2. Mobile Security Framework
Mobile Security Framework is an intelligent, all-
in-one open source mobile application
(Android/iOS) automated pen-testing
framework capable of performing static and
dynamic analysis.
10. Dynamic Analyzer - Architecture
Dynamic Analyzer
AGENTS
Install and Run APK
HTTP(S) Proxy
Invoke Agents in VM
Results
HTTP(S) Traffic
Android VM
Application Data
Agent Collected Information
Start HTTP(S) Web Proxy
11. Dynamic Analysis
• SCREENSHOT
• HTTP(S) TRAFFIC
• LOGCAT and DUMPSYS
• DROIDMON API MONITOR
• DYNAMIC URLS and EMAILS
• DUMPED APPLICATION DATA
• FILE ANALYSIS ON APPLICATION DATA
• REPORT GENERATION
• UNDER DEVELOPMENT
13. Interesting Facts
• Free and Open Source
• Support VM, and Rooted Phones with our agents
installed.
• Complete Mobile Application Security Testing
(Android, iOS and Tizen*).
• Reporting
Future Plans
- Pentesting Server Side components of Hybrid
Applications.
-Exploitation Module.
15. G4H Mobile Security CTF
• CTF Entry point is GETSECRET, you need to capture
the secret send from SENDSECRET to GET Secret.
• Vulnerabilities.
SENDSECRET
Exported Activity
.ValidateAccess
Logical Vulnerability
Send secret to any application
with package name as
opensecurity.getsecret
and Activity name as GetFlag
GETSECRET
Hardcoded Password
LoginActivity
Exported Activities
AskSecret
GetFlag
Logging Sensitive Information
Logging the Secret
16. G4H - CTF- How to Solve
1. Reversing DexGuard, find the logic, reverse
the hardcoded secret to decrypt the AES
encrypted flag
2. Bypass Login of GETSECRET - Wait till the
Random no matches. -> SendSecret sends
the Secret. Collect the Secret form Log and
Enter it in GetFlag activity to get the Flag.
3. Easiest - Patch the APK and recompile it
17. Sorry
• Can’t cover Reversing DexGuard.
• Blog post removed!
• The license I have, deny reversing DexGuard
technology.