Upcoming blogpost:
- Setting up our mobile vulnerability research lab - Current Page
- Dynamic analysis and Reverse Engineering – Finding the Bugs
- Abusing Info Leaks to bypass ASLR
- Exploit Stack Overflow
These article series are specifically created to teach beginners the basics of a difficult topic and learn the little tricks on an Android device to achieve a reverse shell while exploiting memory corruption on an Android Native Library.
In the articles we will focus on Armv7, which are typical older phones but during the Paid Courses of Mobile Hacking Lab and the integrated Corellium lab environment we focus only on arm64, which is the architecture of newer devices.
The reason we published the app for Armv7 is because this can be done in a home lab environment with an Android Armv7 Emulator on a x86_64 machine. This will allow more people to enjoy this free material! So let setup our lab environment!
The first step of doing vulnerability research starts always with setting up a lab environment. To follow along with the series about Damn Exploitable Android app we will setup a lab environment which allows us to debug the binary and do dynamic analysis and reverse engineering.
For all our trainings and articles, we have created special VM with the necessary tools install for you. This will help you to focus on the actual content and learning instead of installing a bunch of tools. Once you have learned how to use them, you can always setup your own custom machine.
Import of the OVA file is simple, just double click on the file and Virtual Box should already show an import screen. Press the “import” button to import the VM.
Once you imported the VM you can now find it in the list of your other VM’s. Double click to run our VM.
Make sure to install the VBox Extension Pack for your version of Virtual Box.
-
Extract the .utm file from the zip archive.
- Import the VM (file: MHL_Ubuntu-Emulated-Fuzzing-arm64.utm) in UTM
Now that we have our VM with all the necessary tools we need to create an Android Emulator to run Damn Exploitable Android App. For this we can use the Android Studio AVD Manager to download and create specific emulators, in this case an Armv7 Emulator.
Now that we have our Android Studio downloaded, we can start downloading our Android Image and create a device.
Open Android Studio and in the main menu click the 3 dots to show the menu seen in the screenshot below and click on “Virtual Device Manager”.
On the next screen click the “Create Device” button.
Choose the Pixel 3a Phone and click “next” as seen on the screenshot below
On this screen make sure to click the “Other Images” as seen on the image and select the correct device, this is import!
Make sure to have to following configuration:
- Nougat
- API Level 25
- Armabi-v7a
- Android 7.1.1
Click the Download link and once the downloading is done click “next”
Running your new Emulator can be done from the main menu by again going to our “Virtual Device Manager”.
You should see our Pixel 3a API 25 Device. Press the play button to start the device!
NOTE: You will see an error that this device is slow, and the user interface will be very slow indeed, but we won’t need the user interface. Beside that, it will take quite some time to fully boot the device.
Be patient and don’t touch the device!
Now that the device is running, also even during bootup it is possible to get shell access to the device by using “adb” which comes with Android Studio.
See the list of devices connected:
“adb devices”
Use the following command to see if we can already shell into the device, this is possible while the device is booting!
“adb shell”
Now that we have our environment ready the last thing we need to do is make that the Damn Exploitable Android App is install on our Android Emulator.
To do this we can use the following command:
“adb install app-debug.apk”
Running the app can be done using the following command but make sure the Device is fully booted up!
“adb shell am start com.example.mynativetest/.MainActivity”
Now you should see the app running on our Android Emulator.
Today, we have successfully established our lab environment, enabling interaction with a specifically designed Android App built for Armv7 processors. We've effectively downloaded and installed the Virtual Machine (VM), complete with all the necessary tools needed for the subsequent articles we'll be exploring.
Next Article:
- Dynamic analysis and Reverse Engineering – Finding the Bugs- Abusing Info Leaks to bypass ASLR
- Exploit Stack Overflow
In addition, we've set up a device that can support the operation of the Damn Exploitable Android app. In our forthcoming article, titled "Dynamic Analysis and Reverse Engineering – Identifying the Bugs", we will concentrate our efforts on conducting dynamic analysis and reverse engineering. Our main goal is to pinpoint potential areas of interest, specifically focusing on the app's native components.
Stay tuned for this deep dive as we unravel possible targets to focus on, leveraging these tools to expose vulnerabilities and learn how to build an exploit for an Android Device running on an Armv7 Processor.
Want to learn how do this on our cutting edge platform and running for Android 13 running on Arm64 without setting up a lab?Check out our training: https://www.mobilehackinglab.com/course/android-userland-fuzzing-and-exploitation 
