Utilizando Apktool y grep para busquedas básicas en APKs "low hanging fruit"

mayo 07, 2021

Utilizando Apktool y grep para busquedas básicas en APKs "low hanging fruit"

Empezar análisis de Apks utilizando grep para encontrar los "low hanging fruit"

apktool d -f $APKFILE.apk -o smali
jadx -d out classes.dex

grep -r shell .
grep -r api .
grep -r database .
grep -r query .
grep -r post .
grep -r get .
grep -r config .
grep -r auth .

 https://github.com/tomnomnom/gf

GF ( A wrapper around grep to avoid typing common patterns. )

Command to decompile the android application:

apktool d exaple.apk.

Now I have used grep command to look for base64 encoded string Or you can also used gf tool .

Just navigate to the folder where you have decompile the android apk and search for the hardcoded secret.Here is the command I prefer to search for base64 encoded string.

grep -Hnri “eyJ” * — color

Buscar este blog

Maldroidversing

Utilizando Apktool y grep para busquedas básicas en APKs "low hanging fruit"

Entradas populares

Frida unpinning Failed to spawn: need Gadget to attach on jailed Android

Tuyapi para Cecotec