{"id":15053,"date":"2021-07-26T20:21:23","date_gmt":"2021-07-26T14:51:23","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=15053"},"modified":"2021-07-26T20:21:23","modified_gmt":"2021-07-26T14:51:23","slug":"allsafe","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/allsafe\/","title":{"rendered":"Allsafe : Intentionally Vulnerable Android Application"},"content":{"rendered":"\n<p><strong>Allsafe<\/strong> is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable Android apps, this one is less like a CTF and more like a real-life application that uses modern libraries and technologies. Additionally, I have included some Frida based challenges for you to explore. Have fun and happy hacking!<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/t0thkr1s\/allsafe#useful-frida-scripts\"><\/a><strong>Useful Frida Scripts<\/strong><\/p>\n\n\n\n<p>I have my Frida scripts (more like templates) in other repository. I&#8217;m sure they might be quite handy for the Frida related tasks. Check it out:&nbsp;https:\/\/github.com\/t0thkr1s\/frida<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>frida<\/strong><\/p>\n\n\n\n<p>This repository contains various Frida scripts for Android application penetration testing. I created this project to demonstrate the capabilities of the Frida dynamic-analysis framework. You can read my&nbsp;&#8220;Introduction to Frida&#8221;&nbsp;blog post on Medium, where I&#8217;m explaining how to use Frida with Android.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Introduction To Frida<\/strong><\/p>\n\n\n\n<p><em>Frida is a dynamic instrumentation toolkit for developers,<\/em><br><em>reverse-engineers, and security researchers.<\/em><\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\" id=\"3219\"><strong>Project Requirements<\/strong><\/p>\n\n\n\n<p id=\"34c0\">Required tools to follow along:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Java decompiler (JD-GUI)<\/li><li>Android emulator (Genymotion)<\/li><li>Dynamic instrumentation toolkit (Frida)<\/li><\/ul>\n\n\n\n<p id=\"6404\">You\u2019ll need to download 3 files from here:&nbsp;https:\/\/github.com\/frida\/frida\/releases<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Python-frida<\/li><li>Python-frida-tools<\/li><li>Frida-server-android<\/li><\/ul>\n\n\n\n<p id=\"f61c\">Depending on your distribution, you can easily install the first two and their dependencies. As for the frida-server-android, I\u2019m going to walk you through the installation and emulator setup.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\" id=\"032b\"><strong>The Android Application<\/strong><\/p>\n\n\n\n<p id=\"b29a\">I created an Android application just for demonstration and testing purposes. I\u2019m going to use it during the examples, you can download it from here:<\/p>\n\n\n\n<p>https:\/\/github.com\/t0thkr1s\/frida<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Download<\/strong><\/p>\n\n\n\n<p>You can simply clone the repository or head over to the&nbsp;releases&nbsp;page to download the Frida scripts.<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>git clone https:\/\/github.com\/t0thkr1s\/frida<\/strong><\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>Install<\/strong><\/p>\n\n\n\n<p>You must have Frida installed on your system. You can simply do this with<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>pip3 install frida-tools<\/strong><\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Creating A Virtual Device<\/strong><\/p>\n\n\n\n<p>I added a new Genymotion virtual device with Android version 5.0 (API 21).<br>The setup is pretty straightforward just the usual next, next and finish. It\u2019s time to download the&nbsp;<a href=\"https:\/\/github.com\/frida\/frida\/releases\">Frida Server<\/a>&nbsp;for the Android client. Don\u2019t forget to check the correct architecture! Next, we need to upload the server to the emulator. I installed Genymotion in the \/opt directory<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>t0thkr1s@btksoftware:\/opt\/genymobile\/genymotion\/tools$ ls<br>aapt adb glewinfo lib64<\/strong><\/p>\n\n\n\n<p class=\"has-text-align-center\"><strong>Uploading the file<\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>.