# Android ## Drozer ### Exploiting Content Provider - `run app.provider.info -a package_name` - `run scanner.provider.finduris -a package_name` - `run app.provider.query uri` - `run app.provider.update uri --selection conditions selection_arg column data` - `run scanner.provider.sqltables -a package_name` - `run scanner.provider.injection -a package_name` - `run scanner.provider.traversal -a package_name` ### Exploiting Service - `run app.service.info -a package_name` - `run app.service.start --action action --component package_name component_name` - `run app.service.send package_name component_name --msg what arg1 arg2 --extra type key value --bundle-as-obj` ### APK Sign - `keytool -genkey -v -keystore custom.keystore -alias mykeyaliasname -keyalg RSA -keysize 2048 -validity 10000` - `jarsigner -sigalg SHA1withRSA -digestalg SHA1 -keystore mycustom.keystore -storepass mystorepass repackaged.apk mykeyaliasname` - `jarsigner -verify repackaged.apk`