Android AppSec
Android AppSec
  • 70
  • 237 481
Runtime Debugging Native Android Shared library (.so) file using IDA Pro
🚩 CTF Link: ctf.hpandro.raviramesh.info
♚ All applications: github.com/RavikumarRamesh/hpAndro1337
🔊 UA-cam Channel: ua-cam.com/users/AndroidAppSec
🟦 Facebook Page: hpAndro1337
🔷Twitter handle: hpandro1337
============================================
how #runtime #debugging a #nativelibrary can help in identifying the application's logic and #bypassing it using #IDA Pro
nsconclave.net-square.com/debugging-android's-native-library.html
By :
0ninaik
ps_doom
Переглядів: 16 258

Відео

Android Studio Emulator (AVD) Rooting with Magisk using rootAVD
Переглядів 52 тис.3 роки тому
🚩 CTF Link: ctf.hpandro.raviramesh.info ♚ All applications :github.com/RavikumarRamesh/hpAndro1337 🔊 UA-cam Channel: ua-cam.com/users/AndroidAppSec 🟦 Facebook Page: hpAndro1337 🔷Twitter handle: hpandro1337 Android Studio #Emulator (#AVD) Rooting with #Magisk using #rootAVD github.com/newbit1/rootAVD forum.xda-developers.com/m/newbit.1350876/ avicoder.me/2021/09/02/Root-...
SSAID or ANDROID_ID validation Bypass using Dalvik bytecode Patch - hpAndro Vulnerable Application
Переглядів 2,2 тис.3 роки тому
🚩 CTF Link: ctf.hpandro.raviramesh.info ♚ All applications on Playstore: play.google.com/store/apps/dev?id=7722940558815307513 ♛ Consolidate challenges app: play.google.com/store/apps/details?id=com.hpandro.androidsecurity 🔊 UA-cam Channel: ua-cam.com/users/AndroidAppSec 🟦 Facebook Page: hpAndro1337 🔷Twitter handle: hpandro1337 #SSAID or #ANDROID_ID validation #Bypass u...
GPS Location Spoofing - hpAndro Vulnerable Application Challenge
Переглядів 5913 роки тому
🚩 CTF Link: ctf.hpandro.raviramesh.info ♚ All applications on Playstore: play.google.com/store/apps/dev?id=7722940558815307513 ♛ Consolidate challenges app: play.google.com/store/apps/details?id=com.hpandro.androidsecurity 🔊 UA-cam Channel: ua-cam.com/users/AndroidAppSec 🟦 Facebook Page: hpAndro1337 🔷Twitter handle: hpandro1337 #GPS Location Spoofing #Location #spoofing...
Hardcoded Secret in Native Library (.so files) - hpAndro Vulnerable Application Challenge
Переглядів 1,1 тис.3 роки тому
🚩 CTF Link : ctf.hpandro.raviramesh.info ♚ All application on Playstore: play.google.com/store/apps/dev?id=7722940558815307513 ♛ Consolidate challenges app: play.google.com/store/apps/details?id=com.hpandro.androidsecurity 🔊 UA-cam Channel: ua-cam.com/users/AndroidAppSec 🟦 Facebook Page: hpAndro1337 🔷Twitter handle : hpandro1337 Hardcoded Secret in Native Library 00:00 ...
RPATH - run-time search path hard-coded in native library - hpAndro Vulnerable Application Challenge
Переглядів 5793 роки тому
🚩 CTF Link : ctf.hpandro.raviramesh.info ♚ All application on Playstore: play.google.com/store/apps/dev?id=7722940558815307513 ♛ Consolidate challenges app: play.google.com/store/apps/details?id=com.hpandro.androidsecurity 🔊 UA-cam Channel: ua-cam.com/users/AndroidAppSec 🟦 Facebook Page: hpAndro1337 🔷Twitter handle : hpandro1337 RPATH CWE-426: Untrusted Search Path cwe....
Checking Memory for Sensitive Data (Memory Flag) - hpAndro Vulnerable Application Challenge
Переглядів 9053 роки тому
