Skip to content

Instantly share code, notes, and snippets.

Avatar
🏠
Working from home

Ryan Welton Fuzion24

🏠
Working from home
View GitHub Profile
@Fuzion24
Fuzion24 / AndroidManifest.xml
Created May 6, 2012
Code that will install and remove apks from an Android device without user interaction
View AndroidManifest.xml
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.packagemanager.poc"
android:versionCode="1"
android:versionName="1.0" >
<uses-sdk android:minSdkVersion="8" />
<uses-permission android:name="android.permission.INSTALL_PACKAGES" />
<uses-permission android:name="android.permission.DELETE_PACKAGES" />
@Fuzion24
Fuzion24 / Description
Created May 6, 2012
Android Reversing - Showing an uber basic conditional patch
View Description
Running apktool d APKNAME.apk will result in output that can be modified and later repackaged and ran.
isRegistered() is hardcoded to return false.
Changing
const/4 v0, 0x0
to
const/4 v0, 0x1
will cause isRegistered to ALWAYS return true. Thus always telling the application that it is registered.
@Fuzion24
Fuzion24 / RootChecker.java
Last active May 27, 2016
A few different mechanisms to check for root on an Android device
View RootChecker.java
package com.test.rootchecker;
import java.io.File;
import java.util.List;
import java.util.Map;
import android.content.Context;
import android.content.pm.ApplicationInfo;
public class RootChecker {
@Fuzion24
Fuzion24 / Readme.md
Last active Oct 11, 2017
O-LLVM + Kryptonite Obfuscation with Android NDK
View Readme.md

O-LLVM + Overclok's Kryptonite Obfuscation with Android NDK.

View sock_diag.c
/*
* CVE-2013-1763 SOCK_DIAG bug in kernel 3.3-3.8
*
* Ported by fuzion24
*
* Tested on Nexus 4
* cshell@mako:/ $ cat /proc/version
* Linux version 3.4.0-perf-gf43c3d9 (android-build@vpbs1.mtv.corp.google.com) (gcc version 4.6.x-google 20120106 (prerelease) (GCC) ) #1 SMP PREEMPT Mon Jun 17 16:55:05 PDT 2013
* shell@mako:/data/local/tmp $ ./diag_sock_exploit
* Sock diag handlers c11d8048
View AndroidManifestFuzzer
#!/bin/bash
#Basic set up for an Application AndroidManifest Fuzzer
#this requires a preexisting ant buildable application project to be set up! so get the SDK and ant1.8
#this file reproduces the bug mentioned here http://ibrahimbalic.com/2014/android-os-memory-corruption-bug/
#NOTE: values from 260000 and up cause SIGSEGvs to be sent to the system_server (test on KitKat 4.4.2)
#NOTE: you should probably monitor $(adb logcat)||(/system/bin/gdbserver) for responsiveness to the issue
APP_PROJ_DIR="..." #<-- PATH TO PROJ DIR
APP_PACKAGE_NAME="..." #<-- PACKAGE NAME
APP_LAUNCH_COMP="..." # <--- MAIN ACTIVITY NAME
@Fuzion24
Fuzion24 / MainActivity.java
Last active Aug 29, 2015
Nexus 5 Local DOS - Reboots Phone with zero permissions
View MainActivity.java
package com.nexus5.dos;
import android.content.Intent;
import android.support.v7.app.ActionBarActivity;
import android.os.Bundle;
import android.view.Menu;
import android.view.MenuItem;
import android.view.View;
import android.widget.Button;
public class MainActivity extends ActionBarActivity {
@Fuzion24
Fuzion24 / Install.md
Last active Aug 29, 2015
A simple file server to serve up an APK
View Install.md
wget https://gist.githubusercontent.com/Fuzion24/6dd7552a1c594911416f/raw/server.rb
wget https://s3.amazonaws.com/uploads.hipchat.com/35420/441986/5xRGtuTBdBnuisN/twitter.apk
gem install sinatra --no-rdoc
ruby server.rb ./twitter.apk