owasp-mstg
smali
owasp-mstg | smali | |
---|---|---|
1 | 5 | |
1 | 6,205 | |
- | - | |
10.0 | 0.0 | |
almost 2 years ago | 4 months ago | |
Java | ||
Creative Commons Attribution Share Alike 4.0 | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
owasp-mstg
-
Google Play rolls out an "Independent security review" badge for apps
I found a more detailed explanation of it: https://github.com/julepka/owasp-mstg/blob/master/Document/0...
> Generally, you should provide compiled code with as little explanation as possible. Some metadata, such as debugging information, line numbers, and descriptive function or method names, make the binary or bytecode easier for the reverse engineer to understand, but these aren't needed in a release build and can therefore be safely omitted without impacting the app's functionality.
I'm not a big fan of the reasoning, as it's security through obscurity. Which is not the worst tradeoff, but these days it just makes public bug bounties (and other public auditing) end up being less of an interesting prospect for improving security.
smali
-
I want to learn how to mod/crack apps like Balatan and other good modders. Where can I find guide to learn this?
In the past I've used 2 different methods. First was simply modifying the smali code to change values to what I want. For instance, instead of saving media to the internal SD card, I would save it to the external (for a 4WD GPS), or change the maximum amount of downloads from 10000 to 1000000.
-
SMALI, What's That?
If you access the smali github wiki, you will find this definition:
- Possivile violazione della licenza Apache 2.0 e MIT nell'applicazione CieID
-
[Tutorial] How to modify APK files for premium features
Next we need to decode/decompile the APK. So navigate to where you downloaded the APK and using Apktool decode Smart Audiobook Player using the decode argument. So our command will be apktool decode ak.alizandro.smartaudiobookplayer_2021-06-06.apk It will make a folder called ak.alizandro.smartaudiobookplayer_2021-06-06 which will contain all of the smali code (the 'assembly' language for DEX files - someone correct me with a better explanation please), the manifest.xml file of the APK, and all of the resources needed to compile our app back into a working APK file.
-
Web developer getting started with hacking android
If interested in reversing, you’ll need tools such as (https://ibotpeaches.github.io/Apktool/ ) and dex2jar (https://github.com/pxb1988/dex2jar) and jd-GUI (http://java-decompiler.github.io/) and I also highly recommend using smali (https://github.com/JesusFreke/smali) rather than trying to analyze the machine code if jd-GUI fails to recompile something back to the pseudo-Java. There’s actually a very good LinkedIn learning video on how to use all these tools together called Learning Android Malware Analysis, just get the trial or w/e and do the course then cancel.
What are some alternatives?
buildAPKs - Really quickly build APKs on handheld device (smartphone or tablet) in Amazon, Android, Chromebook and Windows📲 See https://buildapks.github.io/docsBuildAPKs/setup to start building APKs.
OkHttp - Square’s meticulous HTTP client for the JVM, Android, and GraalVM.
android-udev-rules - Android udev rules list aimed to be the most comprehensive on the net
owasp-mastg - The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
website - The elementary.io website
Picasso - A powerful image downloading and caching library for Android
reFlutter - Flutter Reverse Engineering Framework
Dexter - Android library that simplifies the process of requesting permissions at runtime.
owasp-masvs - The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
PinView - A PIN view library for Android. Use to enter PIN/OTP/password etc.
theos-jailed - A Theos module to develop jailed tweaks for iOS 8 and up
zxing-android-embedded - Barcode scanner library for Android, based on the ZXing decoder