Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:12,460 --> 00:00:15,410
Hey, guys, welcome back to another episode on How to Hack.
2
00:00:15,760 --> 00:00:19,060
So today we'll learn about reverse engineering, mobile application.
3
00:00:19,420 --> 00:00:23,980
And what we can see over here is that on the left side, I have an Android emulator running.
4
00:00:23,980 --> 00:00:26,920
So do go ahead and download Android studio.
5
00:00:27,040 --> 00:00:32,740
And once you're an Android studio, you would have the ability to access the Android virtual device
6
00:00:32,740 --> 00:00:33,340
manager.
7
00:00:33,340 --> 00:00:36,580
So I have actually set up a video previously on this tutorial.
8
00:00:36,580 --> 00:00:37,940
So do check that out.
9
00:00:38,500 --> 00:00:42,280
So going back into the tutorial today, we can actually screw up.
10
00:00:42,290 --> 00:00:47,650
And of course, there are a couple of applications that we are going to learn about mobile application
11
00:00:47,650 --> 00:00:48,910
penetration testing.
12
00:00:49,540 --> 00:00:54,670
So on the left side of the screen, which you have the emulator, we can click onto Devar.
13
00:00:54,670 --> 00:01:01,140
And in the future, we will also be looking at for in terms of our mobile application hacking series
14
00:01:01,330 --> 00:01:03,370
so I can go ahead and click on Devar.
15
00:01:03,880 --> 00:01:08,680
And once we're in, we'll be presented with this particular homepage.
16
00:01:08,740 --> 00:01:09,040
All right.
17
00:01:09,040 --> 00:01:14,770
So this homepage will allow us the ability to learn about mobile application penetration testing so
18
00:01:14,770 --> 00:01:21,790
we have insecure logging, hot coding issues in secure data storage, input, validation, access control
19
00:01:21,790 --> 00:01:28,280
issues, as well as hot coding issues and invalid input validation issues again.
20
00:01:28,300 --> 00:01:32,410
So all these are great ways for us to learn about mobile application hacking.
21
00:01:32,770 --> 00:01:38,110
And of course, what we are going to learn today is about reverse engineering the application so as
22
00:01:38,110 --> 00:01:40,690
to install applications into these mobile devices.
23
00:01:40,870 --> 00:01:43,170
They usually come as an apk fall.
24
00:01:43,360 --> 00:01:49,720
So once you have the app fall, what we need to do is to convert it into a G, a R fall.
25
00:01:50,080 --> 00:01:56,350
And once you have done the conversion, we can actually view into how the data was actually being stored,
26
00:01:56,380 --> 00:02:01,570
how they could have possibly written the code in which we can view, we can understand it, and after
27
00:02:01,570 --> 00:02:08,590
which we can actually try to launch certain attacks against it because we're able to possibly find vulnerabilities
28
00:02:08,740 --> 00:02:11,110
in association with the mobile application.
29
00:02:11,890 --> 00:02:15,370
So moving forward, what I'm going to do now is I'm going to enter command from.
30
00:02:16,980 --> 00:02:21,390
So once I go to command problem, I can actually see into the folder.
31
00:02:34,300 --> 00:02:40,480
OK, so go ahead and download IDEX tools so the tools will come with the ability to help you do the
32
00:02:40,480 --> 00:02:41,140
conversion.
33
00:02:41,590 --> 00:02:42,670
So over here I can enter.
34
00:02:43,030 --> 00:02:48,530
Ah, so this will list the directory of all the files and folders inside the working directory.
35
00:02:49,000 --> 00:02:52,210
So in case, as mentioned earlier, we have a waps good right.
36
00:02:52,500 --> 00:02:56,040
And we also have Devar that you're seeing on a screen on the left side right now.
37
00:02:56,320 --> 00:02:57,940
So we have the APK fall.
38
00:02:57,970 --> 00:03:04,360
So what are you going to do now is to use DTG and we can enter Decs to J.R..
