Dynamic Code Analysis

NotesList LAB

LAB Topics
Dynamic Code Analysis

© Caendra Inc. 2017 | MASPTv2.5 | Dynamic Code Analysis 1

 SCENARIO
Your mobile security manager wants to ensure that interacting with an application through
ADB is part of you skillset. So, he tasked you with interacting with the NoteList application
using only ADB commands.

You are allowed to use all the tools in your toolkit to extract critical application information.
In addition, you are allowed to perform both static and dynamic code analysis activities.
Remember, any dynamic code analysis activities should be performed through ADB
commands only.

LAB OBJECTIVES
The objective of this lab is to highlight the importance of dynamic code analysis while
performing a mobile application penetration test. You can learn a lot through performing
dynamic code analysis, ranging from direct access to restricted application areas and
sensitive application data, to the ability the remotely execute system commands on a device.

In addition, a lot of critical information can be extracted through dynamic code analysis that
can be used to perform more elaborate attacks against the application.

LEARNING OBJECTIVES
The learning objective of this lab is to provide hands-on experience in performing dynamic
code analysis. Specifically, in this lab. you will get accustomed to performing dynamic source
code analysis using ADB commands and the Activity Manager.

© Caendra Inc. 2017 | MASPTv2.5 | Dynamic Code Analysis 2

 RECOMMENDED TOOLS
 Apktool

RECOMMENDED CONFIGURATION
Setting up your testing environment for this lab

There can be different configurations to accommodate this lab’s testing environment. We

used the following configuration:

1. Windows 10 Machine:
Running:

 Android Studio 2.2.3

 Java verion 1.8

2. Preferred device

 Android device running API level 23

TASKS
TASK 1. INSTALL THE SUPPLIED APK
Install the supplied APK in your device using any method you want.

TASK 2. DECODE THE SUPPLIED APK

Use Apktool to decode the application.

© Caendra Inc. 2017 | MASPTv2.5 | Dynamic Code Analysis 3

TASK 3. EXTRACT CRITICAL APPLICATION INFORMATION
What information can you discover in the AndroidManifest.xml file?

TASK 4. INTERACT WITH THE APPLICATION VIA ADB

Execute all the appropriate commands via ADB to interact with the NotesList application.

© Caendra Inc. 2017 | MASPTv2.5 | Dynamic Code Analysis 4

SOLUTIONS

© Caendra Inc. 2017 | MASPTv2.5 | Dynamic Code Analysis 5

TASK 1. INSTALL THE SUPPLIED APK
One way to install the NotesList application to your device is by executing the following
command.

adb.exe install NotesList.apk

TASK 2. DECODE THE SUPPLIED APK

You can decode the application using Apktool as follows.

apktool d NotesList.apk

TASK 3. EXTRACT CRITICAL APPLICATION INFORMATION

When analyzing the application’s manifest file you will come across the following.

From the manifest file above, you know that the activity named NotesList has the action
MAIN (the default intent that will be called if you tap the icon in the launcher). This is what
you would like to run via an ADB command, as a first example of interacting with the
application through ADB.

When analyzing the application’s manifest file in depth you will also come across the
following.

© Caendra Inc. 2017 | MASPTv2.5 | Dynamic Code Analysis 6

As a second example of interacting with the application through ADB, you would like to
interact with the NoteEditor activity which as you can see includes an action named EDIT.

Before you interact with this activity, first try to understand what data you need to send to
it.

Note that the <data> element specifies the mimeType and the URI to use with the intent
filter. Also, note that the type is ‘vnd.android.cursor.item’ instead of dir.

That means that, <data android.mimeType=”vnd.android.cursor.item/vnd.google.note” />

indicates a particular item. This cursor will only contain one item.

In contrast, <data android.mimeType=”vnd.android.cursor.dir/vnd.google.note” /> indicates

multiple items (a directory). This cursor will contain 0 to x items.

TASK 4. INTERACT WITH THE APPLICATION VIA ADB

As with the first example of interacting with the application through ADB, try to run the
application on the device using only ADB. For this you will need the following.

 Activity name: NotesList

 Action name: android.intent.action.MAIN
 Package: com.example.android.notepad

Then execute the following command.

adb.exe shell am start –a android.intent.action.MAIN –n

com.example.android.notepad/.NotesList

© Caendra Inc. 2017 | MASPTv2.5 | Dynamic Code Analysis 7

For a more graphical representation see below.

For the second example of interacting with the application through ADB, try to start an
activity to edit a specific note using only ADB. Please note that you must already have a
note stored.

For this you will need the following.

 Activity name: NoteEditor

 Action name: android.intent.action.EDIT
 Package: com.example.android.notepad

Then execute the following command.

adb.exe shell am start –a android.intent.action.EDIT –n

com.example.android.notepad/.NoteEditor –d
content://com.google.provider.NotePad/notes/1

The –d option specifies the DATA_URI to send. Its structure is depicted below.

You should now be able to edit note with the ID 1.

© Caendra Inc. 2017 | MASPTv2.5 | Dynamic Code Analysis 8