1
00:00:00,360 --> 00:00:02,430
‫Instructor: Hi, within this lecture,

2
00:00:02,430 --> 00:00:06,780
‫we are going to see how we can manipulate the activities.

3
00:00:06,780 --> 00:00:09,870
‫So before we begin the CTF,

4
00:00:09,870 --> 00:00:13,650
‫I have told you we don't even need a user login

5
00:00:13,650 --> 00:00:17,520
‫and password in order to see the activities that we want.

6
00:00:17,520 --> 00:00:20,970
‫And right now we are going to see how it's done

7
00:00:20,970 --> 00:00:24,690
‫even though it's given to us in the CTF,

8
00:00:24,690 --> 00:00:27,360
‫and maybe it will not be given

9
00:00:27,360 --> 00:00:31,860
‫to us in real life examples or if we want

10
00:00:31,860 --> 00:00:36,860
‫to see some administrator activity for example.

11
00:00:36,930 --> 00:00:40,110
‫And in order to do that, we have a way.

12
00:00:40,110 --> 00:00:41,220
‫So what I'm going to do,

13
00:00:41,220 --> 00:00:44,730
‫I'm going to uninstall this app, okay?

14
00:00:44,730 --> 00:00:48,736
‫And I'm going to actually delete this APK

15
00:00:48,736 --> 00:00:53,736
‫and APK tool created folder because we have manipulated it.

16
00:00:54,210 --> 00:00:57,150
‫And I'm going to start with the original one.

17
00:00:57,150 --> 00:01:02,150
‫So I'm going to copy this again to my desktop

18
00:01:02,310 --> 00:01:04,770
‫and of course we are gonna have to run APK tool

19
00:01:04,770 --> 00:01:08,760
‫from the beginning, but it's not a very hard thing to do.

20
00:01:08,760 --> 00:01:11,460
‫All you have to do is just run APK tool

21
00:01:11,460 --> 00:01:15,180
‫D and the APK name like that.

22
00:01:15,180 --> 00:01:19,170
‫So we're going to decompile it first, okay?

23
00:01:19,170 --> 00:01:21,840
‫And we are going to start analyzing the app

24
00:01:21,840 --> 00:01:26,840
‫from scratch as if we don't know anything about this app.

25
00:01:26,940 --> 00:01:30,450
‫So I'm going to open this and all I want to do

26
00:01:30,450 --> 00:01:34,560
‫is just to see the content of the Android manifest.

27
00:01:34,560 --> 00:01:37,770
‫So I'm going to open the Android manifest in Genie

28
00:01:37,770 --> 00:01:42,770
‫or you can just run it with our text editor or any editor.

29
00:01:42,780 --> 00:01:47,280
‫Okay, because all we want to do is just to see the content.

30
00:01:47,280 --> 00:01:52,280
‫So over here, let me zoom in a little bit, okay?

31
00:01:52,500 --> 00:01:54,780
‫And one more time.

32
00:01:54,780 --> 00:01:58,530
‫And yeah, I believe this will be good.

33
00:01:58,530 --> 00:02:03,530
‫So over here as you can see we have the activity names.

34
00:02:04,140 --> 00:02:07,500
‫So we can see this main launcher tag,

35
00:02:07,500 --> 00:02:09,270
‫which is the opening tag.

36
00:02:09,270 --> 00:02:13,680
‫And we have all the other information here like minimum SDK

37
00:02:13,680 --> 00:02:18,680
‫or the permissions and some of the packaging names or stuff.

38
00:02:19,830 --> 00:02:22,650
‫And over here we have the activities.

39
00:02:22,650 --> 00:02:26,130
‫So it starts with this activity and as you can see

40
00:02:26,130 --> 00:02:29,490
‫this is the login activity, okay.

41
00:02:29,490 --> 00:02:31,410
‫So this is the one.

42
00:02:31,410 --> 00:02:36,410
‫So once we see the intent filter of main and launcher

43
00:02:36,960 --> 00:02:40,020
‫we know this is the first activity to be shown,

44
00:02:40,020 --> 00:02:45,020
‫first screen that a user sees when this app is launched.

45
00:02:45,150 --> 00:02:48,420
‫So this is the first thing that we see.

46
00:02:48,420 --> 00:02:52,260
‫And if we don't know the username or password,

47
00:02:52,260 --> 00:02:55,710
‫we can still see the other activities as well.

48
00:02:55,710 --> 00:02:59,430
‫So we can get the names of the other activities

49
00:02:59,430 --> 00:03:01,380
‫from the smally files

50
00:03:01,380 --> 00:03:04,650
‫or from the manifest itself, right?