39
00:03:07,730 --> 00:03:12,860
And once you have the bat fall, so of course, we are running on a Windows 10 computer, we're running
40
00:03:12,860 --> 00:03:16,680
on Linux deals, we have a dust hitch that you can use to do the conversion.
41
00:03:17,120 --> 00:03:18,910
So over here, we have the bat fall.
42
00:03:18,920 --> 00:03:25,370
And what are we going to do now is to input the APK fall to begin the instructions for the conversion.
43
00:03:25,790 --> 00:03:32,780
OK, so over here, what I'm going to do now is to actually enter Devar Dash, Beta Dot.
44
00:03:34,070 --> 00:03:39,920
APK So go ahead, enter in debt, so of course, we have already done the conversion before so I can
45
00:03:39,920 --> 00:03:47,660
use a British force as part of the perimeter to actually go ahead and do the start the conversion so
46
00:03:47,660 --> 00:03:51,220
I can hit enter on debt and it would take a while for it to complete a conversion.
47
00:03:51,710 --> 00:03:58,190
So once we have done that, I can enter again and immediately we can see that we have Devar Dash beta
48
00:03:58,190 --> 00:03:59,450
dash decks to J.R..
49
00:03:59,640 --> 00:04:00,830
J.R., follow over here.
50
00:04:01,500 --> 00:04:07,460
OK, so we got this fall running and all we got to do now is go back into the folder and you want to
51
00:04:07,460 --> 00:04:09,290
open up the jade gooey.
52
00:04:10,380 --> 00:04:17,170
So this allow us the ability to view default and I'm going to go back to the folder so we have the Devar
53
00:04:17,250 --> 00:04:19,380
Desh beta decks to J.R..
54
00:04:19,590 --> 00:04:26,460
J.R., I'm going to drag and drop it into the Java old compiler and immediately we can see all the different
55
00:04:26,460 --> 00:04:28,780
information in relation to this apk.
56
00:04:29,130 --> 00:04:32,100
So I'm going to use the magnifier so it's easier for you to see.
57
00:04:33,180 --> 00:04:37,680
So of course, once we have to modify running, we can see that we have enjoyed that support and we
58
00:04:37,680 --> 00:04:39,240
had Drakkar Awesome Diva.
59
00:04:39,240 --> 00:04:45,480
So I can open that up and we can look at all the different classes, we can look at all the different
60
00:04:45,480 --> 00:04:46,290
classes.
61
00:04:46,770 --> 00:04:49,030
That is part of the mobile application.
62
00:04:49,310 --> 00:04:49,580
All right.
63
00:04:49,680 --> 00:04:51,510
So we can see all these different data.
64
00:04:51,750 --> 00:04:57,150
And very quickly, for example, I can just demonstrate a really quick way of looking at how the code
65
00:04:57,150 --> 00:04:57,620
looks like.
66
00:04:57,630 --> 00:05:00,450
So over here, we have the following example.
67
00:05:00,570 --> 00:05:03,720
So we have the package we have to import.
68
00:05:03,990 --> 00:05:05,700
We have to populate class.
69
00:05:06,150 --> 00:05:11,190
We have the public voit safe credentials, and we can see that you're saving data into the system.
70
00:05:11,700 --> 00:05:17,580
OK, so for example, now I can close the magnifier because we now know how to reverse engineer the
71
00:05:17,580 --> 00:05:19,870
mobile application and look into the source code.
72
00:05:20,250 --> 00:05:27,180
So if I go back into the simulator and if I go into, for example, in secure data storage, part one
73
00:05:27,540 --> 00:05:33,630
and I can enter, for example, the third party service username, say, for example, Arunta, Loy
74
00:05:33,960 --> 00:05:37,920
Yang and I entered a password of one, two, three, four, five, six, seven, eight.
75
00:05:38,340 --> 00:05:39,810
I click on Safe.
