This the second and final writeup of Android challenges which was given in 8st Sharif CTF. I’ve wrote about the team and place in the previous post. The writeup begins …
Skeleton 1
8st SharifCTF Android WriteUps: Vol II
Onion Harvester: First step to TOR Search Engines
Knowing all possible web paths in the world is the initial step for making a search engine (SE). By means of SE one can analyze the web for the material he/she likes. In normal Domain Name System, each TLD provider (Top Level Domain) can sell or release list of all its domains. As an example .com TLD can sell or release all the domains which are end with “.com“. But the problem is more complicated in TOR (or other hidden service providers). In this post I will talk about my tool named Onion Harvester and how to find initial points for finding hidden services to be crawled.
TOR Network
Continue reading Onion Harvester: First step to TOR Search Engines
Smali Code Injection: Playing with 2048!
I’ve met 2048 game many years ago. It is an addictive game witch takes lots of time from the player. 🙁
So what should I do if I want to have high score and save time? Here is where Smali takes part. 🙂
In this post I will describe how to inject into Android 2048 game and change the score! Continue reading Smali Code Injection: Playing with 2048!
Smali Code Injection
In this post I wanted to demonstrate a simple code injection example in Android. As indicated in previous posts about reversing java, the method of code execution is same in Android. Whereas Java, the BYTE CODE are SMALI codes here and the executor is Dalvik (recently ART) in Android (not JVM). Here in this post, I will describe shortly how to reverse and inject code in SMALI.
Reversing Java: Part III
In the previous tutorials, I’ve described the simple Java byte code structure and stated to reverse a simple Hello World Java application. In this tutorial, I will describe the remaining parts of the class file. Continue reading Reversing Java: Part III
Reversing Java: Part II
In the previous post, I’ve described the main structure of Java class file bytes. In this part, I’ll continue decompiling the HelloWorld example.
Reversing Java: Part I
Recently I’ve interested in byte code structure of Java and Dalvik. I’ve found some useful tools for playing with them.
Destination Byte Code
Java byte codes are simple to reverse engineering because they compile in run time. i.e. JVM will execute the byte codes in run time, thus Java code is cross platform but executes with more delay than direct compiled machine codes (for example using C++ and gcc).