51
00:03:04,650 --> 00:03:08,940
‫Like as you can see, we have this activity like post login,

52
00:03:08,940 --> 00:03:13,770
‫and wrong login, do transfer or real statement.

53
00:03:13,770 --> 00:03:18,770
‫So post login is actually pretty self explanatory, okay?

54
00:03:19,890 --> 00:03:23,700
‫So this is what happens when a user logs in.

55
00:03:23,700 --> 00:03:28,700
‫So if we want to see that, but if we don't know the password

56
00:03:29,070 --> 00:03:31,290
‫or if we want to explore

57
00:03:31,290 --> 00:03:35,400
‫for other ways to see the other activities

58
00:03:35,400 --> 00:03:38,670
‫then we are going to have to learn a new skill.

59
00:03:38,670 --> 00:03:41,310
‫It will be very good for you to learn this

60
00:03:41,310 --> 00:03:45,810
‫so that you can actually implement this technique

61
00:03:45,810 --> 00:03:49,380
‫in your real life examples as well.

62
00:03:49,380 --> 00:03:54,380
‫And of course there are some other activities over here

63
00:03:55,020 --> 00:03:57,720
‫you can try with this technique,

64
00:03:57,720 --> 00:03:59,460
‫with other activities as well.

65
00:03:59,460 --> 00:04:02,280
‫But make sure you copy or just take note

66
00:04:02,280 --> 00:04:06,840
‫of the activity that you may want to see, okay?

67
00:04:06,840 --> 00:04:08,610
‫And you're going to need it

68
00:04:08,610 --> 00:04:11,640
‫of course when you run some commands.

69
00:04:11,640 --> 00:04:14,400
‫So what is the command that we are looking for?

70
00:04:14,400 --> 00:04:18,600
‫Just let me install this new APK over here, okay?

71
00:04:18,600 --> 00:04:21,753
‫And leave the username and password blank.

72
00:04:22,620 --> 00:04:25,230
‫And let me open my terminal.

73
00:04:25,230 --> 00:04:30,230
‫And of course our server is running at the left hand side.

74
00:04:30,660 --> 00:04:33,900
‫So over here I'm gonna run adb.

75
00:04:33,900 --> 00:04:38,250
‫So remember adb, it stands for Android Debugging Bridge.

76
00:04:38,250 --> 00:04:39,660
‫And by this command,

77
00:04:39,660 --> 00:04:42,930
‫we can actually manipulate the emulators.

78
00:04:42,930 --> 00:04:47,430
‫However, there is some problem in Macs'.

79
00:04:47,430 --> 00:04:52,170
‫So you can actually face this problem with a common thing.

80
00:04:52,170 --> 00:04:55,140
‫Even though you fix it, it just comes back.

81
00:04:55,140 --> 00:04:58,110
‫So if you experience this problem,

82
00:04:58,110 --> 00:05:00,600
‫you can search for the adbexe

83
00:05:00,600 --> 00:05:02,820
‫so that you can use it directly.

84
00:05:02,820 --> 00:05:05,610
‫So I'm gonna search for adb okay?

85
00:05:05,610 --> 00:05:09,540
‫And of course you can do this inside of Windows as well.

86
00:05:09,540 --> 00:05:13,500
‫I'm gonna search for adbexe, and when I find it

87
00:05:13,500 --> 00:05:16,920
‫I'm just going to use it on my terminal.

88
00:05:16,920 --> 00:05:21,300
‫So let me find the adbexe

89
00:05:21,300 --> 00:05:24,690
‫and let me show you where it's located on my machine.

90
00:05:24,690 --> 00:05:29,310
‫It's under the sdk folder that I have downloaded over here.

91
00:05:29,310 --> 00:05:32,460
‫So if you have chosen your sdk downloaded to reside

92
00:05:32,460 --> 00:05:34,680
‫in any folder, just open this

93
00:05:34,680 --> 00:05:38,100
‫and you can find the sdk folder.

94
00:05:38,100 --> 00:05:42,240
‫And then under sdk folder, you can search for adb.

95
00:05:42,240 --> 00:05:45,060
‫And of course there are a lot of folders over here

96
00:05:45,060 --> 00:05:49,290
‫but you can find the adb on platform tools like this.

97
00:05:49,290 --> 00:05:53,700
‫So all you have to do is just write the path over here

98
00:05:53,700 --> 00:05:56,730
‫or just drag and drop it onto your terminal

99
00:05:56,730 --> 00:06:01,730
‫so that it will run it or it'll just display it over here.