\/adb push ~\/Downloads\/frida_server \/data\/local\/tmp\/<\/strong><\/p>\n\n\n\n<p class=\"has-text-align-center\"><strong>Changing file permissions<\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>.\/adb shell &#8220;chmod 755 \/data\/local\/tmp\/frida_server&#8221;<\/strong><\/p>\n\n\n\n<p class=\"has-text-align-center\"><strong>Running the server in detached mode<\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>.\/adb shell &#8220;\/data\/local\/tmp\/frida_server &amp;&#8221;<\/strong><\/p>\n\n\n\n<p>Now, the emulator is ready and the server is running!<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Reverse Engineering<\/strong><\/p>\n\n\n\n<p id=\"b483\">In order to understand the inner workings of an application, we need to reverse engineer it. Fortunately, we can restore the java source files easily.<\/p>\n\n\n\n<p id=\"4432\">I\u2019m not going to write about reverse engineering Android apps here, because I already did it in my previous post.<\/p>\n\n\n\n<p id=\"b288\">I have to admit that the reverse engineering of the demo application reveals all the secrets hidden in it. So, in order to make it more realistic let\u2019s suppose the encryption key is generated from the user-provided PIN code which is used to encrypt private data in the app.<\/p>\n\n\n\n<p id=\"6a11\">In this case, brute-forcing the PIN code might be a good solution for compromising the security of the whole app. That\u2019s why you need to choose long and strong PINs.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>PIN Bypass<\/strong><\/p>\n\n\n\n<p id=\"54eb\">Okay, you looked through the reversed source code and you found a method, which checks if the provided PIN is correct or not.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Spoiler: The PIN is in the strings.xml file.<\/p><\/blockquote>\n\n\n\n<p id=\"fd6b\">Most of the time, it\u2019s not that easy\u2026 Let\u2019s suppose, we don\u2019t know the PIN. You found the&nbsp;<em>PinUtil<\/em>&nbsp;class and the&nbsp;<em>boolean<\/em>&nbsp;<em>checkPin(String pin)&nbsp;<\/em>method. This checks the pin and returns true if the pin is correct, otherwise, it returns false.<\/p>\n\n\n\n<p id=\"60dd\">The idea here is that we don\u2019t need to know the pin just return true and we\u2019re in. The following python script does just like that. I wrote a little Javascript code using the Javascript API and hardcoded it in the python script. Basically, it uses the&nbsp;<em>PinUtil\u2019<\/em>s&nbsp;<em>checkPin()<\/em>&nbsp;method and overrides the return value. It\u2019s that easy. Next, you need to specify the package name of the application to attach Frida, then load the script and wait for the log messages.<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>import frida, sys<br>jscode = &#8220;&#8221;&#8221;<br>Java.perform(function() {<br>console.log(&#8220;[ * ] Starting implementation override\u2026&#8221;)<br>var MainActivity = Java.use(&#8220;infosecadventures.fridademo.utils.PinUtil&#8221;);<br>MainActivity.checkPin.implementation = function(pin){<br>console.log(&#8220;[ + ] PIN check successfully bypassed!&#8221;)<br>return true;<br>}<br>});<br>&#8220;&#8221;&#8221;<br>process = frida.get_usb_device().attach(&#8216;infosecadventures.fridademo&#8217;)<br>script = process.create_script(jscode)<br>print(&#8216;[ * ] Running Frida Demo application&#8217;)<br>script.load()<br>sys.stdin.read()<\/strong><\/p>\n\n\n\n<p class=\"has-text-align-center has-black-color has-vivid-green-cyan-background-color has-text-color has-background\"><strong>PIN Brute-force<\/strong><\/p>\n\n\n\n<p id=\"bb55\">Previously, I mentioned that knowing the PIN could be really beneficial. In this example, I going to show you how to brute-force with Frida.