2.2 KiB
2.2 KiB
Start emulator and install burp cert
Original guide see here
emulator -netdelay none -netspeed full -avd Pixel_2_XL_API_27_2 -qt-hide-window -grpc-use-token -idle-grpc-timeout 300 -http-proxy http://192.168.0.171:8081 -debug-proxy -writable-system
adb root
sleep 2
adb remount
adb push Downloads/sparapp/9a5ba575.0 /storage/emulated/0/
adb shell "mv /storage/emulated/0/9a5ba575.0 /system/etc/security/cacerts"
adb shell "chmod 644 /system/etc/security/cacerts/9a5ba575.0"
adb shell "chown root:root /system/etc/security/cacerts/9a5ba575.0"
adb shell "ls -lah /system/etc/security/cacerts/9a5ba575.0"
Hacking jar
Good starting point OWASP
install frida server
curl -L -o /tmp/frida-server.xz https://github.com/frida/frida/releases/download/16.1.3/frida-server-16.1.3-android-x86.xz
unxz /tmp/frida-server.xz
adb root && sleep 2
adb push /tmp/frida-server /data/local/tmp/
adb shell "chmod 755 /data/local/tmp/frida-server"
adb shell "/data/local/tmp/frida-server &"
Patch and install an apk
python -m venv1 venv # creates virtual environment
. ./venv1/bin/activate # changes into the virtual environment
pip install objection
objection patchapk --source SPAR_1.0.1_Apkpure.apk # patches apk so that is injectable
adb root && sleep 2
adb install
adb install SPAR_1.0.1_Apkpure.objection.apk
Connected to patched apk
# while in virtual environment
frida-ps -Ua # lists available to attach objection to
objection -d -g `at.spar.app` explore # starts app with objection attached
Useful commands when in objection shell
android sslpinning disable # try disable certificate pinning
android hooking ... # various commands for class/method listing, call hooking, etc
import <scriptname on computer> # executes a frida injection javascript
import Fin/Spar/frida/hook_login.js
import Fin/Spar/frida/hook_apicalls.js
...