February 1, 2019

Connecting to Hidden Mail Server using Android

My Contribution in K9 Android Mail Client

K-9 is an attractive, open-source email client for Android with support of IMAP, POP3, SMTP, and exchange protocols. Hence, this client does not support proxy feature. This problem is referenced in #704 #980 #2619. In this post I will talk about my contribution in K-9 project by adding SOCKs proxy feature, which can be used for connecting hidden mail services.

In previous post, I described about connecting Thunderbird, an open source email client for PC, to a hidden mail service. In this post I will talk about modifying K-9 mail and connecting Android client to the hidden mail service.

November 24, 2018

Ilam CTF: Android Reverse WriteUp

Ilam CTF has been hold on 23rd Nov 2018. Unfortunately I’ve planned other things for 22-23 Nov 2018 and because of the delay in holding the CTF, I couldn’t attend this CTF.

However, I could download the Android Reverse question for future analysis. And the flag is here:

ilam_ctf_0a095194dbcf4f798751aaafdfb_1db6b2ed339f4698b6b38b5e7ae

But the WriteUP!

Continue reading Ilam CTF: Android Reverse WriteUp

October 28, 2018

T-REX: Playing with Dino!

I hardly play the dino game which is created by Google and is available in Chrome browser for playing while there is no Internet connection. But the game itself is popular and can be found in different platforms. Recently I’ve changed two of them and now cacti and birds are ineffective.

Continue reading T-REX: Playing with Dino!

July 22, 2018

ASIS2014: NUMDROID WRITE-UP

I’ve playing with Android CTF questions recently and found this jewelry box. One of the questions was about a numeric one way hash question named NUMDROID. The question was presented in ASIS2014 and here, I write the write-up!

Continue reading ASIS2014: NUMDROID WRITE-UP

March 26, 2018

8st SharifCTF Android WriteUps: Vol II

This the second and final writeup of Android challenges which was given in 8st Sharif CTF. I’ve wrote about the team and place in the previous post. The writeup begins …

Skeleton 1

Continue reading 8st SharifCTF Android WriteUps: Vol II

November 24, 2017

Onion Harvester: First step to TOR Search Engines

Knowing all possible web paths in the world is the initial step for making a search engine (SE). By means of SE one can analyze the web for the material he/she likes. In normal Domain Name System, each TLD provider (Top Level Domain) can sell or release list of all its domains. As an example .com TLD can sell or release all the domains which are end with “.com“. But the problem is more complicated in TOR (or other hidden service providers). In this post I will talk about my tool named Onion Harvester and how to find initial points for finding hidden services to be crawled.

TOR Network

Continue reading Onion Harvester: First step to TOR Search Engines

March 30, 2017

Smali Code Injection: Playing with 2048!

I’ve met 2048 game many years ago. It is an addictive game witch takes lots of time from the player. 🙁

So what should I do if I want to have high score and save time? Here is where Smali takes part. 🙂

In this post I will describe how to inject into Android 2048 game and change the score! Continue reading Smali Code Injection: Playing with 2048!

December 18, 2016

Smali Code Injection

In this post I wanted to demonstrate a simple code injection example in Android. As indicated in previous posts about reversing java, the method of code execution is same in Android. Whereas Java, the BYTE CODE are SMALI codes here and the executor is Dalvik (recently ART) in Android (not JVM). Here in this post, I will describe shortly how to reverse and inject code in SMALI.

Continue reading Smali Code Injection

October 14, 2016

Reversing Java: Part III

In the previous tutorials, I’ve described the simple Java byte code structure and stated to reverse a simple Hello World Java application. In this tutorial, I will describe the remaining parts of the class file. Continue reading Reversing Java: Part III

September 18, 2016