The tool is crossplatform (using .net/mono) and there are a lot of plugins, example; there is a browser plugin to replace the insecure built-in pass safer. The great thing about this tool is that is is an local tool so only you can access and manage the password files. If you want to share the password file on multiple places you can use dropbox to synchronise/centralise the password files.
LastPass (cloud): LastPass is also a great tool for managing your password especialy when you use multiple computers and different operating systems. LastPass replaces the default integrated browser password safer with his own. Your password stored localy and in the cloud and are encrypted. Without the master password it is not possible to automatic login or see your password. I like LastPass because tons of options and integration with all the operating systems and smartphones. The default settings are good but I recommend that you change the setting that the LastPass is logoff automaticly when you close the browser.
The only thing you must keep in mind that you password is in sync at LastPass (cloud) so you must trust the company.
Keep in mind
That using multiple random words password (example: “correct battery horse staple”) mostly of the time is better then using complex passwords (“Tr0ub4dor&3”). This picture tells why:
Last but not least
Always use a BIOS password on a laptop. Most of the thief’s are very dumb people and if they stole you laptop they cannot remove the BIOS password and your laptop is useless for them.