Profile cover photo
Profile photo
NestedIF TechArticle
5 followers
5 followers
About
Posts

Post has attachment
With Android 7.0 i.e. Nougat onward OS introduced a new security feature where O.S. doesn’t trusts user installed certificate anymore. So our conventional way of Adding HTTPS certificate to intercept API would not work. However it is possible to instruct…
Add a comment...

Post has attachment
Sometimes it may happen that you might need to use AVD (Android Virtual Device) / emulator to intercept App Traffic. Earlier virtual device were not having WiFi interface, so you you need to rely upon command line to use it for API Interception (Newer…
Add a comment...

Post has attachment
While performing Android pen-test, you would also need to check what data Android app is sending to back-end server. You might be interested in not just viewing, but manipulating the ongoing communication between mobile app & server or sometimes IoT…
Add a comment...

Post has attachment
Rooting Android phones gives any app access of super user upon granting, it becomes risk for other apps installed within that device in terms of violation in CIA triangle. To minimize this risk many Apps comes with Root Detection mechanism, which won’t…
Add a comment...

Post has attachment
4. Reversing & Repatching .APK for Non-Rooted/Rooted phone to bypass OS Security

As seen in previous post about Reverse engineering Android .apk file into Smali code, this article will explain how to 1) Decompile an .apk file – 2) Modify a part of it – 3) Recompile it again to obtain new unsigned .apk file – 4) Sign it & install on…
Add a comment...

Post has attachment
As we saw in previous article, how can we get ClassDex-Java class files via Apktool. In current post we would see how can we get .smali files from the .apk file. Basically Smali files are easy to understand if person has basic knowledge in assembly level…
Add a comment...

Post has attachment
Previously we saw getting back source code from .apk using Jadx via Reverse engineering. Here we would see same thing using different tool set, using combination of 1) ApkTool – This can extract Manifest.xml, resources, certificates, assets, layout, etc.…
Add a comment...

Post has attachment
Android applications are packed inside .apk files with all resources, assets, class files, certificates, layout files, config Manifest files etc. Compiling any application source code into .apk files would make Java class files into class-Dex files, which…
Add a comment...

Post has attachment
By now you might be knowing that Android apk can be made using Java, Kotlin, HTML-Js(cross platform apps) as well as in Native languages using C, C++ etc (reason being they can inherit already available popular libraries in those language plus better…
Add a comment...

Post has attachment
You might be knowing that Android apk can be made using Java, Kotlin, HTML-Js(cross platform apps) as well as in Native languages using C, C++ etc (reason being they can inherit already available popular libraries in those language plus better…
Add a comment...
Wait while more posts are being loaded