My final project for the internship! I re-wrote a script that I wrote earlier which searched for secret codes. This new script will do the same thing, but much faster. Secret codes are unique to each application, and they are listed in the app's AndroidManifest.XML file. A secret code can be typed in to an android phone's dialer to open a secret menu for an app. These menus usually just give access to some tools developers can test, but they can also be security risks if a menu is left enabled that should not be (like this). In my previous script, I had pulled off every single app in its entirety, decompiling each with APKTool for its manifest. This new script however pushes busybox to the phone and uses it to extract ONLY the AndroidManifext.XML file from each app. The issue with this approach is that if the AndroidManifest.XML file is simply unzipped, it is not readable by most programs since it is actually in a binary XML format that android uses. This was not the case before since APKTool decompiled it and made it into regular XML (the issue with this approach being that it is mind-numbingly slow). To deal with this, I found a program called aapt that google made which will output the contents of the manifest, but only if it is in a .APK archive (the standard app format). Thus, in order to read the manifest, my script zips the manifest back up as a placeholder app named test.apk and then uses aapt to output the contents of the manifest in the placeholder app. It is then a simple task of searching through the output of aapt for android_secret_code tags and printing their corresponding codes. Here is the script:
By doing all of this roundabout work, my script avoids downloading hundreds of apps from a phone which is time consuming, and it also avoids parsing through an entire app for just the manifest, which is also time consuming. The really cool part is that my brother said that because it is so fast, we are going to fix it up a bit and put it in the security testing suite that his company uses!
No comments:
Post a Comment