Skip to content

Instantly share code, notes, and snippets.

View ed-george's full-sized avatar
🌍
Working remotely...

Ed Holloway-George ed-george

🌍
Working remotely...
View GitHub Profile
@ed-george
ed-george / gradle-wrapper-verify.sh
Created July 1, 2023 15:07
Verify your Gradle Wrapper's integrity
#!/bin/zsh
# This script will verify your gradle-wrapper.jar
# file's integrity for your project's Gradle version
# For more info, see:
# https://docs.gradle.org/current/userguide/gradle_wrapper.html#manually_verifying_the_gradle_wrapper_jar
#
# Usage: ./gradle-wrapper-verify.sh
# Use within $PROJ_ROOT/gradle/wrapper folder
@ed-george
ed-george / trackSynthetics.sh
Created August 19, 2022 12:27
A simple bash script to see how your projects Synthetics usage has changed over time
#! /bin/bash
# To use:
# Copy this file to the root of your Android Project
# chmod +x trackSynthetics.sh
# ./trackSynthetics.sh | tee results.csv
# Open CSV file in your choice of spreadsheet software
start=2022-02-23 # Date to start tracking
end=2022-08-19 # Date to end tracking
@ed-george
ed-george / Example5.kt
Created June 4, 2022 00:11
Unpacking Android Security: Part 2 - Insecure Data Storage (Example 5)
val Context.dataStore by preferencesDataStore(name = "insecure-data-store")
val pref1 = stringPreferencesKey("example_pref")
val pref2 = stringPreferencesKey("example_pref_2")
dataStore.edit { settings ->
settings[pref1] = "My 1st Pref"
settings[pref2] = "My 2nd Pref"
}
@ed-george
ed-george / Example4.kt
Created June 4, 2022 00:10
Unpacking Android Security: Part 2 - Insecure Data Storage (Example 4)
// Use a user-entered passphrase to encrypt/decrypt
val passPhrase: ByteArray = "password".encodeToByteArray()
val sqlCipherSupportFactory: SupportSQLiteOpenHelper.Factory = SupportFactory(passPhrase)
val database = Room.databaseBuilder(
applicationContext,
YourRoomDatabase::class.java,
"secure-database")
.openHelperFactory(sqlCipherSupportFactory)
.build()
@ed-george
ed-george / Example3.xml
Created June 4, 2022 00:08
Unpacking Android Security: Part 2 - Insecure Data Storage (Example 3)
<map>
<string name="ARTYCGdkOdwAqjLCjWdsepYfbO+lJzJFFrHIta8JSE0=">ASTonpk6n1buL/VN6mB/S95HNcyHzvFp5qbcpkJMjSQbqRkzO3HWe5KKcP6eTwtzIFamU3Ag</string>
<string name="__androidx_security_crypto_encrypted_prefs_key_keyset__">12a90155259183605a12481ccf406838afc98126862109cc5e083185fe7259a052ccb4d1f859ac62ee1ab624f4b35df36c53a23c24547ee322aacc4526a654fd99e9997c0e6bf389b3bf2706a2e29b63d99a1e74535d68457fda16f04e706f127ca09c01622e26db72339720e814af1d6533efc8705eb8a073fa4e5afb2dbfb9446eaa27801942e0c8a8462ff6aed86738f500cdb77655294549810c2cfbe011b4c3900e3504eb3947502c7c1a4408e790e0a601123c0a30747970652e676f6f676c65617069732e636f6d2f676f6f676c652e63727970746f2e74696e6b2e4165735369764b6579100118e790e0a6012001</string>
<string name="__androidx_security_crypto_encrypted_prefs_value_keyset__">128801700a3e737db7b3f8385be4aea6f74fbb844b86532055fa99032c67df4c5a5543e799dd9a621013ba716749b3decef994896914cea1d8dbf25fc13e6a7c6f19a0488dbd4a339642f4bfc4ad82fe1b27b4d4ca0a79c55e57354389f7c2e115af8c0d6f8fff0093299c2481a6cf25b5
@ed-george
ed-george / Example2.kt
Created June 4, 2022 00:07
Unpacking Android Security: Part 2 - Insecure Data Storage (Example 2)
val masterKey = MasterKey.Builder(this)
.setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
.build()
EncryptedSharedPreferences.create(this, "myEncryptedPrefsFile", masterKey, PrefKeyEncryptionScheme.AES256_SIV, PrefValueEncryptionScheme.AES256_GCM).edit {
putString("mySecretKey", "mySecretValue")
}
@ed-george
ed-george / Example1.kt
Created June 4, 2022 00:05
Unpacking Android Security: Part 2 - Insecure Data Storage (Example 1)
val prefs = context?.getSharedPreferences("mySharedPrefFile", Context.MODE_PRIVATE) ?: return
// Store some credentials we might not want others to read
prefs.edit().putString("mySecretKey", "mySecretValue").apply()
@ed-george
ed-george / AndroidManifest.xml
Created January 27, 2022 18:09
Unpicking Android Security: Part 1  -  Improper Platform Usage (Example 3)
<!-- In the main application -->
<permission android:name="dev.spght.permission.example.MY_PERMISSION"
android:protectionLevel="signature"
android:label="A custom permission" />
<!-- In the secondary application -->
<uses-permission android:name="dev.spght.permission.example.MY_PERMISSION"/>
@ed-george
ed-george / adb.sh
Created January 27, 2022 18:07
Unpicking Android Security: Part 1  -  Improper Platform Usage (Example 2)
adb shell am start -n dev.spght.owasp/dev.spght.owasp.home.MainActivity
@ed-george
ed-george / AndroidManifest.xml
Created January 27, 2022 18:05
Unpicking Android Security: Part 1  -  Improper Platform Usage (Example 1)
<activity
android:name=".login.LoginActivity"
android:exported="true">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<activity