76
00:05:40,020 --> 00:05:46,830
OK, so we have thirt party credentials saved successfully and I can go into command prompt OK, so
77
00:05:46,830 --> 00:05:53,760
I can go back to command problem and I can do an ATV shell so that we can gain access into the mobile
78
00:05:53,760 --> 00:05:58,810
application or the mobile phone so we can also do the same for any physical mobile devices.
79
00:05:58,810 --> 00:06:00,300
So do go ahead and try that.
80
00:06:00,300 --> 00:06:03,330
I have tried it before and it is working as intended.
81
00:06:03,620 --> 00:06:10,860
OK, so because for tutorial purposes over a video screen cost of video sharing a recording, so we
82
00:06:10,860 --> 00:06:12,210
are doing it as an emulator.
83
00:06:12,660 --> 00:06:19,620
So going back here we can see the data data and we can enter URLs and we can CD into Jugg her.
84
00:06:20,280 --> 00:06:26,610
So this is the mobile application folder and I get it or else a game so we can look at all these different
85
00:06:26,610 --> 00:06:28,290
folders and directories and file.
86
00:06:28,530 --> 00:06:36,090
So I can KDDI, for example, into shet preferences and I can add or else and here we have an XML fall
87
00:06:36,090 --> 00:06:42,650
so I can enter a and we can look at the timing of this particular file.
88
00:06:42,660 --> 00:06:47,970
We can look at the information of this particular file and we can see when this particular item was
89
00:06:47,970 --> 00:06:53,730
being saved, when this item was actually being accessed, what was the item that was inside this particular
90
00:06:53,730 --> 00:06:54,090
file?
91
00:06:54,330 --> 00:07:00,570
So all I'm going to do is, for example, enter Cat Jacare to this particular file.
92
00:07:00,570 --> 00:07:07,350
I can hit enter on that and we immediately will be able to find out the string password as well as the
93
00:07:07,350 --> 00:07:08,700
string name user.
94
00:07:08,730 --> 00:07:11,550
And of course, we can see the information that we can earlier.
95
00:07:11,820 --> 00:07:14,820
And if I go back into the code, we can find out all this data.
96
00:07:14,820 --> 00:07:17,120
So we got user with a password.
97
00:07:17,130 --> 00:07:23,460
So if I go back to command, prompt user and password, once again, we were able to see those items.
98
00:07:23,460 --> 00:07:25,860
They are being recorded inside the system.
99
00:07:27,610 --> 00:07:32,260
And moving forward is part of the tutorial, we can also look into insecure data storage, too.
100
00:07:32,470 --> 00:07:38,320
So once again, now that we learn about reverse engineering mobile applications, we can look into the
101
00:07:38,320 --> 00:07:39,200
data over here.
102
00:07:39,220 --> 00:07:45,910
So in this case, by observing the source code, we can see that there is a private school like Database
103
00:07:45,910 --> 00:07:46,630
MDB.
104
00:07:47,320 --> 00:07:53,500
So open a create database IDs to create table, if not exist.
105
00:07:53,830 --> 00:07:58,510
And of course, you can also try to do a lock in terms of recreational currents.
106
00:07:58,930 --> 00:08:04,870
And we can look into insert into my users so we can see that they are using some kind of sequel Quarrie.
107
00:08:05,140 --> 00:08:08,320
So we have done a number of tutorials about sequel injection and so on.
108
00:08:08,740 --> 00:08:15,730
So in our case, a lot of applications may also be using a lot of applications, may also be using SQLite
109
00:08:15,940 --> 00:08:18,980
as part of storing data into the mobile device.
110
00:08:19,420 --> 00:08:23,860
So in our case, of course, from what we're seeing here, based on a source code, we are definitely
111
00:08:23,860 --> 00:08:24,380
seeing that.
112
00:08:24,820 --> 00:08:25,230
All right.
113
00:08:25,870 --> 00:08:30,910
So what we will do now is we can actually go back into the Android phone, OK?
114
00:08:31,000 --> 00:08:32,940
And we can click on to part two.
