Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:12,460 --> 00:00:15,410 Hey, guys, welcome back to another episode on How to Hack. 2 00:00:15,760 --> 00:00:19,060 So today we'll learn about reverse engineering, mobile application. 3 00:00:19,420 --> 00:00:23,980 And what we can see over here is that on the left side, I have an Android emulator running. 4 00:00:23,980 --> 00:00:26,920 So do go ahead and download Android studio. 5 00:00:27,040 --> 00:00:32,740 And once you're an Android studio, you would have the ability to access the Android virtual device 6 00:00:32,740 --> 00:00:33,340 manager. 7 00:00:33,340 --> 00:00:36,580 So I have actually set up a video previously on this tutorial. 8 00:00:36,580 --> 00:00:37,940 So do check that out. 9 00:00:38,500 --> 00:00:42,280 So going back into the tutorial today, we can actually screw up. 10 00:00:42,290 --> 00:00:47,650 And of course, there are a couple of applications that we are going to learn about mobile application 11 00:00:47,650 --> 00:00:48,910 penetration testing. 12 00:00:49,540 --> 00:00:54,670 So on the left side of the screen, which you have the emulator, we can click onto Devar. 13 00:00:54,670 --> 00:01:01,140 And in the future, we will also be looking at for in terms of our mobile application hacking series 14 00:01:01,330 --> 00:01:03,370 so I can go ahead and click on Devar. 15 00:01:03,880 --> 00:01:08,680 And once we're in, we'll be presented with this particular homepage. 16 00:01:08,740 --> 00:01:09,040 All right. 17 00:01:09,040 --> 00:01:14,770 So this homepage will allow us the ability to learn about mobile application penetration testing so 18 00:01:14,770 --> 00:01:21,790 we have insecure logging, hot coding issues in secure data storage, input, validation, access control 19 00:01:21,790 --> 00:01:28,280 issues, as well as hot coding issues and invalid input validation issues again. 20 00:01:28,300 --> 00:01:32,410 So all these are great ways for us to learn about mobile application hacking. 21 00:01:32,770 --> 00:01:38,110 And of course, what we are going to learn today is about reverse engineering the application so as 22 00:01:38,110 --> 00:01:40,690 to install applications into these mobile devices. 23 00:01:40,870 --> 00:01:43,170 They usually come as an apk fall. 24 00:01:43,360 --> 00:01:49,720 So once you have the app fall, what we need to do is to convert it into a G, a R fall. 25 00:01:50,080 --> 00:01:56,350 And once you have done the conversion, we can actually view into how the data was actually being stored, 26 00:01:56,380 --> 00:02:01,570 how they could have possibly written the code in which we can view, we can understand it, and after 27 00:02:01,570 --> 00:02:08,590 which we can actually try to launch certain attacks against it because we're able to possibly find vulnerabilities 28 00:02:08,740 --> 00:02:11,110 in association with the mobile application. 29 00:02:11,890 --> 00:02:15,370 So moving forward, what I'm going to do now is I'm going to enter command from. 30 00:02:16,980 --> 00:02:21,390 So once I go to command problem, I can actually see into the folder. 31 00:02:34,300 --> 00:02:40,480 OK, so go ahead and download IDEX tools so the tools will come with the ability to help you do the 32 00:02:40,480 --> 00:02:41,140 conversion. 33 00:02:41,590 --> 00:02:42,670 So over here I can enter. 34 00:02:43,030 --> 00:02:48,530 Ah, so this will list the directory of all the files and folders inside the working directory. 35 00:02:49,000 --> 00:02:52,210 So in case, as mentioned earlier, we have a waps good right. 