Reverse Engineering Mobile Apps

Sam Bowne

Submitting Projects

CCSF students must do these things to get credit:

Perform the project steps until you find a flag
Capture a whole-desktop image showing the flag
Outline or highlight the flag in the image
Submit the image in the appropriate Project in Canvas
Type the flag into the text field

Android Emulator Setup

Mac or Linux

M 101: Genymotion 15

M 103: Burp 20

Windows

Do M 108 below first

M 104: BlueStacks 15

M 106: Burp and Nox 20

M 601: Rooting BlueStacks on Windows 10 extra

Any OS

M 105: Plaintext Login (Updated 3-26-2021) 15

M 107: GenieMD Broken SSL (Harvard & IBM) 15 + 40 extra

M 108: Kali Virtual Machine 15

M 109: Broken SSL 30 extra

M 120: Burp and Android 8 10 extra

Download Kali VM

ADB

Mac or Linux

M 201: ADB on Genymotion on a Mac    15

M 202: BlueStacks on a Mac 15 extra

Windows

M203: ADB & Nox on Windows    15

Any OS

M 204: Equity Pandit (NO LONGER AVAILABLE) 15 + 50 extra

M 207: ES Explorer Command Injection    10

M 210: Security Audit of an App    15 extra

M 211: Find a New App Vulnerability and Report it    50 extra

Vulnerability Scanners

M 111: Debian Linux Virtual Machine    15 extra

M 301: Qark    15 extra

M 302: AndroBugs    10

M 310: Android Malware and VirusTotal    20 extra

Smali

M 401: Trojaning Progressive and Bank of America    20 + 20 extra

M 402: mAadhaar Code Modification    20

M 404: Safeway Reversible Encryption    20

M 410: Exploiting an Android Phone with Metasploit    15 extra

M 411: Trojaning an Android App with Metasploit    15 extra

M 412: Reversing FlareBear    20 extra

Drozer

M 501: Drozer    20

M 502: Protection Level Downgrade (Updated 4-15-2020)    30 extra

M 503: SomNote Vulnerable Content Provider    15

M 504: Android-InsecureBankv2    60

iPhones

ED 420: Jailbreaking an iPhone with Checkra.in    15 extra

M 701: Installing Damn Vulnerable iOS App on an iPhone    (Doesn't work) 10 extra

M 702: Frida on iOS & Hacking Ringdahl EMS    (Doesn't work) 20 extra

M 710: Unsafe Logging by Fiserv iPhone Apps (REMOVED)     10 extra

M 711: Insecure Local Storage by iPhone Apps    15 extra

M 712: Plaintext Network Transmissions by iPhone Apps    15 extra

Project submission steps updated 1-20-21
M 201 updated 1-27-21
M 109 added 2-10-21
M 404 added 2-12-21
M 120 added 2-17-21
M 411 added 2-18-21
M 503 added 2-24-21
M 401a inserted to use Debian instead of Kali 3-17-21
M 105 removed 3-24-2021
M 502 updated 3-25-2021
M 105 updated and made available again 3-26-2021
M 204 Removed 3-26-2021
M 412 & 504 added 4-7-2021
M 701 and 702 marked as not working 4-21-2021
M 710 removed 4-28-2021