🚩 CTF Link : ctf.hpandro.raviramesh.info ♚ All application on Playstore: play.google.com/store/apps/dev?id=7722940558815307513 ♛ Consolidate challenges app: play.google.com/store/apps/details?id=com.hpandro.androidsecurity 🔊 UA-cam Channel: ua-cam.com/users/AndroidAppSec 🟦 Facebook Page: hpAndro1337 🔷Twitter handle : hpandro1337 Process Memory Flag mobile-security.gitbo...
XML External Entity [XXE] - hpAndro Vulnerable Application Challenge
Переглядів 6233 роки тому
🚩 CTF Link : ctf.hpandro.raviramesh.info ♚ All application on Playstore: play.google.com/store/apps/dev?id=7722940558815307513 ♛ Consolidate challenges app: play.google.com/store/apps/details?id=com.hpandro.androidsecurity 🔊 UA-cam Channel: ua-cam.com/users/AndroidAppSec 🟦 Facebook Page: hpAndro1337 🔷Twitter handle : hpandro1337 #XXE #XML eXternal #Entity injection (XXE...
XPath Injection - hpAndro Vulnerable Application Challenge
Переглядів 8613 роки тому
🚩 CTF Link : ctf.hpandro.raviramesh.info ♚ All application on Playstore: play.google.com/store/apps/dev?id=7722940558815307513 ♛ Consolidate challenges app: play.google.com/store/apps/details?id=com.hpandro.androidsecurity 🔊 UA-cam Channel: ua-cam.com/users/AndroidAppSec 🟦 Facebook Page: hpAndro1337 🔷Twitter handle : hpandro1337 #XPath Injection Similar to SQL Injection...
User Password Enumeration - hpAndro Vulnerable Application Challenge
Переглядів 3613 роки тому
🚩 CTF Link : ctf.hpandro.raviramesh.info ♚ All application on Playstore: play.google.com/store/apps/dev?id=7722940558815307513 ♛ Consolidate challenges app: play.google.com/store/apps/details?id=com.hpandro.androidsecurity 🔊 UA-cam Channel: ua-cam.com/users/AndroidAppSec 🟦 Facebook Page: hpAndro1337 🔷Twitter handle : hpandro1337 Insecure direct object references (#IDOR)...
Server Side Request Forgery [SSRF] - hpAndro Vulnerable Application Challenge
Переглядів 4543 роки тому
🚩 CTF Link : ctf.hpandro.raviramesh.info ♚ All application on Playstore: play.google.com/store/apps/dev?id=7722940558815307513 ♛ Consolidate challenges app: play.google.com/store/apps/details?id=com.hpandro.androidsecurity 🔊 UA-cam Channel: ua-cam.com/users/AndroidAppSec 🟦 Facebook Page: hpAndro1337 🔷Twitter handle : hpandro1337 #SSRF - Server-Side Request #Forgery Web ...
Server Fingerprinting - hpAndro Vulnerable Application Challenge
Переглядів 2323 роки тому
🚩 CTF Link : ctf.hpandro.raviramesh.info ♚ All application on Playstore: play.google.com/store/apps/dev?id=7722940558815307513 ♛ Consolidate challenges app: play.google.com/store/apps/details?id=com.hpandro.androidsecurity 🔊 UA-cam Channel: ua-cam.com/users/AndroidAppSec 🟦 Facebook Page: hpAndro1337 🔷Twitter handle : hpandro1337 Fingerprint Web Server Web #server #finge...
Remote File Inclusion [RFI] - hpAndro Vulnerable Application Challenge
Переглядів 4773 роки тому
🚩 CTF Link : ctf.hpandro.raviramesh.info ♚ All application on Playstore: play.google.com/store/apps/dev?id=7722940558815307513 ♛ Consolidate challenges app: play.google.com/store/apps/details?id=com.hpandro.androidsecurity 🔊 UA-cam Channel: ua-cam.com/users/AndroidAppSec 🟦 Facebook Page: hpAndro1337 🔷Twitter handle : hpandro1337 #RFI / #LFI The #File #Inclusion vulnerab...
REST API HTTP Methods - hpAndro Vulnerable Application Challenge
Переглядів 2243 роки тому