36 00:02:52,500 --> 00:02:56,040 And we also have Devar that you're seeing on a screen on the left side right now. 37 00:02:56,320 --> 00:02:57,940 So we have the APK fall. 38 00:02:57,970 --> 00:03:04,360 So what are you going to do now is to use DTG and we can enter Decs to J.R.. 39 00:03:07,730 --> 00:03:12,860 And once you have the bat fall, so of course, we are running on a Windows 10 computer, we're running 40 00:03:12,860 --> 00:03:16,680 on Linux deals, we have a dust hitch that you can use to do the conversion. 41 00:03:17,120 --> 00:03:18,910 So over here, we have the bat fall. 42 00:03:18,920 --> 00:03:25,370 And what are we going to do now is to input the APK fall to begin the instructions for the conversion. 43 00:03:25,790 --> 00:03:32,780 OK, so over here, what I'm going to do now is to actually enter Devar Dash, Beta Dot. 44 00:03:34,070 --> 00:03:39,920 APK So go ahead, enter in debt, so of course, we have already done the conversion before so I can 45 00:03:39,920 --> 00:03:47,660 use a British force as part of the perimeter to actually go ahead and do the start the conversion so 46 00:03:47,660 --> 00:03:51,220 I can hit enter on debt and it would take a while for it to complete a conversion. 47 00:03:51,710 --> 00:03:58,190 So once we have done that, I can enter again and immediately we can see that we have Devar Dash beta 48 00:03:58,190 --> 00:03:59,450 dash decks to J.R.. 49 00:03:59,640 --> 00:04:00,830 J.R., follow over here. 50 00:04:01,500 --> 00:04:07,460 OK, so we got this fall running and all we got to do now is go back into the folder and you want to 51 00:04:07,460 --> 00:04:09,290 open up the jade gooey. 52 00:04:10,380 --> 00:04:17,170 So this allow us the ability to view default and I'm going to go back to the folder so we have the Devar 53 00:04:17,250 --> 00:04:19,380 Desh beta decks to J.R.. 54 00:04:19,590 --> 00:04:26,460 J.R., I'm going to drag and drop it into the Java old compiler and immediately we can see all the different 55 00:04:26,460 --> 00:04:28,780 information in relation to this apk. 56 00:04:29,130 --> 00:04:32,100 So I'm going to use the magnifier so it's easier for you to see. 57 00:04:33,180 --> 00:04:37,680 So of course, once we have to modify running, we can see that we have enjoyed that support and we 58 00:04:37,680 --> 00:04:39,240 had Drakkar Awesome Diva. 59 00:04:39,240 --> 00:04:45,480 So I can open that up and we can look at all the different classes, we can look at all the different 60 00:04:45,480 --> 00:04:46,290 classes. 61 00:04:46,770 --> 00:04:49,030 That is part of the mobile application. 62 00:04:49,310 --> 00:04:49,580 All right. 63 00:04:49,680 --> 00:04:51,510 So we can see all these different data. 64 00:04:51,750 --> 00:04:57,150 And very quickly, for example, I can just demonstrate a really quick way of looking at how the code 65 00:04:57,150 --> 00:04:57,620 looks like. 66 00:04:57,630 --> 00:05:00,450 So over here, we have the following example. 67 00:05:00,570 --> 00:05:03,720 So we have the package we have to import. 68 00:05:03,990 --> 00:05:05,700 We have to populate class. 69 00:05:06,150 --> 00:05:11,190 We have the public voit safe credentials, and we can see that you're saving data into the system. 70 00:05:11,700 --> 00:05:17,580 OK, so for example, now I can close the magnifier because we now know how to reverse engineer the 71 00:05:17,580 --> 00:05:19,870 mobile application and look into the source code. 72 00:05:20,250 --> 00:05:27,180 So if I go back into the simulator and if I go into, for example, in secure data storage, part one 73 00:05:27,540 --> 00:05:33,630 and I can enter, for example, the third party service username, say, for example, Arunta, Loy 74 00:05:33,960 --> 00:05:37,920 Yang and I entered a password of one, two, three, four, five, six, seven, eight. 75 00:05:38,340 --> 00:05:39,810 I click on Safe. 76 00:05:40,020 --> 00:05:46,830 OK, so we have thirt party credentials saved successfully and I can go into command prompt OK, so 77 00:05:46,830 --> 00:05:53,760 I can go back to command problem and I can do an ATV shell so that we can gain access into the mobile 78 00:05:53,760 --> 00:05:58,810 application or the mobile phone so we can also do the same for any physical mobile devices. 