LogoLogo
  • About Me
  • Notes
    • Android Pentesting
      • First Android App
      • ADB
      • The INTERNET Permission
      • Installing Certificate in User Store
      • Installing system certificates
      • Install system certificates on android 14
      • apktool (for patching and decompiling)
      • Advanced Network interception using VPN
      • DNS Spoofing and Transparent Proxy
      • HTTP Mock
      • APK
      • Static analysis
        • Getting APK from a Device
      • Case Study: A Weather App
      • Frida & Objection
      • Frida Scripts
        • Tracing Activities
        • Tracing Fragments
      • Frida Trace
      • SSL Validation Bypasses
Powered by GitBook
On this page

Was this helpful?

  1. Notes
  2. Android Pentesting

Static analysis

PreviousAPKNextGetting APK from a Device

Last updated 2 days ago

Was this helpful?

  • For extracting apk using apktool refer

  • During static analysis keep these things in mind:-

    • Hardcoded secrets in functions.

    • Hardcoded secrets in resource file (strings.xml etc)

    • JNI - Java Native Interface

      • Used to call into native code, commonly used to embedded C or C++ code or libraries into an application

        • Generally these are used in cross platform application.

        • We can identify calls into such functions by the keyword native.

        • Jadx doesn’t let us decompile shared objects (.so files under lib directory) so we will use binary ninja or ghidra for it. We can also use strings command to get a sneak peak into file.

Getting APK from a Device
apktool (for patching and decompiling)