Reverse Engineering Mobile Apps

Sam Bowne

Turning in Projects

CCSF students: capture full-screen images of the flags,
and highlight or outline the portion of the screen
showing the flag. Email the images to cnit.128sam@gmail.com
with a subject line including your name and the project number.

Level 1: Android Emulator Setup

Mac or Linux

M 101: Genymotion 15
M 103: Burp 20

Windows

Do M 108 below first
M 104: BlueStacks 15
M 106: Burp and Nox 20

Cloud

ED 200: Google Cloud Linux Server 15 extra
ED 290: Chrome Desktop on a Cloud Linux Server 10 extra
M 110: Genymotion Cloud, ADB, and Burp 25 extra

Any OS

M 105: Plaintext Login    15
M 107: GenieMD Broken SSL (Harvard & IBM)    15 + 40 extra
M 108: Kali Virtual Machine 15
Download Kali VM

Level 2: ADB

Mac or Linux

M 201: ADB on Genymotion on a Mac    15
M 202: BlueStacks on a Mac 15 extra

Windows

M203: ADB & Nox on Windows    15

Any OS

M 204: Equity Pandit    15 + 50 extra
M 207: ES Explorer Command Injection    10
M 210: Security Audit of an App    15 extra
M 211: Find a New App Vulnerability and Report it    50 extra

Level 3: Vulnerability Scanners

M 301: Qark    15
M 302: AndroBugs    10
M 310: Android Malware and VirusTotal    20 extra

Level 4: Smali

M 401: Trojaning Progressive and Bank of America    20 + 20 extra
M 402: mAadhaar Code Modification    20
M 410: Exploiting an Android Phone with Metasploit    15 extra

Level 5: Drozer

M 501: Drozer    20
M 502: Protection Level Downgrade    30 extra

Level 6: Real Mobility

M 601: Rooting BlueStacks on Windows    10 extra
M 602: Interplanetary Overlay Network (ION‑DTN)    15 extra

Level 7: iPhones

ED 420: Jailbreaking an iPhone with Checkra.in    15
M 701: Installing Damn Vulnerable iOS App on an iPhone    10
M 702: Frida on iOS & Hacking Ringdahl EMS    20
M 710: Unsafe Logging by Fiserv iPhone Apps    10
M 711: Insecure Local Storage by iPhone Apps    15 extra
M 712: Plaintext Network Transmissions by iPhone Apps    15


Posted 5-31-19 4:56 pm
Link targets updated and scores archived 8-7-19
Links set to open in a new tab 8-9-19
2020 version first posted 12-23-19
M 701 link fixed 12-29-19
iPhone stuff moved to end; Chinese stuff removed; tidied up; 1-13-19
Cloud section added to level I and CCSF instructions added 1-22-2020
M 211 and 212 added 1-25-2020
M 10 and ED 290 added 1-28-2020
M 10 replaced by M 108 1-29-2020
M 403 removed 1-29-2020
M 401 updated to include Bank of America 2-2-2020
M 501 and 502 removed for uodates 2-5-2020
M 710, 711, 712 added and 501 restored 2-12-2020
M 502 restored 2-13-2020
M 310 added 3-4-2020
M 410 added 3-11-2020