- Drozer - Drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS.
- Starting a session
adb forward tcp:31415 tcp:31415drozer console connectdrozer console connect --server <ip>
- List modules
lsls activity
- Retrieving package information
- Starting a session
run app.package.list -f
jackgris
/ build.gradle
Created
June 6, 2014 18:51
Example of use from Proguard, from Android Studio
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| buildscript { | |
| repositories { | |
| mavenCentral() | |
| maven { | |
| url 'https://oss.sonatype.org/content/repositories/snapshots/' | |
| } | |
| } | |
| dependencies { | |
| classpath 'com.android.tools.build:gradle:0.9.+' | |
| classpath 'com.squareup.gradle:gradle-android-test-plugin:0.9.1-SNAPSHOT' |
kevin-smets
/ iterm2-solarized.md
Last active
April 27, 2025 06:30
iTerm2 + Oh My Zsh + Solarized color scheme + Source Code Pro Powerline + Font Awesome + [Powerlevel10k] - (macOS)
scottyab
/ SignatureCheck.java
Last active
October 7, 2024 22:46
Simple Android signature check. Please note: This was created in 2013, not actively maintained and may not be compatible with the latest Android versions. It's not particularly difficult for an attacker to decompile an .apk, find this tamper check, replace the APP_SIGNATURE with theirs and rebuild (or use method hooking to return true from `vali…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import android.content.Context; | |
| import android.content.pm.PackageInfo; | |
| import android.content.pm.PackageManager; | |
| import android.content.pm.PackageManager.NameNotFoundException; | |
| import android.content.pm.Signature; | |
| public class TamperCheck { | |
| //we store the hash of the signture for a little more protection | |
| private static final String APP_SIGNATURE = "1038C0E34658923C4192E61B16846"; |