<\/p>\n\n\n\n<p id=\"7962\">First, let\u2019s suppose that the&nbsp;<em>PinUtil<\/em>\u2019s&nbsp;<em>checkPin(String pin)<\/em>&nbsp;method is not static. By using&nbsp;<em>Java.choose,&nbsp;<\/em>we can search the memory for a&nbsp;<em>PinUtil<\/em>&nbsp;instance and the&nbsp;<em>onMatch<\/em>&nbsp;is called when the instance is found. Then, we can use that instance\u2019s methodin a loop to test all numbers with a length of 4. This is actually not a time-consuming process. You can even try brute-forcing numbers with a length of 5 and finish in a day depending on the number.<\/p>\n\n\n\n<p id=\"1952\">The&nbsp;<em>PinUtil<\/em>\u2019s class&nbsp;<em>checkPin(String pin)<\/em>&nbsp;function is static. This means that we don\u2019t need to search for the&nbsp;<em>PinUtil<\/em>&nbsp;object in the memory just call the method using the class name. However, I implemented both (static and non-static solution) in the script below. I hope it\u2019s not confusing. The&nbsp;<em>jscode<\/em>&nbsp;variable will be overridden by the second assignment and that will be used.<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"> <strong>import frida, sys<br># For non-static classes<br>jscode = &#8220;&#8221;&#8221;<br>Java.perform(function() {<br>console.log(&#8220;[ * ] Starting PIN Brute-force, please wait\u2026&#8221;);<br>Java.choose(&#8220;infosecadventures.fridademo.utils.PinUtil&#8221;, {<br>onMatch: function(instance) {<br>console.log(&#8220;[ * ] Instance found in memory: &#8221; + instance);<br>for(var i = 1000; i &lt; 9999; i++){<br>if(instance.checkPin(i + &#8220;&#8221;) == true){<br>console.log(&#8220;[ + ] Found correct PIN: &#8221; + i);<br>}<br>}<br>},<br>onComplete: function() { }<br>});<br>});<br>&#8220;&#8221;&#8221;<br># For static classes<br>jscode = &#8220;&#8221;&#8221;<br>Java.perform(function () {<br>console.log(&#8220;[ * ] Starting PIN Brute-force, please wait\u2026&#8221;)<br>var PinUtil = Java.use(&#8220;infosecadventures.fridademo.utils.PinUtil&#8221;);<br>for(var i=1000; i &lt; 9999; i++)<br>{<br>if(PinUtil.checkPin(i+&#8221;&#8221;) == true){<br>console.log(&#8220;[ + ] Found correct PIN: &#8221; + i);<br>}<br>}<br>});<br>&#8220;&#8221;&#8221;<br>process = frida.get_usb_device().attach(&#8216;infosecadventures.fridademo&#8217;)<br>script = process.create_script(jscode)<br>print(&#8216;[ * ] Running Frida Demo application&#8217;)<br>script.load()<br>sys.stdin.read()<\/strong><\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Root Check Bypass<\/strong><\/p>\n\n\n\n<p id=\"5e6d\">I included this example because it\u2019s quite common in banking and other applications to restrict rooted device access. It\u2019s a simple check and very, very similar to the PIN bypass example.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>I encourage you to write the script yourself and check back, when you finished!<\/p><\/blockquote>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\" id=\"f18d\"><strong>Finding The Encryption Key<\/strong><\/p>\n\n\n\n<p id=\"d324\">Now, everything in this script should also be familiar to you. You can log a method\u2019s incoming parameters and return normally. This way, we have the ability to log the encryption key used and also the plain text. Again, the key is hardcoded in the code, but you won\u2019t always be this lucky in real life. Here is how I implemented this:<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>import frida, sys<br>jscode = &#8220;&#8221;&#8221;<br>Java.perform(function() {<br>console.log(&#8220;[ * ] Starting implementation override\u2026&#8221;)<br>var EncryptionUtil = Java.use(&#8220;infosecadventures.fridademo.utils.EncryptionUtil&#8221;);<br>EncryptionUtil.encrypt.implementation = function(key, value){<br>console.log(&#8220;Key: &#8220;);<br>console.log(key);<br>console.log(&#8220;Value: &#8220;);<br>console.log(value);<br>return this.encrypt(key, value);<br>}<br>});<br>&#8220;&#8221;&#8221;<br>process = frida.get_usb_device().attach(&#8216;infosecadventures.fridademo&#8217;)<br>script = process.create_script(jscode)<br>print(&#8216;[ * ] Running Frida Demo application&#8217;)<br>script.load()<br>sys.stdin.read()<\/strong><\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><strong>Tasks \/ Vulnerabilities<\/strong><\/p>\n\n\n\n<p class=\"has-text-align-center\"><strong>Insecure Logging<\/strong><\/p>\n\n\n\n<p>Simple information disclosure vulnerability. Use the&nbsp;<code>logcat<\/code>&nbsp;command-line tool to discover sensitive information.