115
00:08:32,950 --> 00:08:38,140
So, again, this is a wonderful application for us to learn all about mobile application penetration
116
00:08:38,140 --> 00:08:38,540
testing.
117
00:08:38,890 --> 00:08:45,040
So in my case, I can enter, for example, against username Loy Yang Kyung and I can enter the password
118
00:08:46,360 --> 00:08:48,470
and I can go ahead and click safe.
119
00:08:48,790 --> 00:08:55,740
So we now have the party credentials saved successfully so I can go back into once again command prompt,
120
00:08:55,990 --> 00:09:03,700
OK, I can go back into the top folder and can enter URLs and we can go into, for example, KDDI databases
121
00:09:05,590 --> 00:09:08,590
and can enter LFS again to look at all the files and folders.
122
00:09:09,070 --> 00:09:13,960
So in our case we can see over here we have IDs to make sure we have IDs too.
123
00:09:14,530 --> 00:09:21,370
So for example, in our case we may have a challenge trying to understand what kind of fall time it
124
00:09:21,370 --> 00:09:27,910
is, because over here we have Devar Notes DB so DOT DB is actually a way for us to view into SQL like
125
00:09:27,910 --> 00:09:28,390
files.
126
00:09:28,420 --> 00:09:34,360
However, because we have IDs too, which does not have an extension, you may be challenging for us
127
00:09:34,360 --> 00:09:36,880
to understand what is the purpose of this file?
128
00:09:37,090 --> 00:09:38,170
What are its functions?
129
00:09:38,170 --> 00:09:39,670
How is it storing data?
130
00:09:40,180 --> 00:09:45,190
So what we can do is to actually enter fall IDs to do so.
131
00:09:45,190 --> 00:09:47,440
Over here we can look at fall IDs too.
132
00:09:47,440 --> 00:09:52,690
So this is data and of course we can also try to download this particular fall and we can also try to
133
00:09:52,690 --> 00:09:54,490
do a cat on it IDs too.
134
00:09:55,060 --> 00:09:59,080
And we can say immediately that this is a sequel like format.
135
00:09:59,240 --> 00:10:02,490
OK, so now we know that this is actually a sequel light fall.
136
00:10:03,010 --> 00:10:10,170
So what we can do next is to actually go into SQLite itself and we can actually enter IDs too.
137
00:10:10,540 --> 00:10:16,870
OK, so once we're in, we're able to view the content inside this particular database so we can enter,
138
00:10:16,870 --> 00:10:18,220
for example, got tables.
139
00:10:18,610 --> 00:10:18,910
All right.
140
00:10:18,920 --> 00:10:25,930
So this will list all the tables that are actually in existence within this particular skill form.
141
00:10:25,960 --> 00:10:26,320
All right.
142
00:10:26,320 --> 00:10:33,070
So this is a light fall idea, too, so we can actually, for example, select all from my user and
143
00:10:33,070 --> 00:10:41,020
remember to put a semicolon and immediately we can find out the username as well as the password.
144
00:10:41,380 --> 00:10:41,680
All right.
145
00:10:41,680 --> 00:10:47,410
So, again, this is another insecure way of storing data inside mobile applications.
146
00:10:47,650 --> 00:10:50,590
And, of course, we can enter quitte to exit SQLite.
147
00:10:52,620 --> 00:10:59,160
And, of course, moving forward onto part three in terms of insecure data storage activity.
148
00:10:59,220 --> 00:11:05,520
So over here once again, because we were able to we were able to reverse engineer the mobile application
149
00:11:05,640 --> 00:11:07,850
and we have our insecure data storage here.
150
00:11:08,130 --> 00:11:10,130
We can actually look at the information.
151
00:11:10,350 --> 00:11:17,000
So over here in this information, we actually have the creation of temporary file so we can see fall
152
00:11:17,010 --> 00:11:18,310
that create 10 fall.
153
00:11:18,390 --> 00:11:21,300
Now we have you in full Colmar top.
154
00:11:22,080 --> 00:11:24,660
This is the instruction file writer.
