search

Get Information from APK

hashtag
Get Min SDK

Use apktoolarrow-up-right to find the minimum android version on which can run the application

apk=app-android; apktool -s d ${apk}.apk && cat ${apk}/apktool.yml | grep minSdk
circle-info

Codenames, Tags, and Build Numbers: https://source.android.com/setup/start/build-numbersarrow-up-right

hashtag
Janus Test

Janus vulnerability comes from the possibility to add extra bytes to APK files and to DEX files.

  • In brief, Application that are signed only with v1 when installed on devices having android version(5.0–8.0) are vulnerable to Janus Vulnerability.

  • Application that are signed with v1 and also v2, v3 or both when installed on devices having android version(5.0–7.0) are vulnerable to Janus Vulnerability.

  • To exploit this vulnerability we need to have a device running vulnerable version of android and android patch level should be less then 2017 December 01.

circle-info

View more in https://medium.com/mobis3c/exploiting-apps-vulnerable-to-janus-cve-2017-13156-8d52c983b4e0arrow-up-right

Use apksignerarrow-up-right tool to find the signature schemes used by the application:

PreviousAPKsNextGDA (GJoy Dex Analysizer)

Last updated