🚩 CTF Link : ctf.hpandro.raviramesh.info ♚ All application on Playstore: play.google.com/store/apps/dev?id=7722940558815307513 ♛ Consolidate challenges app: play.google.com/store/apps/details?id=com.hpandro.androidsecurity 🔊 UA-cam Channel: ua-cam.com/users/AndroidAppSec 🟦 Facebook Page: hpAndro1337 🔷Twitter handle : hpandro1337 Test #HTTP #Methods HTTP offers a number ...
Unrestricted File Upload - hpAndro Vulnerable Application Challenge
Переглядів 3913 роки тому
🚩 CTF Link : ctf.hpandro.raviramesh.info ♚ All application on Playstore: play.google.com/store/apps/dev?id=7722940558815307513 ♛ Consolidate challenges app: play.google.com/store/apps/details?id=com.hpandro.androidsecurity 🔊 UA-cam Channel: ua-cam.com/users/AndroidAppSec 🟦 Facebook Page: hpAndro1337 🔷Twitter handle : hpandro1337 #Unrestricted File #Upload Uploaded files...
Server Side Template Injection [SSTI] - hpAndro Vulnerable Application Challenge
Переглядів 3383 роки тому
Server Side Template Injection [SSTI] - hpAndro Vulnerable Application Challenge
S3 Bucket Misconfiguration - hpAndro Vulnerable Application Challenge
Переглядів 2503 роки тому
S3 Bucket Misconfiguration - hpAndro Vulnerable Application Challenge
RIA Cross Domain Policy - hpAndro Vulnerable Application Challenge
Переглядів 9933 роки тому
RIA Cross Domain Policy - hpAndro Vulnerable Application Challenge
Review Comment and Meta Data - hpAndro Vulnerable Application Challenge
Переглядів 1153 роки тому
Review Comment and Meta Data - hpAndro Vulnerable Application Challenge
OTP Bruteforce - hpAndro Vulnerable Application Challenge
Переглядів 6 тис.3 роки тому
OTP Bruteforce - hpAndro Vulnerable Application Challenge
Old Backup Files - hpAndro Vulnerable Application Challenge
Переглядів 3153 роки тому
Old Backup Files - hpAndro Vulnerable Application Challenge
Login Bypass Cookie Manipulation - hpAndro Vulnerable Application Challenge
Переглядів 8593 роки тому
Login Bypass Cookie Manipulation - hpAndro Vulnerable Application Challenge
JWT Misconfiguration - hpAndro Vulnerable Application Challenge
Переглядів 2813 роки тому
JWT Misconfiguration - hpAndro Vulnerable Application Challenge
JSON to XXE Blind - hpAndro Vulnerable Application Challenge
Переглядів 5443 роки тому
JSON to XXE Blind - hpAndro Vulnerable Application Challenge
JavaScript Info Leak - hpAndro Vulnerable Application Challenge
Переглядів 2313 роки тому
JavaScript Info Leak - hpAndro Vulnerable Application Challenge
Insecure Direct Object References [IDOR] - hpAndro Vulnerable Application Challenge
Переглядів 2863 роки тому
Insecure Direct Object References [IDOR] - hpAndro Vulnerable Application Challenge
Encoding & Hashing - hpAndro Vulnerable Application Challenge
Переглядів 2693 роки тому
Encoding & Hashing - hpAndro Vulnerable Application Challenge
Default Credential - hpAndro Vulnerable Application Challenge
Переглядів 1773 роки тому
Default Credential - hpAndro Vulnerable Application Challenge
Client Side Validation Bypass - hpAndro Vulnerable Application Challenge
Переглядів 3053 роки тому
Client Side Validation Bypass - hpAndro Vulnerable Application Challenge
Ninjutsu Android Penetration Testing Environment - MEmu based emulator
Переглядів 2,3 тис.3 роки тому
Ninjutsu Android Penetration Testing Environment - MEmu based emulator

