Skip to content

Latest commit

 

History

History
153 lines (77 loc) · 5.3 KB

mobile.md

File metadata and controls

153 lines (77 loc) · 5.3 KB

Mobile Devices

General

Java

Frida

Miscellaneous

Elcomsoft Phone Breaker

  • Elcomsoft Phone Breaker enables forensic access to password-protected backups for smartphones and portable devices based on RIM BlackBerry and Apple iOS platforms.

Objection

  • A runtime mobile exploration toolkit, powered by Frida.

Mobile Pentesting Frameworks

appmon

  • An automated framework for monitoring and tampering system API calls of native macOS, iOS and android apps. It is based on Frida.

Avatar²

  • A framework with focus on dynamic analysis of embedded devices firmware.

Dagah

  • Mobile assessment VM, free and paid versions.

Theory, Articles & Blogs

A collection of deobfuscation methods and automated deobfuscator tools

HOW TO: Exploit Routers on an Unrooted Android Phone

  • A nice article on setting up GNURootDebian and RouterSploit on an Android device.

Introduction To Writing Shellcode

Android

Firmware

Kali Nethunter

Copperhead OS

Decompiler & Debuggers

JEB

Emulation

Genymotion

Frameworks

Brida

  • A Burp extension that acts as a bridge between Burp and Frida.

MARA Framework

Smali Emulator

  • This software will emulate a smali source file generated by apktool.

Miscellaneous

BadIntent

  • Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite.

Android Unpacker

  • While not technically a decompiler or debugger, this is will extract data from an Android apk and unpack the included dex file into the working dir.

Payloads

Backdoor.apk

Kwetza

  • A tool that allows you to infect an existing Android application with a Meterpreter payload.

Android Theory, Articles & Blogs

Advanced Android Bug Bounty Skills

Android App Security Checklist

  • A checklist with security considerations for designing, testing, and releasing secure Android apps. Can also be used to give you ideas of things to look for when performing app assessments.

Awesome Malware Analysis

  • Not the perfect spot for this list. But, it can live here until there's a more general rev-eng area.

BBQ & Zero Days

Certificate Pinning in Android 4.2

Create reverse Meterpreter APK

Hack Android Using Kali

How To Spy On Your Android Phone

  • A how to on using Burp against an Android device.

Identifying and Evading Android Protections

  • From the 2017 BugCrowd Level Up virtual conference.

Library injection for debuggable Android apps

  • Using Frida against apks compiled as debuggable to do testing.

Reverse Engineering Reading List

  • Not the perfect spot for this list. But, it can live here until there's a more general rev-eng area.

Universal Android SSL Pinning bypass with Frida

Using Frida on Android without root

  • Using Frida against apks compiled as debuggable to test apps on non-rooted Android devices.

iOS

iSpy

  • A reverse engineering framework for iOS.

Objection

  • A runtime mobile exploration toolkit, powered by Frida.

optool

  • Command Line Tool for interacting with MachO binaries on OSX/iOS.

Secure iOS Application Development

  • A list of some of the most common security mistakes made while developing for iOS. Solid reference if auditing an app.