79 00:05:58,810 --> 00:06:00,300 So do go ahead and try that. 80 00:06:00,300 --> 00:06:03,330 I have tried it before and it is working as intended. 81 00:06:03,620 --> 00:06:10,860 OK, so because for tutorial purposes over a video screen cost of video sharing a recording, so we 82 00:06:10,860 --> 00:06:12,210 are doing it as an emulator. 83 00:06:12,660 --> 00:06:19,620 So going back here we can see the data data and we can enter URLs and we can CD into Jugg her. 84 00:06:20,280 --> 00:06:26,610 So this is the mobile application folder and I get it or else a game so we can look at all these different 85 00:06:26,610 --> 00:06:28,290 folders and directories and file. 86 00:06:28,530 --> 00:06:36,090 So I can KDDI, for example, into shet preferences and I can add or else and here we have an XML fall 87 00:06:36,090 --> 00:06:42,650 so I can enter a and we can look at the timing of this particular file. 88 00:06:42,660 --> 00:06:47,970 We can look at the information of this particular file and we can see when this particular item was 89 00:06:47,970 --> 00:06:53,730 being saved, when this item was actually being accessed, what was the item that was inside this particular 90 00:06:53,730 --> 00:06:54,090 file? 91 00:06:54,330 --> 00:07:00,570 So all I'm going to do is, for example, enter Cat Jacare to this particular file. 92 00:07:00,570 --> 00:07:07,350 I can hit enter on that and we immediately will be able to find out the string password as well as the 93 00:07:07,350 --> 00:07:08,700 string name user. 94 00:07:08,730 --> 00:07:11,550 And of course, we can see the information that we can earlier. 95 00:07:11,820 --> 00:07:14,820 And if I go back into the code, we can find out all this data. 96 00:07:14,820 --> 00:07:17,120 So we got user with a password. 97 00:07:17,130 --> 00:07:23,460 So if I go back to command, prompt user and password, once again, we were able to see those items. 98 00:07:23,460 --> 00:07:25,860 They are being recorded inside the system. 99 00:07:27,610 --> 00:07:32,260 And moving forward is part of the tutorial, we can also look into insecure data storage, too. 100 00:07:32,470 --> 00:07:38,320 So once again, now that we learn about reverse engineering mobile applications, we can look into the 101 00:07:38,320 --> 00:07:39,200 data over here. 102 00:07:39,220 --> 00:07:45,910 So in this case, by observing the source code, we can see that there is a private school like Database 103 00:07:45,910 --> 00:07:46,630 MDB. 104 00:07:47,320 --> 00:07:53,500 So open a create database IDs to create table, if not exist. 105 00:07:53,830 --> 00:07:58,510 And of course, you can also try to do a lock in terms of recreational currents. 106 00:07:58,930 --> 00:08:04,870 And we can look into insert into my users so we can see that they are using some kind of sequel Quarrie. 107 00:08:05,140 --> 00:08:08,320 So we have done a number of tutorials about sequel injection and so on. 108 00:08:08,740 --> 00:08:15,730 So in our case, a lot of applications may also be using a lot of applications, may also be using SQLite 109 00:08:15,940 --> 00:08:18,980 as part of storing data into the mobile device. 110 00:08:19,420 --> 00:08:23,860 So in our case, of course, from what we're seeing here, based on a source code, we are definitely 111 00:08:23,860 --> 00:08:24,380 seeing that. 112 00:08:24,820 --> 00:08:25,230 All right. 113 00:08:25,870 --> 00:08:30,910 So what we will do now is we can actually go back into the Android phone, OK? 114 00:08:31,000 --> 00:08:32,940 And we can click on to part two. 115 00:08:32,950 --> 00:08:38,140 So, again, this is a wonderful application for us to learn all about mobile application penetration 116 00:08:38,140 --> 00:08:38,540 testing. 