<\/p>\n\n\n\n<h6 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/t0thkr1s\/allsafe#resources--hackerone-reports\"><\/a>Resources &amp; HackerOne Reports:<\/h6>\n\n\n\n<ul class=\"wp-block-list\"><li>Logcat Tool<\/li><li>Coinbase OAuth Response Code Leak<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center\"><strong>Hardcoded Credentials<\/strong><\/p>\n\n\n\n<p>Some credentials are left in the code. Your task is to reverse engineer the app and find sensitive information.<\/p>\n\n\n\n<h6 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/t0thkr1s\/allsafe#resources--hackerone-reports-1\"><\/a>Resources &amp; HackerOne Reports:<\/h6>\n\n\n\n<ul class=\"wp-block-list\"><li>Zomato Hardcoded Credentials<\/li><li>8&#215;8 Hardcoded Credentials<\/li><li>Reverb Hardcoded API Secret<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center\"><strong>Root Detection<\/strong><\/p>\n\n\n\n<p>This is purely for Frida practice. Make the code believe that you device is not rooted!<\/p>\n\n\n\n<p class=\"has-text-align-center\"><strong>Arbitrary Code Execution<\/strong><\/p>\n\n\n\n<p>Loading modules securely with third-party apps are not easy. Write a PoC application and exploit the vulnerability!<\/p>\n\n\n\n<h6 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/t0thkr1s\/allsafe#resources--hackerone-reports-2\"><\/a>Resources &amp; HackerOne Reports:<\/h6>\n\n\n\n<ul class=\"wp-block-list\"><li>Arbitrary Code Execution via Third-Party Package Contexts<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center\"><strong>Secure Flag Bypass<\/strong><\/p>\n\n\n\n<p>Another Frida-based task. No real vulnerability here, just have fun bypassing the secure flag!<\/p>\n\n\n\n<h6 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/t0thkr1s\/allsafe#resources--hackerone-reports-3\"><\/a>Resources &amp; HackerOne Reports:<\/h6>\n\n\n\n<ul class=\"wp-block-list\"><li>Android FLAG_SECURE Reference<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center\"><strong>Certificate Pinning Bypass<\/strong><\/p>\n\n\n\n<p>Certificate pinning is implemented using the OkHttp library. You have to bypass it in order to view the traffic with Burp Suite.<\/p>\n\n\n\n<h6 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/t0thkr1s\/allsafe#resources--hackerone-reports-4\"><\/a>Resources &amp; HackerOne Reports:<\/h6>\n\n\n\n<ul class=\"wp-block-list\"><li>Certificate and Public Key Pinning<\/li><li>Coinbase Vulnerabilities<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center\"><strong>Insecure Broadcast Receiver<\/strong><\/p>\n\n\n\n<p>There&#8217;s a vulnerable broadcast recevier in the application. Trigger it with the correct data and you&#8217;re done!<\/p>\n\n\n\n<h6 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/t0thkr1s\/allsafe#resources--hackerone-reports-5\"><\/a>Resources &amp; HackerOne Reports:<\/h6>\n\n\n\n<ul class=\"wp-block-list\"><li>Android Broadcasts Overview<\/li><li>ok.ru Broadcast Receiver Exploitation<\/li><li>Bitwarden Vulnerable Broadcast Receiver<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center\"><strong>Deep Link Exploitation<\/strong><\/p>\n\n\n\n<p>Similar to the insecure broadcast receiver, you need to provide the right query parameter to complete this task!<\/p>\n\n\n\n<h6 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/t0thkr1s\/allsafe#resources--hackerone-reports-6\"><\/a>Resources &amp; HackerOne Reports:<\/h6>\n\n\n\n<ul class=\"wp-block-list\"><li>Android Deep Linking<\/li><li>Grab Insecure Deep Link<\/li><li>Periscope Deep Link CSRF<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center\"><strong>SQL Injection<\/strong><\/p>\n\n\n\n<p>Just a regular SQL injection that you&#8217;d find in web applications. No need to reverse the code to bypass the login mechanism.