100
00:06:01,740 --> 00:06:05,520
‫Of course you can say get info and see where it's located

101
00:06:05,520 --> 00:06:07,833
‫and try to run it manually as well.

102
00:06:08,760 --> 00:06:13,760
‫So after you get this adb like that, it can be run.

103
00:06:14,010 --> 00:06:16,590
‫So why are we using this adb?

104
00:06:16,590 --> 00:06:19,590
‫We can install the APKs manually

105
00:06:19,590 --> 00:06:22,110
‫by dragging and dropping them, okay?

106
00:06:22,110 --> 00:06:25,140
‫But we can't just run adb shell,

107
00:06:25,140 --> 00:06:27,810
‫in order to have a shell connection

108
00:06:27,810 --> 00:06:31,980
‫to the current working session.

109
00:06:31,980 --> 00:06:33,510
‫So what does it mean?

110
00:06:33,510 --> 00:06:37,500
‫Now we can actually run some commands, okay,

111
00:06:37,500 --> 00:06:39,810
‫on our emulator.

112
00:06:39,810 --> 00:06:43,110
‫For example, let me just make this a little bit bigger

113
00:06:43,110 --> 00:06:48,110
‫so you can see my commands a little bit better, okay?

114
00:06:48,120 --> 00:06:50,190
‫I'm going to run a command over here

115
00:06:50,190 --> 00:06:53,280
‫and this command will allow us to manipulate

116
00:06:53,280 --> 00:06:55,140
‫the activity itself.

117
00:06:55,140 --> 00:06:58,980
‫So I'm gonna say am start-n.

118
00:06:58,980 --> 00:07:03,980
‫After that, you can specify the activity to be executed,

119
00:07:04,170 --> 00:07:08,400
‫activity to be shown on the emulator itself.

120
00:07:08,400 --> 00:07:12,240
‫So this is pretty cool and we're going to see other examples

121
00:07:12,240 --> 00:07:15,480
‫of this adb shell thing later on.

122
00:07:15,480 --> 00:07:18,720
‫But right now, this is a very good opportunity for you

123
00:07:18,720 --> 00:07:23,720
‫to understand why you should use adb when it's needed.

124
00:07:24,180 --> 00:07:27,843
‫So I'm gonna say com.android.insecurebankv2.

125
00:07:30,480 --> 00:07:32,310
‫So this is the package name.

126
00:07:32,310 --> 00:07:35,430
‫Of course you can get it from the Android manifest

127
00:07:35,430 --> 00:07:38,100
‫or any folder from here like this

128
00:07:38,100 --> 00:07:41,760
‫com.android.insecurebankv2.

129
00:07:41,760 --> 00:07:45,000
‫So remember what a package name is, right?

130
00:07:45,000 --> 00:07:48,303
‫So after you get that, you can just run /.PostLogin.

131
00:07:50,010 --> 00:07:52,350
‫Of course this can be changed.

132
00:07:52,350 --> 00:07:56,790
‫You have to specify the activity that you should see.

133
00:07:56,790 --> 00:08:01,230
‫And once I do that, as you can see, it starts an intent

134
00:08:01,230 --> 00:08:05,040
‫which takes us to the other activity like this.

135
00:08:05,040 --> 00:08:07,020
‫So it's that simple.

136
00:08:07,020 --> 00:08:10,380
‫Now we see the activity even though

137
00:08:10,380 --> 00:08:13,020
‫we are not even logged in.

138
00:08:13,020 --> 00:08:17,400
‫So we can actually browse through this app

139
00:08:17,400 --> 00:08:19,800
‫using this intent technique.

140
00:08:19,800 --> 00:08:24,240
‫And we can try to understand what is inside

141
00:08:24,240 --> 00:08:28,410
‫of these activities, and we can gather much more information

142
00:08:28,410 --> 00:08:29,790
‫or we can try to interact

143
00:08:29,790 --> 00:08:32,820
‫with these activities and try to break the app,

144
00:08:32,820 --> 00:08:35,700
‫or try to understand the app in a better way.

145
00:08:35,700 --> 00:08:39,090
‫So this is a very good technique, as I said before.

146
00:08:39,090 --> 00:08:42,090
‫So make sure, take a note about this am start

147
00:08:42,090 --> 00:08:44,760
‫because it will be very beneficial for you

148
00:08:44,760 --> 00:08:46,620
‫in real life examples.

149
00:08:46,620 --> 00:08:50,043
‫So we're gonna stop here and continue within the next one.