battle programmers alliance
Would you like to react to this message? Create an account in a few clicks or log in to continue.

battle programmers allianceLog in

battle programming a forum for elite programmers with extreme will power to sharpen their skills

descriptionmobil app security Emptymobil app security

mobil app security 2v8n91
bullet points :

Defensive logic
- Always built as much security layers as possible
- Remember the papers with holes

Example SQL injection
- Prepared statement with bound parameters
- Stored procedures
- Input validation
- Least privilege policy

- Encryption
- Made for security - to hide messages, data, information
- Symmetric encryption
The same private key is used to encrypt AND decrypt data
Ceaser cipher example with key (1)
"Hello world" -> "Ifmmp xpsme"

XORing with 2byte key
(01100001  01100010)

[01001000, 01100101,
01101100, 01101100,
01101111, 00100000]

[00101001, 00000111,
00001101, 00001110,
00001110, 01000010]

- Asymmetric encryption
Use two different keys one is for encryption ONLY
two keys for decryption
Best practice is to use encryption key as public
and second is private (never passed in the same communication channel)

Downside - performance

- Hashing
- Made for Authentication
- Good HASH function, is one that takes plaintext and creates
fixed size single representable data (integer, string)
that MUST NOT be reversed
SHOULD avoid collisions

- MD5 -> MD5("Hello") -> "8b1a9953c4611296a827abf8c47804d7"
- SHA1 -> SHA1("Hello") -> "f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0"
- SHA2 -> SHA256("Hello") -> "185f8db32271fe25f561a6fc938b2e264306ec304eda518007d1764826381969"

- Encoding
- Made for data transportation
"a" ASCII dec -> 97
"a" ASCII hex -> 0x61
"a" ASCII binary -> 0b01100001
"a" base64 -> YQ==
"a" URL -> %61

- Salting
Combined with hashing and encryption  
- Example SHA1("plaintext"+salt)

- Digital Signature

Reverse engineering
1) Decompile using JADX
2) Open Manifest to find:
- packagename
- main activity
- any other context (Activity or Service)
- permissions

MB over and out emp it up

descriptionmobil app security Emptydecompiler


putting the APK file of the app into a decompiler
makes all the codes and files inside visible, even the comments


MB over and out emp it up
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum