Skip to content

kastorcode/spacepeng-trainer-frida-examples

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 

Repository files navigation

SpacePeng Trainer and Frida Toolkit Examples

👷 Written by Matheus Ramalho de Oliveira
🔨 Brazilian Software Engineer
🏡 Goiânia, Goiás, Brasil
✉️ [email protected]
👍 instagram.com/kastorcode


SpacePeng is a small but fun Android space shooter game. Frida is a dynamic instrumentation toolkit for developers, reverse-engineers and security researchers. Written during the course Android App Hacking - Black Belt Edition.


🧰 Tools used

Apps used in scripts: de.fgerbig.spacepeng, com.apphacking.cfuncfrida, com.apphacking.ndkfrida
Androguard
Android Studio
Burp Suite
dex2jar
Frida
Ghidra
jadx
objection - Runtime Mobile Exploration
Visual Studio Code
Wireshark


🗓️ Roadmap

  • Installation and Setup
  • Bluetooth Low Energy Furby App Hacking
  • Android App Structure
  • Decompiling APK
  • Android Manifest XML and App Permissions
  • Hacking Activities, Intents, BroadcastReceiver, Services and ContentProvider
  • SQL Injection, SQL Permission Bypass and Path Traversal Attack in ContentProvider
  • Application Signing and Bluebox Master Key Vulnerability
  • Reverse Engineering Android Apps
  • Creating a CallGraph and FlowGraph in Androguard
  • Challenge: Password Decryption
  • Smali Introduction and Patching
  • Dalvik Opcodes
  • Rooting Detection Bypass
  • Man in the Middle
  • ARP - Address Resolution Protocol
  • HTTPS Technical View
  • Certificate Pinning Patching Certificate and Fingerprint
  • Certificate Pinning Bypass with Objection
  • Frida Observing and Modifying Function Parameters
  • Frida Hooking a Constructor and Calling a Method
  • Frida Manipulating UI Thread and Writing a Trainer
  • Frida Hooking the Native Development Kit (NDK)
  • Reversing C Functions in Ghidra
  • Hooking C Functions in Frida

<kastor.code/>