Pentest & Bug Bounty Resources and Techniques
  • Pentest & Bug Bounty Resources and Techniques
    • Introduction
    • Tests Checklist
    • OSINT
    • Communications Security
      • SSL/TLS
    • Networking
      • Subdomains Discovery
        • DNS & OSINT
        • DNS Brute force
          • Second DNS Brute-Force Round
      • Subdomain Takeover
      • Network Host Scan/Discovery
        • External/Internal
        • Internal only
      • Network Vulnerability Scanning
      • Network Hacking
      • Parsing
      • Reporting
    • Brute Force
      • Wordlists
      • Databases
      • SSH
    • Web
      • Endpoint Discovery
      • Infrastructure & Configuration
        • Headers
        • WAF Detection/ Evasion
      • Injection
        • GraphQL
        • Cross-Site Scripting (XSS)
        • SQL Injection
        • Payloads
      • SSRF & XXE
        • Labs & Resources
        • Tools
        • SVG SSRF Cheatsheet
        • XXE - XEE - XML External Entity
      • JWT Vulnerabilities (Json Web Tokens)
      • HTTP/S DoS
    • Mobile
      • Both
        • SAST
          • MobSF
        • DAST
          • Installing Frida and Objection
      • Android
        • Create a Lab
          • Rooting Android Emulator
          • Rooting Android Emulator Cheat Sheet
        • APK Certificates
        • SAST
          • APKs
            • Get Information from APK
            • GDA (GJoy Dex Analysizer)
            • Scanning APK for URIs, endpoints & secrets
            • Google Maps API Scanner
        • DAST
          • Rooting the Android Studio AVDs
          • non-Rooted devices
            • Bypass SSL Pinning - non-rooted devices
              • Method 1: apk-mitm
              • Instrumentation with Frida and Objection
                • Bypass SSL Pinning - Method 2: With Objection Explore
                • Bypass SSL Pinning - Method 3: With root_bypass.js
          • Rooted Devices
            • Run frida-server in the emulator or device
            • Inject Frida
            • Bypass SSL Pinning - rooted devices
              • Install Burp CA as a system-level CA on the device
      • iOS
        • SAST
          • Building a reverse iOS engineering environment for free
          • Test Vulnerabilities
  • Lets Practice
    • Virtual Machines
    • Vulnerable App
    • Guided Labs
    • CTFs
  • Group 1
    • AI
Powered by GitBook
On this page
  • Get Min SDK
  • Janus Test
  1. Pentest & Bug Bounty Resources and Techniques
  2. Mobile
  3. Android
  4. SAST
  5. APKs

Get Information from APK

PreviousAPKsNextGDA (GJoy Dex Analysizer)

Last updated 3 years ago

Get Min SDK

Use to find the minimum android version on which can run the application

apk=app-android; apktool -s d ${apk}.apk && cat ${apk}/apktool.yml | grep minSdk

Janus Test

Janus vulnerability comes from the possibility to add extra bytes to APK files and to DEX files.

  • In brief, Application that are signed only with v1 when installed on devices having android version(5.0–8.0) are vulnerable to Janus Vulnerability.

  • Application that are signed with v1 and also v2, v3 or both when installed on devices having android version(5.0–7.0) are vulnerable to Janus Vulnerability.

  • To exploit this vulnerability we need to have a device running vulnerable version of android and android patch level should be less then 2017 December 01.

apksigner verify --verbose <APK NAME>.apk

Codenames, Tags, and Build Numbers:

View more in

Use tool to find the signature schemes used by the application:

https://source.android.com/setup/start/build-numbers
https://medium.com/mobis3c/exploiting-apps-vulnerable-to-janus-cve-2017-13156-8d52c983b4e0
apksigner
apktool