117 00:08:38,890 --> 00:08:45,040 So in my case, I can enter, for example, against username Loy Yang Kyung and I can enter the password 118 00:08:46,360 --> 00:08:48,470 and I can go ahead and click safe. 119 00:08:48,790 --> 00:08:55,740 So we now have the party credentials saved successfully so I can go back into once again command prompt, 120 00:08:55,990 --> 00:09:03,700 OK, I can go back into the top folder and can enter URLs and we can go into, for example, KDDI databases 121 00:09:05,590 --> 00:09:08,590 and can enter LFS again to look at all the files and folders. 122 00:09:09,070 --> 00:09:13,960 So in our case we can see over here we have IDs to make sure we have IDs too. 123 00:09:14,530 --> 00:09:21,370 So for example, in our case we may have a challenge trying to understand what kind of fall time it 124 00:09:21,370 --> 00:09:27,910 is, because over here we have Devar Notes DB so DOT DB is actually a way for us to view into SQL like 125 00:09:27,910 --> 00:09:28,390 files. 126 00:09:28,420 --> 00:09:34,360 However, because we have IDs too, which does not have an extension, you may be challenging for us 127 00:09:34,360 --> 00:09:36,880 to understand what is the purpose of this file? 128 00:09:37,090 --> 00:09:38,170 What are its functions? 129 00:09:38,170 --> 00:09:39,670 How is it storing data? 130 00:09:40,180 --> 00:09:45,190 So what we can do is to actually enter fall IDs to do so. 131 00:09:45,190 --> 00:09:47,440 Over here we can look at fall IDs too. 132 00:09:47,440 --> 00:09:52,690 So this is data and of course we can also try to download this particular fall and we can also try to 133 00:09:52,690 --> 00:09:54,490 do a cat on it IDs too. 134 00:09:55,060 --> 00:09:59,080 And we can say immediately that this is a sequel like format. 135 00:09:59,240 --> 00:10:02,490 OK, so now we know that this is actually a sequel light fall. 136 00:10:03,010 --> 00:10:10,170 So what we can do next is to actually go into SQLite itself and we can actually enter IDs too. 137 00:10:10,540 --> 00:10:16,870 OK, so once we're in, we're able to view the content inside this particular database so we can enter, 138 00:10:16,870 --> 00:10:18,220 for example, got tables. 139 00:10:18,610 --> 00:10:18,910 All right. 140 00:10:18,920 --> 00:10:25,930 So this will list all the tables that are actually in existence within this particular skill form. 141 00:10:25,960 --> 00:10:26,320 All right. 142 00:10:26,320 --> 00:10:33,070 So this is a light fall idea, too, so we can actually, for example, select all from my user and 143 00:10:33,070 --> 00:10:41,020 remember to put a semicolon and immediately we can find out the username as well as the password. 144 00:10:41,380 --> 00:10:41,680 All right. 145 00:10:41,680 --> 00:10:47,410 So, again, this is another insecure way of storing data inside mobile applications. 146 00:10:47,650 --> 00:10:50,590 And, of course, we can enter quitte to exit SQLite. 147 00:10:52,620 --> 00:10:59,160 And, of course, moving forward onto part three in terms of insecure data storage activity. 148 00:10:59,220 --> 00:11:05,520 So over here once again, because we were able to we were able to reverse engineer the mobile application 149 00:11:05,640 --> 00:11:07,850 and we have our insecure data storage here. 150 00:11:08,130 --> 00:11:10,130 We can actually look at the information. 151 00:11:10,350 --> 00:11:17,000 So over here in this information, we actually have the creation of temporary file so we can see fall 152 00:11:17,010 --> 00:11:18,310 that create 10 fall. 153 00:11:18,390 --> 00:11:21,300 Now we have you in full Colmar top. 154 00:11:22,080 --> 00:11:24,660 This is the instruction file writer. 