<\/p>\n\n\n\n<h6 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/t0thkr1s\/allsafe#resources--hackerone-reports-7\"><\/a>Resources &amp; HackerOne Reports:<\/h6>\n\n\n\n<ul class=\"wp-block-list\"><li>SQL Injection in Content Provider<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center\"><strong>Vulnerable WebView<\/strong><\/p>\n\n\n\n<p>You can also complete this task without decompiling the application. Pop an alert dialog and read files!<\/p>\n\n\n\n<h6 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/t0thkr1s\/allsafe#resources--hackerone-reports-8\"><\/a>Resources &amp; HackerOne Reports:<\/h6>\n\n\n\n<ul class=\"wp-block-list\"><li>ownCloud WebView XSS<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center\"><strong>Smali Patching<\/strong><\/p>\n\n\n\n<p>In this task, you have to modify the execution flow of the application by editing the Smali code. Finally, rebuild and sign the APK!<\/p>\n\n\n\n<h6 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/t0thkr1s\/allsafe#resources--hackerone-reports-9\"><\/a>Resources &amp; HackerOne Reports:<\/h6>\n\n\n\n<ul class=\"wp-block-list\"><li>Uber APK Signer<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center\"><strong>Native Library<\/strong><\/p>\n\n\n\n<p>The application uses a native library that validates the entered password. Reverse engineer the library to find the password then use Frida to hook the native method.<\/p>\n\n\n\n<h6 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/t0thkr1s\/allsafe#resources--hackerone-reports-10\"><\/a>Resources &amp; HackerOne Reports:<\/h6>\n\n\n\n<ul class=\"wp-block-list\"><li>Ghidra<\/li><li>Cutter<\/li><\/ul>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-vivid-cyan-blue-background-color has-background\" href=\"https:\/\/github.com\/t0thkr1s\/allsafe\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable Android apps, this one is less like a CTF and more like a real-life application that uses modern libraries and technologies. Additionally, I have included some Frida based challenges for you to explore. Have fun and happy hacking! Useful Frida Scripts I [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":16979,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/1.bp.blogspot.com\/-BQiGpEN4Ex0\/YPgZKCQ8vPI\/AAAAAAAAKJc\/foXhcJfY0eMWZ8afMyQgkVwqyAEcDPiIgCLcBGAsYHQ\/s380\/ic_launcher_round%2B%25281%2529.png","fifu_image_alt":"Allsafe : Intentionally Vulnerable Android Application","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[133,156,212,3569],"class_list":["post-15053","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-allsafe","tag-android","tag-application","tag-vulnerable"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Allsafe : Intentionally Vulnerable Android Application<\/title>\n<meta name=\"description\" content=\"Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable apps this one is less CTF.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/allsafe\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Allsafe : Intentionally Vulnerable Android Application\" \/>\n<meta property=\"og:description\" content=\"Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable apps this one is less CTF.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/allsafe\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-26T14:51:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/-BQiGpEN4Ex0\/YPgZKCQ8vPI\/AAAAAAAAKJc\/foXhcJfY0eMWZ8afMyQgkVwqyAEcDPiIgCLcBGAsYHQ\/s380\/ic_launcher_round%2B%25281%2529.png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/1.bp.blogspot.com\/-BQiGpEN4Ex0\/YPgZKCQ8vPI\/AAAAAAAAKJc\/foXhcJfY0eMWZ8afMyQgkVwqyAEcDPiIgCLcBGAsYHQ\/s380\/ic_launcher_round%2B%25281%2529.png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/allsafe\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/allsafe\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"Allsafe : Intentionally