Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

The Carnal0wnage blog has put up a nice summary of Android hackme/crackme challenges for those interested.

http://carnal0wnage.attackresearch.com/2013/08/want-to-break-some-android-apps.html

 

Have fun!

 

--------------------------------------------

 

Android App testing requires some diverse skills depending on what you're trying to accomplish. Some app testing is like forensics, there's a ton of server side stuff with web services, and there's also times when you need to show failings in programmatic protections or features which requires reversing, debugging, or patching skills.To develop these skills you need some practice targets. Here's a list of all known Android security challenges, both app level vulns and crackme-type (RE/patching):In some cases the write-up and challenge starter info is included, in other cases you might have to Google around as some of these CTF's are old.** Should you need some help with configuring an Android pentest / Crackme environment, cktricky  and CG have already written some pieces on that: http://carnal0wnage.attackresearch.com/search?q=android **Android App testing requires some diverse skills depending on what you're trying to accomplish. Some app testing is like forensics, there's a ton of server side stuff with web services, and there's also times when you need to show failings in programmatic protections or features which requires reversing, debugging, or patching skills.To develop these skills you need some practice targets. Here's a list of all known Android security challenges, both app level vulns and crackme-type (RE/patching):In some cases the write-up and challenge starter info is included, in other cases you might have to Google around as some of these CTF's are old.** Should you need some help with configuring an Android pentest / Crackme environment, cktricky  and CG have already written some pieces on that: http://carnal0wnage.attackresearch.com/search?q=android **Hacme Bank Android - Foundstone
http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspxExploitMe Android - Security Compass
http://securitycompass.github.io/AndroidLabs/InSecure Bank - Paladion
http://www.paladion.net/downloadapp.htmlGoatDroid - OWASP and Nvisium Security
https://github.com/jackMannino/OWASP-GoatDroid-ProjectIG Learner - Intrepidus Group
https://play.google.com/store/apps/details?id=com.intrepidusgroup.learnerMoshZuk.apk
Description - http://imthezuk.blogspot.com/2011/07/creating-vulnerable-android-application.html
File - https://dl.dropboxusercontent.com/u/37776965/Work/MoshZuk.apkCrackme.de’s and deurus's Android Crackmes 1-4 ++
http://crackmes.de/users/deurus/android_crackme01/
http://crackmes.de/users/deurus/android_crackme02/
http://crackmes.de/users/deurus/android_crackme03/
http://crackmes.de/users/deurus/android_crackme04/
http://crackmes.de/users/pnluck/android_signme/Hackplayers.com Crackmes (in Spanish so an extra challenge)
http://www.hackplayers.com/2010/12/reto-android-crackme1.html
http://www.hackplayers.com/2011/12/reto-14-android-crackme2.htmlNuit du Hack's 2k12 & 2k11 (pre-quals and finals) Android Crackme’s
http://blog.w3challs.com/index.php?post/2012/07/02/NDH2k12-wargame-CrackMe-Android
http://blog.spiderboy.fr/tag/crackme/Hack.Lu's CTF 2011 Reverse Engineering 300
http://shell-storm.org/repo/CTF/Hacklu-2011/Reversing/Space%20Station%200xB321054A%20(300)/Androidcracking.blogspot.com's Crackme’s
http://androidcracking.blogspot.com/2012/01/way-of-android-cracker-0-rewrite.html
http://androidcracking.blogspot.com/2010/10/way-of-android-cracker-1.htmlBlueBox Android Challenge
http://bluebox.com/labs/android-security-challenge/InsomniDroid
Description - http://www.strazzere.com/blog/2012/03/488/
Partial Walkthrough - http://www.fortiguard.com/files/insomnichallenge.pdf
(File) http://www.strazzere.com/crackmes/insomnidroid.apkCSAW2011 CTF Android Challenges
Android 1 file - http://shell-storm.org/repo/CTF/CSAW-2011/Forensics/Android1%20-%20200%20Points/CSAW2011CTF.apk
Android 2 file - http://shell-storm.org/repo/CTF/CSAW-2011/Forensics/Android2%20-%20400%20Points/CSAW2011CTF.apkDefcon 19 Quals b300 dex challenge
http://shell-storm.org/repo/CTF/Defcon-19-quals/Binary_L33tness/b300/b300_b258110ad2d6100c4b8GreHack 2012 Reverse Engineering 100
http://repo.shell-storm.org/CTF/GreHack-2012/reverse_engineering/100-GrehAndroidMe.apk/Nullcon HackIM 2012 RE 300
http://www.nullcon.net/challenge/data/Null%20Mobile.apkC0C0N 2011 RE level 100
http://www.nullcon.net/challenge/c0c0n/data/cocon_apk.zipAtast CTF 2012 Bin 300
http://andromedactf.wordpress.com/2013/01/02/atast-ctf-2012-bin300chall5/SecuInside 2011 CTF Level 7 (level 3 is also android but i am unable to find the bin)
Witeup - http://codeengn.com/archive/Reverse%20Engineering/Solution%20-%20CTF/2011%20SECUINSIDE%20CTF%20Write-up%20%5BCMU%5D.pdf
File - http://big-daddy.fr/repository/CTF2011/SecuInside-CTF/Q7/WonderfulWidget.apk

Edited by Loki

  • 1 year later...

latest on the list is dexgaurd any one who can defeat it and can make tutorial ?


 


it encode everthing like class,assets,resouce in arrays and decode it at runtime so reallt need tutorials from pro crakcer ?


 


even decompiling from apktool wont work

  • 10 years later...

Android Hackmes are intentionally vulnerable Android applications designed for security training and penetration testing. They help developers and ethical hackers practice identifying and exploiting security flaws in mobile apps, such as insecure storage, weak encryption, or improper authentication. They're often used in CTFs (Capture The Flag) and learning platforms like Hack The Box or OverTheWire.

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.