155 00:11:24,870 --> 00:11:25,230 Right? 156 00:11:25,350 --> 00:11:27,950 So immediately we can find out all these different data. 157 00:11:28,350 --> 00:11:30,060 So we have all these different data points. 158 00:11:30,070 --> 00:11:35,760 So all we got to do is once again go back to Android phone and we can go to pottery. 159 00:11:36,330 --> 00:11:40,000 I can click on pottery and I can enter the once again the username. 160 00:11:40,020 --> 00:11:46,770 So in this case, Loy Yang Yang and I can enter the password again and once you have that running, 161 00:11:46,950 --> 00:11:47,930 click safe. 162 00:11:47,970 --> 00:11:48,270 All right. 163 00:11:48,280 --> 00:11:52,160 So we have Tea Party credentials saved successfully. 164 00:11:52,410 --> 00:11:58,530 So going back into command from where we have the ADB shell again, we can actually try to find out 165 00:11:58,620 --> 00:12:03,450 where is this file so I can do a keg, I get it or else. 166 00:12:03,630 --> 00:12:03,900 All right. 167 00:12:03,900 --> 00:12:08,270 So immediately we can find out there is this you in full fall? 168 00:12:08,490 --> 00:12:10,260 OK, we have this you in full fall. 169 00:12:10,590 --> 00:12:15,560 I can enter L to give us more information about the disk to false. 170 00:12:15,570 --> 00:12:19,140 So of course over here we have a zero eight twenty one. 171 00:12:19,140 --> 00:12:25,640 So this was a file that was created yesterday and we have twenty two dash twenty two. 172 00:12:25,770 --> 00:12:28,350 So this is the file this created today right now. 173 00:12:28,500 --> 00:12:31,170 So I can actually do a cat you info. 174 00:12:33,060 --> 00:12:33,480 All right. 175 00:12:33,480 --> 00:12:35,400 And we have a couple of false options. 176 00:12:35,400 --> 00:12:41,190 So we will select a latest one as part of the Turrill, which is starting from seven five seven and 177 00:12:41,190 --> 00:12:42,630 go ahead and hit enter on that. 178 00:12:43,140 --> 00:12:48,680 And once again, we're able to find this particular file storing all this data. 179 00:12:49,050 --> 00:12:55,830 So another point that you can try it out on is as you enter your physical Android device or your mobile 180 00:12:55,830 --> 00:13:02,010 phone into the computer, do search and try to locate all this kind of files, because some of these 181 00:13:02,010 --> 00:13:08,130 mobile applications do not have secure coding practices and they may expose all this sensitive data 182 00:13:08,460 --> 00:13:10,600 to the mobile device data storage. 183 00:13:10,770 --> 00:13:15,020 So these are very, very dangerous operations and very insecure way of doing coding. 184 00:13:15,810 --> 00:13:23,400 So going back into our platform, which is the final tutorial for today's class, is we have the insecure 185 00:13:23,400 --> 00:13:25,860 data storage for activity class. 186 00:13:26,400 --> 00:13:30,690 And one thing I want to highlight over here is this particular instruction. 187 00:13:30,690 --> 00:13:38,520 So we have over here fall, fall, equal environment, don't get external storage directory. 188 00:13:38,790 --> 00:13:39,150 All right. 189 00:13:39,150 --> 00:13:41,670 So this is getting external storage directory. 190 00:13:42,210 --> 00:13:46,350 So what you're doing is that you're going to store to fall into an external storage. 191 00:13:46,380 --> 00:13:49,650 So in our case, the external storage is going to be an SD card. 192 00:13:49,830 --> 00:13:54,090 OK, so with that in mind, of course, we also have the unfurl information again. 193 00:13:54,540 --> 00:14:01,110 So what we can do is go back to the mobile device, click under insecure data storage platform, and 194 00:14:01,110 --> 00:14:03,780 once again we can enter the party service username. 195 00:14:04,140 --> 00:14:08,070 So in case I can enter once again, Loy Yang and I can enter the password. 