Vulnerable Android Application\",\"datePublished\":\"2021-07-26T14:51:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/allsafe\/\"},\"wordCount\":1651,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/allsafe\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-BQiGpEN4Ex0\/YPgZKCQ8vPI\/AAAAAAAAKJc\/foXhcJfY0eMWZ8afMyQgkVwqyAEcDPiIgCLcBGAsYHQ\/s380\/ic_launcher_round%2B%25281%2529.png\",\"keywords\":[\"Allsafe\",\"android\",\"Application\",\"Vulnerable\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/allsafe\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/allsafe\/\",\"name\":\"Allsafe : Intentionally Vulnerable Android Application\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/allsafe\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/allsafe\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-BQiGpEN4Ex0\/YPgZKCQ8vPI\/AAAAAAAAKJc\/foXhcJfY0eMWZ8afMyQgkVwqyAEcDPiIgCLcBGAsYHQ\/s380\/ic_launcher_round%2B%25281%2529.png\",\"datePublished\":\"2021-07-26T14:51:23+00:00\",\"description\":\"Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable apps this one is less CTF.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/allsafe\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/allsafe\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/-BQiGpEN4Ex0\/YPgZKCQ8vPI\/AAAAAAAAKJc\/foXhcJfY0eMWZ8afMyQgkVwqyAEcDPiIgCLcBGAsYHQ\/s380\/ic_launcher_round%2B%25281%2529.png\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/-BQiGpEN4Ex0\/YPgZKCQ8vPI\/AAAAAAAAKJc\/foXhcJfY0eMWZ8afMyQgkVwqyAEcDPiIgCLcBGAsYHQ\/s380\/ic_launcher_round%2B%25281%2529.png\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Allsafe : Intentionally Vulnerable Android Application","description":"Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable apps this one is less CTF.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/allsafe\/","og_locale":"en_US","og_type":"article","og_title":"Allsafe : Intentionally Vulnerable Android Application","og_description":"Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable apps this one is less CTF.","og_url":"https:\/\/kalilinuxtutorials.com\/allsafe\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2021-07-26T14:51:23+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/-BQiGpEN4Ex0\/YPgZKCQ8vPI\/AAAAAAAAKJc\/foXhcJfY0eMWZ8afMyQgkVwqyAEcDPiIgCLcBGAsYHQ\/s380\/ic_launcher_round%2B%25281%2529.png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/1.bp.blogspot.com\/-BQiGpEN4Ex0\/YPgZKCQ8vPI\/AAAAAAAAKJc\/foXhcJfY0eMWZ8afMyQgkVwqyAEcDPiIgCLcBGAsYHQ\/s380\/ic_launcher_round%2B%25281%2529.png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/allsafe\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/allsafe\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"Allsafe : Intentionally Vulnerable Android Application","datePublished":"2021-07-26T14:51:23+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/allsafe\/"},"wordCount":1651,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/allsafe\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-BQiGpEN4Ex0\/YPgZKCQ8vPI\/AAAAAAAAKJc\/foXhcJfY0eMWZ8afMyQgkVwqyAEcDPiIgCLcBGAsYHQ\/s380\/ic_launcher_round%2B%25281%2529.png","keywords":["Allsafe","android","Application","Vulnerable"],"articleSection":["Kali Linux"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/allsafe\/","url":"https:\/\/kalilinuxtutorials.com\/allsafe\/","name":"Allsafe : Intentionally Vulnerable Android Application","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/allsafe\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/allsafe\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-BQiGpEN4Ex0\/YPgZKCQ8vPI\/AAAAAAAAKJc\/foXhcJfY0eMWZ8afMyQgkVwqyAEcDPiIgCLcBGAsYHQ\/s380\/ic_launcher_round%2B%25281%2529.png","datePublished":"2021-07-26T14:51:23+00:00","description":"Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable apps this one is less CTF.