КОМЕНТАРІ

  • @xmzio_1
    @xmzio_1 12 днів тому

    is it static analysis

  • @LuckyYeti
    @LuckyYeti 20 днів тому

    got this error : [ ! ] elevated write permissions are needed to access $ANDROID_HOME

  • @LuckyYeti
    @LuckyYeti 20 днів тому

    I have Google api android 11 system image x64 which internet says Google api is pre-rooted unlike Google play system image. Do I still need rootAVD?

  • @boringchannel6313
    @boringchannel6313 Місяць тому

    after this video, i feel like i want to milk a cow

  • @FelixPrada-dt9rx
    @FelixPrada-dt9rx 5 місяців тому

    Hello, why when I install version 4.0.3 with docker does it ask me for a login and password?

  • @anggorodhanumurti1956
    @anggorodhanumurti1956 5 місяців тому

    how can u get ida pro version?

  • @joaquinmonzonv.8850
    @joaquinmonzonv.8850 8 місяців тому

    Where i can found downl. Android_Server for ida?

  • @don5629
    @don5629 8 місяців тому

    Can I use my emulator for Rubber Ducky to brute force my phone? How will the emulator detect the mobile phone?

  • @Tradinghacks-te9sp
    @Tradinghacks-te9sp 8 місяців тому

    Realtime most of Apps hangs up due to epoll waiting implementation,we can't debug that apps , games with ida, Do u have solution of that

  • @AhmadHasan607
    @AhmadHasan607 9 місяців тому

    thank you very much please give me your telegram or whatsapp i need your help

  • @al-shabaa
    @al-shabaa 10 місяців тому

    Muito obrigado por ter criado o tutorial !

  • @PIFA7
    @PIFA7 10 місяців тому

    My brain's not braining anymore after watching this

  • @pavankrishna-v7g
    @pavankrishna-v7g 10 місяців тому

    please speak out, so it would be easy to understand instead of deaf.

  • @Diii0401
    @Diii0401 11 місяців тому

    [*] Set Directorys [-] Test IF ADB SHELL is working [-] ADB connection possible [-] Install all APKs placed in the Apps folder [-] Install all APKs placed in the Apps folder That's what powershell says to me. There is no "[*] Trying to install APPS\..." Can somebody help me ?

    • @indiancybercult
      @indiancybercult 6 місяців тому

      same did u fixed it?

    • @takanimpu4997
      @takanimpu4997 5 місяців тому

      ​@@indiancybercultmine is working great ... which version of rootavd and os ur using ??

    • @matheuscamargo5079
      @matheuscamargo5079 4 місяці тому

      you need to put the magisk apk inside the APPS folder

  • @purejoymusic
    @purejoymusic 11 місяців тому

    late to the parties... first newbie vid. is genymotion still the best emu? was gonna magisk flash avd to try to emulate + test setup on s20. also tried to debug an installed app on android (using usb debug and android studio) but struggling at first step 'attach to debugger'. I have free App Cloner, so no options to create debug there (paid feature). can an app / package be launched in debug mode via shell / adb ? or do you need to build a debug version? or can you manipulate the manifest to make an app be launched in debug, to see everything it's doing, using usb debug? hoped to identify db activity, to understand how apps record info like their config. not learned kotlin or anything yet...

  • @andry5053
    @andry5053 11 місяців тому

    3:14 I have a problem at this point. [*] Set Directorys [-] Test IF ADB SHELL is working [-] ADB connection possible [-] Install all APKs placed in the Apps folder That's what powershell says to me. There is no "[*] Trying to install APPS\..." Can somebody help me?

    • @diy__diy
      @diy__diy 10 місяців тому

      same here

    • @8220347
      @8220347 5 місяців тому

      First run the command . ootAVD.bat ListAllAVDs, then run . ootAVD.bat <path to ramdisk.img file>

    • @matheuscamargo5079
      @matheuscamargo5079 4 місяці тому

      you need to put the magisk apk inside the APPS folder

  • @vinod8june
    @vinod8june 11 місяців тому

    watch on

  • @sdgsdgsdgdssdg4sd5g
    @sdgsdgsdgdssdg4sd5g Рік тому

    great job man the next video please : reverse engineering any game for example (temple run 2) on android using il2cppdumper, ida, lldb

  • @ADIBFAHMI-cb1nz
    @ADIBFAHMI-cb1nz Рік тому

    generic_x86_arm:/ $ su /system/bin/sh: su: not found 127|generic_x86_arm:/ $

  • @saivenkat4854
    @saivenkat4854 Рік тому

    superb content and easy to understand

  • @blake5338
    @blake5338 Рік тому

    You can apply this method to creste unsigned apks?

  • @SoCalRhetor
    @SoCalRhetor Рік тому

    App is even more powerful than I had initially thought

  • @M0X0101
    @M0X0101 Рік тому

    Wow

  • @willhunt5599
    @willhunt5599 Рік тому

    to bad rootAVD is gone now

    • @Spuqui
      @Spuqui Рік тому

      Gone? No, not really. It just moved from github to gitlab, but it is still being worked on.

  • @mirpurpigeons1777
    @mirpurpigeons1777 Рік тому

    Pls,, tell me site or lab name for practice.. ❤

  • @markyerger
    @markyerger Рік тому

    how to upgrade an apk sdk version this probably works on android 9 but it doesn't work on android 13 this program Cryok sia call recorder this program doesn't work on android 13

  • @SaumilShah-pn6wm
    @SaumilShah-pn6wm Рік тому

    bahut hard XD

  • @charsetUTF-8
    @charsetUTF-8 Рік тому

    thank your helpfull!!!