196 00:14:09,360 --> 00:14:12,030 And now with that we can go ahead and click safe. 197 00:14:13,200 --> 00:14:18,310 So once I click save, we have the third party credentials so successfully so we manage to complete 198 00:14:18,330 --> 00:14:19,050 construction. 199 00:14:19,350 --> 00:14:24,420 So another tips or advice I can give you is about reading truly instructions. 200 00:14:24,570 --> 00:14:31,230 So all this items have been executed all the way onto over here to party credentials save successfully 201 00:14:31,620 --> 00:14:37,050 Deming's all the instructions before it is has actually completed successfully, which is why we're 202 00:14:37,050 --> 00:14:39,900 able to see to it party credentials saved successfully. 203 00:14:40,140 --> 00:14:43,050 So everything above it has been completed successfully. 204 00:14:43,460 --> 00:14:43,860 All right. 205 00:14:44,190 --> 00:14:48,030 And over here we can again go back into command prompt. 206 00:14:48,240 --> 00:14:53,010 So over here we have the ATP shell running, which is a connection into the mobile device. 207 00:14:53,370 --> 00:14:59,100 So once we have the connection, all we got to do now is KDDI into SD card. 208 00:14:59,100 --> 00:15:04,650 So this is the absolute path that give us access straight into the external storage. 209 00:15:04,650 --> 00:15:08,130 And I can enter URLs to list all the files and folders. 210 00:15:08,550 --> 00:15:12,360 OK, so we of course, over here we have all this different data and information. 211 00:15:12,360 --> 00:15:20,220 So we got alarms, we go download, we got music and so on, so forth so it can enter l a so OK, so 212 00:15:20,220 --> 00:15:21,330 go ahead and enter on debt. 213 00:15:22,020 --> 00:15:25,140 And what you see here is that we have a dot fall. 214 00:15:25,350 --> 00:15:25,610 All right. 215 00:15:25,710 --> 00:15:28,050 So and over here we only have one particular file. 216 00:15:28,060 --> 00:15:30,150 The rest are all the rectories as you can see. 217 00:15:30,150 --> 00:15:36,660 So we have a separate tutorial on Linux about Linux file navigation file system management. 218 00:15:36,660 --> 00:15:41,280 So do check that all as well, especially if you're if you're new to Linux systems. 219 00:15:41,820 --> 00:15:44,260 So we have a DOT you in for TI. 220 00:15:44,310 --> 00:15:51,390 And of course this was just created r d twenty second of August and dot you info. 221 00:15:52,060 --> 00:15:53,540 He's actually a hidden foe. 222 00:15:53,830 --> 00:15:58,550 It's a way of hiding fall from users being able to access this kind of content. 223 00:15:58,840 --> 00:16:05,050 So by entering more commands or more instructions, we'll be able to look into this particular file. 224 00:16:05,050 --> 00:16:10,690 So remember to put a dash L.A. on it so that we can find all this hidden files as well. 225 00:16:10,840 --> 00:16:11,230 All right. 226 00:16:11,500 --> 00:16:15,940 So all we could do is enter Cat Dot you in full, thought he'd enter and debt. 227 00:16:16,180 --> 00:16:20,150 And once again, we're able to find a username as well as the password. 228 00:16:20,710 --> 00:16:25,480 So once again, I hope you have learned something valuable today as part of a mobile application penetration 229 00:16:25,480 --> 00:16:25,840 testing. 230 00:16:26,140 --> 00:16:30,790 So if you have any questions, feel free to put a comment below and I'll try my best to answer any of 231 00:16:30,790 --> 00:16:31,420 your questions. 232 00:16:31,660 --> 00:16:36,070 So I'll give them to, like, share and subscribe to the channel so that you can be kept abreast of 233 00:16:36,070 --> 00:16:37,400 the latest cybersecurity. 234 00:16:37,930 --> 00:16:39,370 Thank you so much once again for watching. 24988