<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
		<id>http://fixme.ch/w/index.php?action=history&amp;feed=atom&amp;title=Fixme.ch%3AOldWiki%2FAndroid_Lab</id>
		<title>Fixme.ch:OldWiki/Android Lab - Revision history</title>
		<link rel="self" type="application/atom+xml" href="http://fixme.ch/w/index.php?action=history&amp;feed=atom&amp;title=Fixme.ch%3AOldWiki%2FAndroid_Lab"/>
		<link rel="alternate" type="text/html" href="http://fixme.ch/w/index.php?title=Fixme.ch:OldWiki/Android_Lab&amp;action=history"/>
		<updated>2026-07-16T03:44:49Z</updated>
		<subtitle>Revision history for this page on the wiki</subtitle>
		<generator>MediaWiki 1.25.1</generator>

	<entry>
		<id>http://fixme.ch/w/index.php?title=Fixme.ch:OldWiki/Android_Lab&amp;diff=14021&amp;oldid=prev</id>
		<title>Rorist: 1 revision imported</title>
		<link rel="alternate" type="text/html" href="http://fixme.ch/w/index.php?title=Fixme.ch:OldWiki/Android_Lab&amp;diff=14021&amp;oldid=prev"/>
				<updated>2019-03-06T20:36:43Z</updated>
		
		<summary type="html">&lt;p&gt;1 revision imported&lt;/p&gt;
&lt;table class='diff diff-contentalign-left'&gt;
				&lt;tr style='vertical-align: top;'&gt;
				&lt;td colspan='1' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;← Older revision&lt;/td&gt;
				&lt;td colspan='1' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;Revision as of 20:36, 6 March 2019&lt;/td&gt;
				&lt;/tr&gt;&lt;tr&gt;&lt;td colspan='2' style='text-align: center;'&gt;&lt;div class=&quot;mw-diff-empty&quot;&gt;(No difference)&lt;/div&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;</summary>
		<author><name>Rorist</name></author>	</entry>

	<entry>
		<id>http://fixme.ch/w/index.php?title=Fixme.ch:OldWiki/Android_Lab&amp;diff=14020&amp;oldid=prev</id>
		<title>128.178.115.37 at 07:55, 22 December 2011</title>
		<link rel="alternate" type="text/html" href="http://fixme.ch/w/index.php?title=Fixme.ch:OldWiki/Android_Lab&amp;diff=14020&amp;oldid=prev"/>
				<updated>2011-12-22T07:55:05Z</updated>
		
		<summary type="html">&lt;p&gt;&lt;/p&gt;
&lt;p&gt;&lt;b&gt;New page&lt;/b&gt;&lt;/p&gt;&lt;div&gt;= Goals =&lt;br /&gt;
* Extract all application packages from the Market&lt;br /&gt;
** http://code.google.com/p/android-market-api/&lt;br /&gt;
** http://cyrket.com&lt;br /&gt;
* Run batch tests (fuzzing, targeted attack) on a application subset&lt;br /&gt;
&lt;br /&gt;
= TODO =&lt;br /&gt;
* Create a FIXME google account (something less obvious than fixme@gmail.com :D)&lt;br /&gt;
&lt;br /&gt;
= Harvest APK =&lt;br /&gt;
* Intercept traffic http://www.floyd.ch/?p=244&lt;br /&gt;
* Download on TPB&lt;br /&gt;
&lt;br /&gt;
= Attack surfaces =&lt;br /&gt;
== Misc ==&lt;br /&gt;
* Browser app:// scheme&lt;br /&gt;
&lt;br /&gt;
== Bind to service ==&lt;br /&gt;
* Extract all apps with a private service using AIDL&lt;br /&gt;
* Decompile apk and resources&lt;br /&gt;
* Modify AndroidManifest.xml so the Service is exported&lt;br /&gt;
* Save the Service interface file (.aidl)&lt;br /&gt;
* Repackage application and resource&lt;br /&gt;
* Create a 3rd party app accessing the service methods&lt;br /&gt;
&lt;br /&gt;
== Broadcast Intents ==&lt;br /&gt;
* Extract AndroidManifest.xml data to find interesting Intent Filters&lt;br /&gt;
* Create an application implementing all possible filters (type, data, categories)&lt;br /&gt;
* Eavesdrop broadcasted intent, handle them before the supposed activity, replay (DoS)&lt;br /&gt;
&lt;br /&gt;
= Other =&lt;br /&gt;
== Unlock screen ==&lt;br /&gt;
* mashing button &lt;br /&gt;
* Back button&lt;br /&gt;
* Car dock&lt;br /&gt;
* gmail null password&lt;br /&gt;
&lt;br /&gt;
== To test ==&lt;br /&gt;
* Install app from an other app without perm prompt ???&lt;br /&gt;
* Download apps with a transparent proxy (burp, iptables)&lt;br /&gt;
* When login screen (ie.) invoke other activities directly..&lt;br /&gt;
* test classes&lt;br /&gt;
* 2nd factor auth: mTAN&lt;br /&gt;
* MITM study on smartphones http://www.globalthreatcenter.com/wp-content/uploads/2009/11/MIMT-Whitepaper031.pdf&lt;br /&gt;
* reverse shell with app:// scheme (no perm) http://www.defcon.org/images/defcon-18/dc-18-presentations/Lineberry/DEFCON-18-Lineberry-Not-The-Permissions-You-Are-Looking-For.pdf&lt;br /&gt;
* https://www.owasp.org/index.php/Projects/OWASP_GoatDroid_Project&lt;br /&gt;
* Permission leak: [[File:Android_Woodpecker.pdf]]&lt;/div&gt;</summary>
		<author><name>128.178.115.37</name></author>	</entry>

	</feed>