allsafe: Intentionally vulnerable Android application
Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable Android apps, this one is less like a CTF and more like a real-life application that uses modern libraries and technologies. Additionally, I have included some Frida-based challenges for you to explore. Have fun and happy hacking!
Tasks / Vulnerabilities
1. Insecure Logging
Simple information disclosure vulnerability. Use the logcat command-line tool to discover sensitive information.
2. Hardcoded Credentials
Some credentials are left in the code. Your task is to reverse engineer the app and find sensitive information.
3. Root Detection
This is purely for Frida practice. Make the code believe that your device is not rooted!
4. Arbitrary Code Execution
Loading modules securely with third-party apps is not easy. Write a PoC application and exploit the vulnerability!
5. Secure Flag Bypass
Another Frida-based task. No real vulnerability here, just has fun bypassing the secure flag!
6. Certificate Pinning Bypass
Certificate pinning is implemented using the OkHttp library. You have to bypass it in order to view the traffic with Burp Suite.
7. Insecure Broadcast Receiver
There’s a vulnerable broadcast receiver in the application. Trigger it with the correct data and you’re done!
8. Deep Link Exploitation
Similar to the insecure broadcast receiver, you need to provide the right query parameter to complete this task!
9. SQL Injection
Just a regular SQL injection that you’d find in web applications. No need to reverse the code to bypass the login mechanism.
10. Vulnerable WebView
You can also complete this task without decompiling the application. Pop an alert dialog and read files!
11. Smali Patching
In this task, you have to modify the execution flow of the application by editing the Smali code. Finally, rebuild and sign the APK!
12. Native Library
The application uses a native library that validates the entered password. Reverse engineer the library to find the password then use Frida to hook the native method.
Copyright (C) 2020 t0thkr1s