Introduction To Android Bug Bounty Hunting

--- title: Introduction To Android Bug Bounty Hunting tags: WosecKe, Android Bug Bounty Talk description: View the slide with "Slide Mode" or "View Mode". slideOptions: #theme: solarized transition: 'fade' #parallaxBackgroundImage: 'https://s3.amazonaws.com/hakim-static/reveal-js/reveal-parallax-1.jpg' --- # Introduction To Android Bug Bounty Hunting! By @Chal13W1zz ![image alt](https://www.researchgate.net/profile/Kirthika-B-2/publication/327387842/figure/fig1/AS:666401400430592@1535893883636/Evolution-of-Android-OS.png) --- ### Who am I? ![](https://i.imgur.com/s8aDC3S.png) - <code class="blue">Am a jack of all trades :smiling_face_with_smiling_eyes_and_hand_covering_mouth: </code> - <code class="blue">I love Android :heart:</code> - <code class="blue">I use ParrotSec OS :cat:</code> --- ### Why Android? :thinking_face: ![](https://media.giphy.com/media/7OXnY7MEDyBeE/giphy.gif) 1. It's a less explored field :mask: 2. Majority of the people in the world use Android 3. Ios devices are seriously expensive :broken_heart: 4. it's flexible (revrese apps in a snap) 5. Google Play Security Reward Program (GPSRP) :money_mouth_face: --- ### Basics :yum: - Types of apps (Native,Hybrid and Wrappers) - Languages (Java ,Some Kotlin, Javascript and a lot of smali, Assemby[optional]) - Pen and paper <code class="orange">Let us begin :tada:</code> ![](https://media.giphy.com/media/3bJHkntbTQIoakG3Mj/giphy.gif) --- ### Where Do I start? :cry: ![](https://media.giphy.com/media/3ofSBaX5R943uhfhle/giphy.gif) - Read dislosed reports, research , google :) - Set up your lab (Installing the appsec arsenal, proxy etc) --- ### Where Do I start ctd... - Target Selection (demo) - Reverse The application(demo) - Dissect the manifest --- ### My Hunting Methodology :bow_and_arrow: ![](https://media.giphy.com/media/3oriNLx3dUqFgVi86I/giphy.gif) - Data Logging and insecure debugging(p1) - Embedded Secrets(keys) - Network Vulnerabilities(no ssl pin,ftp, ssh) - Session tokens leak(ATO) - Insecure data storage(raw passwd, weak db's) - Source code analysis (insecure crypto) - Using external storage(logs,code,app,sandbox etc) - webviews (strings to grep) ![](https://i.imgur.com/a1kYmxn.png) - deeplinks (scheme trick) - IPC(Activities,Services,Broadcasts, Content Providers) - API brief --- ## Free Bonus tips ![](https://media.giphy.com/media/26tP21xUQnOCIIoFi/giphy.gif) - permision get external storage in manifest - "application/vnd.android.package-archive" - beat obfuscation manually - look at the imports eg base64 - byte array trick str(byte).join(map(chr, bytes)) - look at the dev comments - [Most webviews are buggy, apps communicating to servers never miss a flaw or two, games with leaderboards have low hanging fruits] - bof on gcc< 4.9 (grep/strings) - java.util.zip - Typo in custom permissions - intent redirection --- ### Thank you! :sheep: - Youtube : https://www.youtube.com/c/FreeTechMods - Twitter : https://twitter.com/Chal13W1zz - GitHub : https://github.com/Chal13W1zz - Telegram : https://t.me/FreeTechMods - Email : chaliewizz4@gmail.com - WhatsApp/Call : +254795344966 ![](https://media.giphy.com/media/w9xqv7uWcPe2HRZ5sX/giphy.gif) --- ## Hello Friend :) Now you are a pro leet Android jedi master :crossed_swords: Go Hack the world!! ![](https://media.giphy.com/media/RbDKaczqWovIugyJmW/giphy.gif) --- ![](https://media.giphy.com/media/1iv7YitAWMJyTPCU3d/giphy.gif) Hunt em' bugs