Court of Analysis and Testing

Tampering and reverse engineering android application is always been my favorite activity when i try to do android application pentesting. Using reverse engineering we would able to understand the nature of the application code and tampering is when you try to change the value of the runtime(at debugging state) and capable of change the code flow. in this blog post i will try to show how to use one of the old tool to do java debugging activity which is JDWP and for the testing app i will use insecurebankv2 application. luckily JDWP has already been pre installed inside the adb utility. But In order to use jdwp for tampering application, we should do at least couple of things: 1. First we need to know where is the application PID is in order for us to attach into the process. run ~# adb jdwp (don't execute your application first) run it again ~# adb jdwp (execute your application) as you can see from the the second picture the id 1309 is appear when we try to ...

At first i thought that memory forensic is a black magic. Whenever i try to watch someone do memory forensic they do this kinda weird and exotic command to dump the memory and walaaa they got the source of infection. i was like whatttttt the hell is happening ʕʘ̅͜ʘ̅ʔ. So rather than staying here babbling about how hard is memory forensic why not try it ! in these post i'm going to do memory forensic analysis with infamous LIME framework from volatility. Before we go to the cool stuff let me explain you briefly about what is memory forensic. Simple enough memory forensic is a process acquiring and analysis of volatile data(RAM). Expert use memory forensic to identify the attack source or malware infection. That's enough for the theory, lets go to the fun stuff(if you want to know more about memory forensic just google it you dumb dumb!) we are going to run an application, dump the memory from the android and try to analyze it(Maximum EFFORT !!!!). OKAY! before you ...

My teacher always encourage me about reading paper of research in order to up to date with the current method whether it is android malware or android pentest topic. I have read a lot of awesome research that truly open my eyes in the field of research and development in mobile security. So when i try to do my daily search of interesting topic, i came across with this really cool tool called "DROIDBOX". Credit goes to the author, this post is inspire from the following link: https://www.honeynet.org/node/1317 Before we going to talk more about "DROIDBOX". Let me explain some simple concept. In the field of security there are two analysis that is typically known. One is static analysis and the other one is dynamic analysis. Static analysis is where you try to find some interest(e.g: malicious class, vulnerable component) in the application without executing it in the safe environment. So long story short most of the time you will do reverse engineering and...

Do you ever wonder how can you protect your android application from software piracy ? prevent those pesky hacker to ruin your application. well then this post is for you my friend ! One of the way to make your application hard to be read and understand by hacker is to use technique use obfuscation. Obfuscation aim to make your code unreadable and hard to understand by inserting bunch junk code or rename class name into something meaningless. But there is another technique called packing. Unlike obfuscation that make your code hard to understand packer is compressing part of the code that is important and at runtime it will uncompressed the application in order to make the application work again. there are couple good packer outhere such as: Bangcle (SecNeo) APKProtect LIAPP (prerelease demo) Qihoo Android Packers Jaigu today we are i'm going to use Bangcle to show the difference of unpack android application and packed android application. for the sake of t...