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/allsafe\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/allsafe\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/-BQiGpEN4Ex0\/YPgZKCQ8vPI\/AAAAAAAAKJc\/foXhcJfY0eMWZ8afMyQgkVwqyAEcDPiIgCLcBGAsYHQ\/s380\/ic_launcher_round%2B%25281%2529.png","contentUrl":"https:\/\/1.bp.blogspot.com\/-BQiGpEN4Ex0\/YPgZKCQ8vPI\/AAAAAAAAKJc\/foXhcJfY0eMWZ8afMyQgkVwqyAEcDPiIgCLcBGAsYHQ\/s380\/ic_launcher_round%2B%25281%2529.png"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/1.bp.blogspot.com\/-BQiGpEN4Ex0\/YPgZKCQ8vPI\/AAAAAAAAKJc\/foXhcJfY0eMWZ8afMyQgkVwqyAEcDPiIgCLcBGAsYHQ\/s380\/ic_launcher_round%2B%25281%2529.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":6341,"url":"https:\/\/kalilinuxtutorials.com\/evabs-open-source-android-application-vulnerable\/","url_meta":{"origin":15053,"position":0},"title":"EVABS : An Open Source Android Application That Is Intentionally Vulnerable","author":"R K","date":"August 29, 2019","format":false,"excerpt":"EVABS is an open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners. The effort is to introduce beginners with very limited or zero knowledge to some of the major and commonly found real-world based Android application vulnerabilities in\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":11749,"url":"https:\/\/kalilinuxtutorials.com\/awesome-android-security\/","url_meta":{"origin":15053,"position":1},"title":"Awesome Android Security","author":"R K","date":"November 4, 2020","format":false,"excerpt":"A curated list of Android Security materials and resources For Pentesters and Bug Hunters. Blog AAPG - Android application penetration testing guideTikTok: three persistent arbitrary code executions and one theft of arbitrary filesPersistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC - CVE-2020-8913Android: Access\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":32497,"url":"https:\/\/kalilinuxtutorials.com\/resources-for-mobile-application-testing\/","url_meta":{"origin":15053,"position":2},"title":"Resources For Mobile Application Testing &#8211; A Comprehensive Guide To Tools, Techniques, And Vulnerabilities","author":"Varshini","date":"April 8, 2024","format":false,"excerpt":"In the rapidly evolving world of mobile technology, ensuring the security and reliability of applications is paramount. This comprehensive guide offers an extensive collection of resources for mobile application testing, covering everything from vulnerability analysis to penetration testing techniques. Dive into a curated list of blogs, tools, labs, and courses\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh46S2XfnGIjDh_HcKkk29VHmnM-ygjBjCZPC54yNHJjzF2bjPra4bFJ8jkogW4MAQFMCbfJdENuzm77osKRNQSC3pHqn5xOPZ0RJrWiIG527v6g4MqNB_l6MuLjEsoMiKN28NQ-J574bZNHGjDO8hPy5ZZhH5o3UNWEv6bJHfUodrU42L_HsoP1-HQykyp\/s16000\/Untitled%20design%20%285%29.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh46S2XfnGIjDh_HcKkk29VHmnM-ygjBjCZPC54yNHJjzF2bjPra4bFJ8jkogW4MAQFMCbfJdENuzm77osKRNQSC3pHqn5xOPZ0RJrWiIG527v6g4MqNB_l6MuLjEsoMiKN28NQ-J574bZNHGjDO8hPy5ZZhH5o3UNWEv6bJHfUodrU42L_HsoP1-HQykyp\/s16000\/Untitled%20design%20%285%29.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh46S2XfnGIjDh_HcKkk29VHmnM-ygjBjCZPC54yNHJjzF2bjPra4bFJ8jkogW4MAQFMCbfJdENuzm77osKRNQSC3pHqn5xOPZ0RJrWiIG527v6g4MqNB_l6MuLjEsoMiKN28NQ-J574bZNHGjDO8hPy5ZZhH5o3UNWEv6bJHfUodrU42L_HsoP1-HQykyp\/s16000\/Untitled%20design%20%285%29.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh46S2XfnGIjDh_HcKkk29VHmnM-ygjBjCZPC54yNHJjzF2bjPra4bFJ8jkogW4MAQFMCbfJdENuzm77osKRNQSC3pHqn5xOPZ0RJrWiIG527v6g4MqNB_l6MuLjEsoMiKN28NQ-J574bZNHGjDO8hPy5ZZhH5o3UNWEv6bJHfUodrU42L_HsoP1-HQykyp\/s16000\/Untitled%20design%20%285%29.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh46S2XfnGIjDh_HcKkk29VHmnM-ygjBjCZPC54yNHJjzF2bjPra4bFJ8jkogW4MAQFMCbfJdENuzm77osKRNQSC3pHqn5xOPZ0RJrWiIG527v6g4MqNB_l6MuLjEsoMiKN28NQ-J574bZNHGjDO8hPy5ZZhH5o3UNWEv6bJHfUodrU42L_HsoP1-HQykyp\/s16000\/Untitled%20design%20%285%29.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh46S2XfnGIjDh_HcKkk29VHmnM-ygjBjCZPC54yNHJjzF2bjPra4bFJ8jkogW4MAQFMCbfJdENuzm77osKRNQSC3pHqn5xOPZ0RJrWiIG527v6g4MqNB_l6MuLjEsoMiKN28NQ-J574bZNHGjDO8hPy5ZZhH5o3UNWEv6bJHfUodrU42L_HsoP1-HQykyp\/s16000\/Untitled%20design%20%285%29.