Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds info about extracting apps. Fixes #1238 #1301

Merged
merged 4 commits into from
Jun 7, 2019
Merged

Adds info about extracting apps. Fixes #1238 #1301

Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
5427ba1
Adds info about extracting apps. Fixes #1238
cldrn Jun 6, 2019
1850b93
Removes subtitles that are too deep and rephrases some things.
cldrn Jun 6, 2019
f6ddf15
Fixes checksum notes. They use SHA1/SHA256 instead of MD5
cldrn Jun 6, 2019
9ec18e4
Fixes typo
cldrn Jun 6, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 34 additions & 5 deletions Document/0x05b-Basic-Security_Testing.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -752,15 +752,44 @@ Check the [Termux Wiki](https://wiki.termux.com/wiki/Remote_Access "Termux Remot

#### Obtaining and Extracting Apps

-- ToDo: <https://github.com/OWASP/owasp-mstg/issues/1238>
There are several ways of extracting apk files from a device. You will need to decide which one is the easiest method depending if the app is public or private.

##### App Store
##### Alternative App Stores

##### Recovering the App Package from the Device
One of the easiest option is to download the apk from websites that mirror public applications from the Google Play Store. However, keep in mind that these sites are not offical and there is no guarantee that the application hasn't been repackaged or contain malware. A few reputable websites that host apks and are not known for modifying apps and claim to MD5 checksum the apps are:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hasn't been repackaged or contain malware

Sounds a bit weird (though might be technically correct). How about:

hasn't been repackaged to contain malware

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, there were some cases where they repackaged the application to change the admob id so the revenue went to a different team so not exactly malware there.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another question: do they offer SHA-sums? because md5sums are ... easy to collide on a phone :D


###### From Rooted Devices
- [APKMirror](https://apkmirror.com "APKMirror")
- [APKPure](https://apkpure.com "APKPure")

###### From Non-Rooted Devices
Beware that you do not have control over these sites and you cannot guarantee what they do in the future. Only use them if it's your only option left.

##### Extracting the App Package from the Device

Obtaining app packages from the device is the recommended method as we can guarantee the app hasn't been modified by a third-party.

To obtain applications from a non-rooted device, you could use `adb`. If you don't know the package name, the first step is to list all the applications installed on the device:

```shell
$ adb shell pm list packages
```

Once you have located the package name of the application, you need the full path where it is stored on the system to download it.

```shell
$ adb shell pm path <package name>
```

With the full path to the apk, you can now simply use `adb pull` to extract the apk.

```shell
$ adb pull <apk path>
```

The apk will be downloaded in your working directory.

There are also apps like [APK Extractor](https://play.google.com/store/apps/details?id=com.ext.ui "APK Extractor") that do not require root and can even share the extracted apk via your prefered method. This can be useful if you don't feel like connecting the device or setting up adb over the network to transfer the file.

Both of the methods mentioned previously do not require root, hence, they can be used on rooted and non-rooted devices.

#### Installing Apps

Expand Down