Reverse Engineering Mobile Apps

Sam Bowne

Submitting Projects

CCSF students must do these things to get credit:

  • Perform the project steps until you find a flag
  • Capture a whole-desktop image showing the flag
  • Outline or highlight the flag in the image
  • Submit the image in the appropriate Project in Canvas
  • Type the flag into the text field

Android Emulator Setup

Mac or Linux

M 101: Genymotion 15
M 103: Burp 20

Windows

Do M 108 below first
M 104: BlueStacks 15
M 106: Burp and Nox 20
M 601: Rooting BlueStacks on Windows    10 extra

Any OS

M 105: Plaintext Login (Updated 3-26-2021) 15
M 107: GenieMD Broken SSL (Harvard & IBM)    15 + 40 extra
M 108: Kali Virtual Machine 15
M 109: Broken SSL 30 extra
M 120: Burp and Android 8 10 extra
Download Kali VM

ADB

Mac or Linux

M 201: ADB on Genymotion on a Mac    15
M 202: BlueStacks on a Mac 15 extra

Windows

M203: ADB & Nox on Windows    15

Any OS

M 204: Equity Pandit (NO LONGER AVAILABLE) 15 + 50 extra
M 207: ES Explorer Command Injection    10
M 210: Security Audit of an App    15 extra
M 211: Find a New App Vulnerability and Report it    50 extra

Vulnerability Scanners

M 111: Debian Linux Virtual Machine    15 extra
M 301: Qark    15 extra
M 302: AndroBugs    10
M 310: Android Malware and VirusTotal    20 extra

Smali

M 401: Trojaning the Progressive App    20
M 402: mAadhaar Code Modification    20
M 404: Safeway Reversible Encryption    20
M 410: Exploiting an Android Phone with Metasploit    15 extra
M 411: Trojaning an Android App with Metasploit    15 extra
M 412: Reversing FlareBear    20 extra

Drozer

M 501: Drozer    20
M 502: Protection Level Downgrade (Updated 4-15-2020)    30 extra
M 503: SomNote Vulnerable Content Provider    15
M 504: Android-InsecureBankv2    60

iPhones

ED 420: Jailbreaking an iPhone with Checkra.in    15 extra
M 701: Installing Damn Vulnerable iOS App on an iPhone    (Doesn't work) 10 extra
M 702: Frida on iOS & Hacking Ringdahl EMS    (Doesn't work) 20 extra
M 710: Unsafe Logging by Fiserv iPhone Apps (REMOVED)     10 extra
M 711: Insecure Local Storage by iPhone Apps    15 extra
M 712: Plaintext Network Transmissions by iPhone Apps    15 extra