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":14345,"url":"https:\/\/kalilinuxtutorials.com\/frida-dexdump-fast-search-and-dump-dex-on-memory\/","url_meta":{"origin":15053,"position":3},"title":"FRIDA-DEXDump : Fast Search And Dump Dex On Memory","author":"R K","date":"July 10, 2021","format":false,"excerpt":"FRIDA-DEXDump is a tool for Fast Search And Dump Dex On Memory. Features support fuzzy search broken header dex.fix struct data of dex-header.compatible with all android version(frida supported).support loading as objection plugin ~pypi package has been released ~ Requires frida:\u00a0pip install frida[optional]\u00a0click\u00a0pip install click Installation From pypi pip3 install frida-dexdumpfrida-dexdump\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1034,"url":"https:\/\/kalilinuxtutorials.com\/androl4b\/","url_meta":{"origin":15053,"position":4},"title":"A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis &#8211; AndroL4b","author":"R K","date":"April 27, 2018","format":false,"excerpt":"AndroL4b is an android security virtual machine in view of ubuntu-mate incorporates the accumulation of most recent framework, instructional exercises and labs from various security nerds and researchers for figuring out and malware analysis. What's new in Androl4b v.3? Tools are updated New tools and lab included Upgraded to Ubuntu\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"AndroL4b","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/04\/button_download.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":25735,"url":"https:\/\/kalilinuxtutorials.com\/frida-ios-hook\/","url_meta":{"origin":15053,"position":5},"title":"Frida-Ios-Hook\u00a0: A Tool That Helps You Easy Trace Classes, Functions, And Modify The Return Values","author":"R K","date":"June 30, 2022","format":false,"excerpt":"Frida-Ios-Hook, a tool that helps you can easy using frida. It support script for trace classes, functions, and modify the return values of methods on iOS platform. Env OS Support OSSupportedNotedMacOS\u2705mainLinux\u2705subWindows\u2705sub Compatible with iOSFridaSupported13.2.314.2.13\u270514.4.214.2.13\u270514.4.215.0.18\u2705 Feature Running with python3.x Support both spawn & attach script to process. [+] Options:-p(--package) Identifier of\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhxlvRJBX_KQ71xQ55u87N8l0zVhr2VMEnfJUWkrMxsLn1nnNjW1ih2BTPBXXwntzZJNDu-oqsO0f3QGHSeUOCZY_3-BMBkf8ZcMWOrcJv4TuFnx3rqS11cvz5yJ3TE_jta_ET4v5E1y34mgkhpJ_E3ZTm2bSiLSJmCJpyZWk1YQJgozr3LSu2QXOfw\/s728\/frida-ios-hook_1-753478%20%281%29.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhxlvRJBX_KQ71xQ55u87N8l0zVhr2VMEnfJUWkrMxsLn1nnNjW1ih2BTPBXXwntzZJNDu-oqsO0f3QGHSeUOCZY_3-BMBkf8ZcMWOrcJv4TuFnx3rqS11cvz5yJ3TE_jta_ET4v5E1y34mgkhpJ_E3ZTm2bSiLSJmCJpyZWk1YQJgozr3LSu2QXOfw\/s728\/frida-ios-hook_1-753478%20%281%29.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhxlvRJBX_KQ71xQ55u87N8l0zVhr2VMEnfJUWkrMxsLn1nnNjW1ih2BTPBXXwntzZJNDu-oqsO0f3QGHSeUOCZY_3-BMBkf8ZcMWOrcJv4TuFnx3rqS11cvz5yJ3TE_jta_ET4v5E1y34mgkhpJ_E3ZTm2bSiLSJmCJpyZWk1YQJgozr3LSu2QXOfw\/s728\/frida-ios-hook_1-753478%20%281%29.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhxlvRJBX_KQ71xQ55u87N8l0zVhr2VMEnfJUWkrMxsLn1nnNjW1ih2BTPBXXwntzZJNDu-oqsO0f3QGHSeUOCZY_3-BMBkf8ZcMWOrcJv4TuFnx3rqS11cvz5yJ3TE_jta_ET4v5E1y34mgkhpJ_E3ZTm2bSiLSJmCJpyZWk1YQJgozr3LSu2QXOfw\/s728\/frida-ios-hook_1-753478%20%281%29.png?resize=700%2C400&ssl=1 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/15053","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=15053"}],"version-history":[{"count":0,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/15053\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/16979"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=15053"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=15053"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=15053"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}