155
00:11:24,870 --> 00:11:25,230
Right?
156
00:11:25,350 --> 00:11:27,950
So immediately we can find out all these different data.
157
00:11:28,350 --> 00:11:30,060
So we have all these different data points.
158
00:11:30,070 --> 00:11:35,760
So all we got to do is once again go back to Android phone and we can go to pottery.
159
00:11:36,330 --> 00:11:40,000
I can click on pottery and I can enter the once again the username.
160
00:11:40,020 --> 00:11:46,770
So in this case, Loy Yang Yang and I can enter the password again and once you have that running,
161
00:11:46,950 --> 00:11:47,930
click safe.
162
00:11:47,970 --> 00:11:48,270
All right.
163
00:11:48,280 --> 00:11:52,160
So we have Tea Party credentials saved successfully.
164
00:11:52,410 --> 00:11:58,530
So going back into command from where we have the ADB shell again, we can actually try to find out
165
00:11:58,620 --> 00:12:03,450
where is this file so I can do a keg, I get it or else.
166
00:12:03,630 --> 00:12:03,900
All right.
167
00:12:03,900 --> 00:12:08,270
So immediately we can find out there is this you in full fall?
168
00:12:08,490 --> 00:12:10,260
OK, we have this you in full fall.
169
00:12:10,590 --> 00:12:15,560
I can enter L to give us more information about the disk to false.
170
00:12:15,570 --> 00:12:19,140
So of course over here we have a zero eight twenty one.
171
00:12:19,140 --> 00:12:25,640
So this was a file that was created yesterday and we have twenty two dash twenty two.
172
00:12:25,770 --> 00:12:28,350
So this is the file this created today right now.
173
00:12:28,500 --> 00:12:31,170
So I can actually do a cat you info.
174
00:12:33,060 --> 00:12:33,480
All right.
175
00:12:33,480 --> 00:12:35,400
And we have a couple of false options.
176
00:12:35,400 --> 00:12:41,190
So we will select a latest one as part of the Turrill, which is starting from seven five seven and
177
00:12:41,190 --> 00:12:42,630
go ahead and hit enter on that.
178
00:12:43,140 --> 00:12:48,680
And once again, we're able to find this particular file storing all this data.
179
00:12:49,050 --> 00:12:55,830
So another point that you can try it out on is as you enter your physical Android device or your mobile
180
00:12:55,830 --> 00:13:02,010
phone into the computer, do search and try to locate all this kind of files, because some of these
181
00:13:02,010 --> 00:13:08,130
mobile applications do not have secure coding practices and they may expose all this sensitive data
182
00:13:08,460 --> 00:13:10,600
to the mobile device data storage.
183
00:13:10,770 --> 00:13:15,020
So these are very, very dangerous operations and very insecure way of doing coding.
184
00:13:15,810 --> 00:13:23,400
So going back into our platform, which is the final tutorial for today's class, is we have the insecure
185
00:13:23,400 --> 00:13:25,860
data storage for activity class.
186
00:13:26,400 --> 00:13:30,690
And one thing I want to highlight over here is this particular instruction.
187
00:13:30,690 --> 00:13:38,520
So we have over here fall, fall, equal environment, don't get external storage directory.
188
00:13:38,790 --> 00:13:39,150
All right.
189
00:13:39,150 --> 00:13:41,670
So this is getting external storage directory.
190
00:13:42,210 --> 00:13:46,350
So what you're doing is that you're going to store to fall into an external storage.
191
00:13:46,380 --> 00:13:49,650
So in our case, the external storage is going to be an SD card.
192
00:13:49,830 --> 00:13:54,090
OK, so with that in mind, of course, we also have the unfurl information again.
193
00:13:54,540 --> 00:14:01,110
So what we can do is go back to the mobile device, click under insecure data storage platform, and
194
00:14:01,110 --> 00:14:03,780
once again we can enter the party service username.
195
00:14:04,140 --> 00:14:08,070
So in case I can enter once again, Loy Yang and I can enter the password.