  • @bigchompa8085
    @bigchompa8085 Рік тому

    god tutorial 10/10

  • @raymondgarcia4999
    @raymondgarcia4999 Рік тому

    Does the code go to public when i upload the file?

  • @Vijay-ey8vs
    @Vijay-ey8vs Рік тому

    When click automatic refresh not showing anything

  • @lucioamaral2092
    @lucioamaral2092 Рік тому

    blod: file C:\Users\lenovo\AppData\Local\Android\Sdk\system-images\android-29\google_apis\x86 amdisk.img not found

    • @MrSagarcmp
      @MrSagarcmp Рік тому

      The script may not be able to detect the exact path. Replace the ENVVAR and ANDROIDHOME with exact path ENVVAR="C:\Users\%User %\AppData\Local\Android\Sdk" ANDROIDHOME="C:\Users\%user%\AppData\Local\Android\Sdk\" and if possible replace the conditional check for ramdisk.img file with exact path in the initial if conditions C:\Users\%User %\AppData\Local\Android\Sdk\system-images\android-30\google_apis\x86 amdisk.img"

    • @calypso168
      @calypso168 Рік тому

      @@MrSagarcmp it doesn't work, I'm having the same problem

    • @nanit484
      @nanit484 Рік тому

      Use relative path: system-images\android-29\google_apis\x86 amdisk.img. Check the path using ListAllAVDs argument.

    • @almt7dhteam156
      @almt7dhteam156 4 місяці тому

      . ootAVD.bat system-images\android-29\google_apis\x86 amdisk.img

    • @luanarruda7965
      @luanarruda7965 23 дні тому

      @@almt7dhteam156 It works for me. Thanks.

  • @xX_Joseph777_Xx
    @xX_Joseph777_Xx Рік тому

    'FIND' is not recognized as an internal or external command, operable program or batch file. Why do i get this?

  • @danthanhtrung
    @danthanhtrung Рік тому

    I debug on virtual device it works, but can't do it on physical device is show error as soon as the app launches "prompts: 'process xxx.yyy.zzz not found. aborting session'."

    • @toki3204
      @toki3204 3 місяці тому

      show all processess and follow all steps on video

  • @rubensdmr
    @rubensdmr Рік тому

    I opened the apk but the xml is not readable, do you know how to solve that? looks like the file was encrypted

  • @sintyiapurnamasari6255
    @sintyiapurnamasari6255 Рік тому

    so fast

  • @Sj-ze5wk
    @Sj-ze5wk Рік тому

    I’m trying to debug a native file from an android app in IDA and keep getting signal error messages. I assume it’s anti debugging somehow? Is there a chance you can do a video on this

    • @LinkerAFK
      @LinkerAFK 9 місяців тому

      Yeah, this exists. Try LLDB to get a lead into what's happening

  • @WhyWork-y4n
    @WhyWork-y4n Рік тому

    how to start process instead of attach?

  • @بيليبليبليبلي

    great but if there is detection

  • @elbardelosmalditos
    @elbardelosmalditos Рік тому

    Solución: Amigos, para el que no le funcione a la primera, debe verificar que la ruta de ADB esté añadida correctamente a su path de Windows. No me funcionaba y era por eso.

  • @enyihou4553
    @enyihou4553 Рік тому

    Hi! Thank you so much for your tutorial. I am facing an issue. If the apk I am trying to debug is NOT DEBUGGEABLE. There is no way to debug it right?

  • @isramen4756
    @isramen4756 Рік тому

    signed ask but giving error any help?

  • @ravivarma9344
    @ravivarma9344 Рік тому

    Please make video of Dexcalibur tool because there is no video tutorials that's why.

  • @ravivarma9344
    @ravivarma9344 Рік тому

    Finally you're back I missed you alot.

  • @DarkLegends2008
    @DarkLegends2008 Рік тому

    Amazing, can you upload this video in full-hd or higher.

  • @anhtung9076
    @anhtung9076 Рік тому

    Hope you guide to change android fingerprint by command line from cmd or power shell. Thank you very much

  • @ava_aja
    @ava_aja Рік тому

    Ada indo ga?

  • @future_gen
    @future_gen Рік тому

    could not load available zip files error showing bro pls help me

  • @monatehrani
    @monatehrani Рік тому

    good JOB

  • @nanip9620
    @nanip9620 2 роки тому

    It always shows analysing but never cameup