- download and pull apk
- if apps are split we can patch the apk and make it one https://github.com/NickstaDB/patch-apk
How to Deal with Split APKs manually:
-
Step 1: Pull all APKs and base apk off the device
-
pm list packages | grep
-
pm path
-
(exit adb shell)
-
Step 2: Inject base.apk with objection and sign all the split apks
-
adb pull (base.apk, split_config.en.apk, etc.)
-
objection patchapk -s <base.apk> —use-aapt2
-
(after the application is signed and patched, you must sign all of the split config.apks)
-
objection signapk split_config.en.apk, etc
-
Step 3: Install all apks to the device using install-multiple
-
After you have signed all split configs and patched base apk you use adb to install multiple APKs:
- adb install-multiple base.objection.apk split_config.en.objection.apk, etc.
If you find yourself taking a break from Mobile Testing for a few months, be sure to update your toolchain:
- pip3 install —upgrade objection
- pip3 install —upgrade frida
- pip3 install —upgrade frida-tools
-
apktool —version (always make sure you are on the latest version as shown here: https://ibotpeaches.github.io/Apktool/)
-t in objection to select some activity to patch
- jadx gui
- manifest.xml
exported =true
- api keys res/values/strings.xml -keys
- db url
-
firbase enum
-
.json trick = pushio key? Check for urls - search for http and https , api_key,
-
- manifest.xml
exported =true
See if we can intercept - burp ca cert - ssl pinning - break it with obj or manual and isntall
- walk through the app and note the endpoints
- device file explorer - look for files like DB - explore local files
- wal shm and hournal files are backup dbs
- pull .db file and view sql lite db browser
- if encrypted we can try to find encryption key in app
- use app more to populate data in DB
- strings command can give an idea about what is in there
- examine Cached data in filesystem