196
00:14:09,360 --> 00:14:12,030
And now with that we can go ahead and click safe.
197
00:14:13,200 --> 00:14:18,310
So once I click save, we have the third party credentials so successfully so we manage to complete
198
00:14:18,330 --> 00:14:19,050
construction.
199
00:14:19,350 --> 00:14:24,420
So another tips or advice I can give you is about reading truly instructions.
200
00:14:24,570 --> 00:14:31,230
So all this items have been executed all the way onto over here to party credentials save successfully
201
00:14:31,620 --> 00:14:37,050
Deming's all the instructions before it is has actually completed successfully, which is why we're
202
00:14:37,050 --> 00:14:39,900
able to see to it party credentials saved successfully.
203
00:14:40,140 --> 00:14:43,050
So everything above it has been completed successfully.
204
00:14:43,460 --> 00:14:43,860
All right.
205
00:14:44,190 --> 00:14:48,030
And over here we can again go back into command prompt.
206
00:14:48,240 --> 00:14:53,010
So over here we have the ATP shell running, which is a connection into the mobile device.
207
00:14:53,370 --> 00:14:59,100
So once we have the connection, all we got to do now is KDDI into SD card.
208
00:14:59,100 --> 00:15:04,650
So this is the absolute path that give us access straight into the external storage.
209
00:15:04,650 --> 00:15:08,130
And I can enter URLs to list all the files and folders.
210
00:15:08,550 --> 00:15:12,360
OK, so we of course, over here we have all this different data and information.
211
00:15:12,360 --> 00:15:20,220
So we got alarms, we go download, we got music and so on, so forth so it can enter l a so OK, so
212
00:15:20,220 --> 00:15:21,330
go ahead and enter on debt.
213
00:15:22,020 --> 00:15:25,140
And what you see here is that we have a dot fall.
214
00:15:25,350 --> 00:15:25,610
All right.
215
00:15:25,710 --> 00:15:28,050
So and over here we only have one particular file.
216
00:15:28,060 --> 00:15:30,150
The rest are all the rectories as you can see.
217
00:15:30,150 --> 00:15:36,660
So we have a separate tutorial on Linux about Linux file navigation file system management.
218
00:15:36,660 --> 00:15:41,280
So do check that all as well, especially if you're if you're new to Linux systems.
219
00:15:41,820 --> 00:15:44,260
So we have a DOT you in for TI.
220
00:15:44,310 --> 00:15:51,390
And of course this was just created r d twenty second of August and dot you info.
221
00:15:52,060 --> 00:15:53,540
He's actually a hidden foe.
222
00:15:53,830 --> 00:15:58,550
It's a way of hiding fall from users being able to access this kind of content.
223
00:15:58,840 --> 00:16:05,050
So by entering more commands or more instructions, we'll be able to look into this particular file.
224
00:16:05,050 --> 00:16:10,690
So remember to put a dash L.A. on it so that we can find all this hidden files as well.
225
00:16:10,840 --> 00:16:11,230
All right.
226
00:16:11,500 --> 00:16:15,940
So all we could do is enter Cat Dot you in full, thought he'd enter and debt.
227
00:16:16,180 --> 00:16:20,150
And once again, we're able to find a username as well as the password.
228
00:16:20,710 --> 00:16:25,480
So once again, I hope you have learned something valuable today as part of a mobile application penetration
229
00:16:25,480 --> 00:16:25,840
testing.
230
00:16:26,140 --> 00:16:30,790
So if you have any questions, feel free to put a comment below and I'll try my best to answer any of
231
00:16:30,790 --> 00:16:31,420
your questions.
232
00:16:31,660 --> 00:16:36,070
So I'll give them to, like, share and subscribe to the channel so that you can be kept abreast of
233
00:16:36,070 --> 00:16:37,400
the latest cybersecurity.
234
00:16:37,930 --> 00:16:39,370
Thank you so much once again for watching.
24988
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.