Hacking Android Devices

Sam Bowne

Submitting Projects

CCSF students must do these things to get credit:

  • Perform the project steps until you find a flag
  • Capture a whole-desktop image showing the flag
  • Outline or highlight the flag in the image
  • Submit the image in the appropriate Project in Canvas
  • Type the flag into the text field

   

Android Emulator Setup


Any OS

M 140: Android Studio Emulator 15
M 141: Burp with Android Studio's Emulator 20
M 145: Making a Rooted Android Emulator 10 extra
M 142: Rooting Android Studio's Emulator not recommended 15 extra
M 105: Plaintext Login (Updated 3-26-2021) 15
M 107: GenieMD Broken SSL (Harvard & IBM)    15 + 40 extra
M 111: Debian Linux Virtual Machine    15
M 108: Kali Virtual Machine not recommended 15 extra
M 109: Broken SSL 30 extra
M 120: Burp and Android 8 10 extra
Download Kali VM

Alternative Android Emulators

Not Recommended

Mac or Linux

M 101: Genymotion 15
M 103: Burp 20

Windows

Do M 108 first
M 104: BlueStacks 15
M 106: Burp and Nox 20
M 601: Rooting BlueStacks on Windows    10 extra

ADB


Any OS

M 200: ADB with Android Studio 15
M 207: ES Explorer Command Injection    10 + 10 extra
M 210: Security Audit of an App    15 extra
M 211: Find a New App Vulnerability and Report it    50 extra

ADB for Alternative Emulators

Not Recommended

Mac or Linux

M 201: ADB on Genymotion on a Mac    15
M 202: BlueStacks on a Mac 15 extra

Windows

M203: ADB & Nox on Windows    15

Vulnerability Scanners

M 301: Qark    15 extra
M 302: AndroBugs    10
M 304: MobSF Static Analysis    25 extra
M 305: MobSF Dynamic Analysis    35 extra
M 310: Android Malware and VirusTotal    20 extra

Smali

M 401: Trojaning the Progressive App    20
M 402: mAadhaar Code Modification    20
M 404: Safeway Reversible Encryption -- REMOVED 10-28-22    
M 410: Exploiting an Android Phone with Metasploit    15 extra
M 412: Reversing FlareBear    20 extra

Attacking App Components

M 503: SomNote Vulnerable Content Provider    15
M 511: Exploiting Sieve: a Vulnerable App    20
M 512: Exploiting EVABS    55 extra
M 513: Instrumenting with Frida    15 extra
M 520: Stealing Secrets from Lastpass on Android    15 extra
M 521: Stealing Secrets from Keeper on Android    15 extra

Scores archived 7-24-23

Enter Flags · Scoreboard


Scoreboard added 1-28-24
M 145 added 2-14-24
M 304 added 2-15-24
M 305 added 2-18-24
M 301 added 2-19-24