Book - Mobile Penetration Testing Part II

Android Debug Bridge

需要先Enable USB Debugging.

位置: Settings - Developer Options

假如未发现Developer Options, 点 Settings - About Device - Build Number 七次.

adb devices

➜  localstorage adb devices
List of devices attached  
192.168.56.101:5555    device

➜  localstorage adb -s 192.168.56.101:5555 shell
  • –s to connect to particular device
  • -d to connect only to the USB device
  • -e to connect only to an emulator

Java Debugger (JDB)

1). List all running apps

➜  localstorage adb jdwp
588  
719  
829  
928  
950  
[snip..]

In case you meet below error - error: could not install *smartsocket* listener: Address already in use.

Update your SDK in GenyMotion - Settings - ADB. Normally, it should be /Users/its/Library/Android/sdk.

2). Next, we will forward our debugging session to a port so that we can connect to our debugger.

$ adb forward tcp:8000 jdwp:950 // 950 is the process id
$ jdb -connect com.sun.jdi.SocketAttach:hostname=localhost,port=8000

3). Now, we are connecting to the remote host using JDB on port 8000.
4). Finally, you are all set to debug the app using the Java debugger.

Some of the JDB commands are as follows:

  • Setting a breakpoint: stop in [function name]
  • Executing the next line: next
  • Entering a function: step
  • Exiting a function: step up
  • Printing a class name: print obj
  • Dumping a class: dump obj
  • Setting the variable value: print [variable name]
  • Changing the variable value: set [variable name] = [value]

Example

Ref: Open Security Research: Debugging Android Applications

  1. Download runtime.apk
  2. Reproduction Steps

Using STRIDE to classify threats

Risk assessment model

DREAD stands for damage, reproducibility, exploitability, affected users, and discoverability.

This model is considered to be out of date by Microsoft.