root💀senseicat:~#

Hack. Eat. Sleep. Repeat!!!

Project maintained by SENSEiXENUS Hosted on GitHub Pages — Theme by mattgraham

ANDROID PENTESTING

Exporting apk with adb

Use adb shell pm list packages to list packages
Use adb shell pm path <path> to get path
Lastly adb pull <path> <destination> to copy it.

Using Drozer

Install the drozer-agent apk from Source

Connect to the agent with drozer on port 31415

drozer console connect --server <ip-addr>

But, since it is an emulator nox-player,you should portforward with adb or Android Debug Bridge.

Syntax-: adb forward tcp:<port> tcp:<port>

Connect

Drozer Console Commands

Retrieving package information, use shell module app.package.list

Syntax-:run app.package.list -f <package>

Gathering package infor app.package.info

Syntax-:run app.package.info -a <package's identifier>

Identify the attack surface with app.package.attacksurface, if an app is debuggable,we can add adb and step through the code.

Syntax-:run app.package.attacksurface <identifier>

Spotting activities allowed in the app with app.activity.info

Syntax-:run app.activity.info -a <identifier>

Use help [module] to check on more info on a module.

In the image detailing the actions of app.package.info, an exported activity com.mwr.example.sieve.PWList can be carried without authorization or permission.We will use app.package.start to start it and exploit the activity.

Syntax-: run app.activity.start --component [identifier] [activity]

Reading from Content-provider,module app.provider.info can be used to gather the content information exported from the app.

Syntax-:run app.provider.info -a [identifier]

Use module scanner.provider.finduris to scan for multiple urls and define a list of possible urls

Syntax-:run scanner.provider.finduris -a [identifier]

Then, use module app.provider.query to grab the secrets

Syntax-:run app.provider.query content://[url]

Inserting a string into a sqlite database

run app.provider.insert <content uris> --string pin 1111 --string Password H4ck3d
run app.provider.query content://com.mwr.example.sieve.DBContentProvider/Keys/

Use module scanner.provider.sqltables to view the sql tables of a server.

Syntax-:run scanner.provider.sqltables -a <identifier>

Sql injection with module app.provider.query

Syntax-:run app.provider.query <content uri> --projection "* FROM SQLITE_MASTER where type=’table’;--"

Trying a true statement

run app.provider.query content://com.mwr.example.sieve.DBContentProvider/Keys/ --selection "1 or 1=1"

In the sieve app, for example, we have a file backup provider that backs up various files from the storage. Now, if an attacker was to use this provider’s interface to view internal system files, it would be a critical vulnerability. In the following command, the same has been demonstrated.

Syntax-:run app.provider.read content://com.mwr.example.sieve.FileBackupProvider/etc/hosts

REFERENCE-:

HackingArticles

Decompiling apk files

Apktool-:

apktool d -rs <apk>

Converting dex files to jar files

D2j-dex2jar-:

d2j-dex2jar <classes.dex>

Use jadx-gui to read decompiled jar file

Jadx-gui-:

jadx-gui <classes.jar>

Android Internals 101

What happens when an Android phone boots up

We’ll look at the Zygote and its role in firing up an application.
This is how it goes
- Boot ROM
- Bootloader
- Kernel
- Init
- Dalvik VM
- Zygote
- System Servers
- Managers

BOOT ROM

The BootROM contains the initial code that run as soon as a device wakes up.It is a mask ROM or a write-protected chip.It is stored in a chip and it loads the bootloader into the RAM for execution.
Examples-:
- iPhone boot ROM. Embedded in the mask ROM and can’t be modified. Loads the next stage boot loader from flash or USB (in DFU mode) and verifies its signature using built-in RSA implementation. Also provides accelerated decryption functions for the next stage bootloader.
- TI’s OMAP4 boot ROM. Can load user code from flash (NOR, NAND, OneNAND), external memory, SD/MMC, USB or UART. Boot order and options are set by strap (SYSBOOT) pins. Provides some functionality for later stages (cache/TLB management etc.)
- NXP’s LPCxxxx series Boot ROM. Placed in a hidden portion of the internal flash which is mapped at 0 on power-on. Implements CRP (code read protection), ISP (In-System Programming) which allows to upload and flash new code over UART. If a valid user code is in flash (needs to have proper checksum), maps it to 0 and jumps to it. A part of bootrom remains mapped to provide IAP (In-Application Programming) and some other services.

Bootloader

The bootloader is a piece of code that runs before any operating system.It is responsible for loading an operating system.It sets up a minimal environment in which OS can run and begin the the start up process.Bootloader is not specific to Android.In the context of Android (pun intended!) you might’ve heard of OEM manufacturers placing certain limitations on the operating system (eg: limited background processes). This is where those rules are stored.
One of the major tasks of the the bootloader is stetting up memory management and security options which is vital for the Kernel.Bootloader contains two important files: init.s and main.c.
Init.s is responsible for initializing stacks, and BSS segments. It eventually calls main.c which is responsible for initializing hardware such as keyboard, system clock, console etc.
Lastly,it verifies the state of the boot and the integrity partitions before moving execution to the Kernel.

Kernel

Once the Kernel starts,it starts setup cache, loads drivers, mounts file system and starts kernel daemons.After the system setup,it looks for init.s process in system files and launch the root first process.It facilitates communication between the software and the hardware.

Init

This is a very crucial process. It is where the directories such as /dev, /sys, /proc are mounted. This is also the place where init.rc script is executed.
Init process also starts the daemons such as bluetooth daemon, adb daemon etc. These handle low level hardware interface including radio interface.If you take a look at init.rc script you’ll find that it includes commands such as “start vold” for file system, “trigger zygote” for starting the Zygote process in Android.One of the most important things that happens during this init process is a call to start the Zygote. The app_process command starts the ART or Dalvik VM and also give a call to Zygote’s main() method.

Zygote and VM

When the command app_process() launches the Zygote, first a VM instance is created and then a call to Zygote’s main() is made.
According to dictionary definition: Zygote is the first cell that’s formed during fertilisation. Similarly, Zygote is the first Android specific process when Android OS boots up!”.Zygote preloads all the system resources and classes used by the Android framework thus achieving fast app launches.Zygote preloads all the system resources and classes used by the Android framework thus achieving app launch.The Zygote forks itself to start a “system-server”. The system-server starts services such as ActivityManagerService, Hardware services etc.
It starts a listening socket interface in the background to ensure creation of new vms for Application processes. On receiving a new request, it forks itself to create a new process which gets a pre-initialized VM instance.
This forking is available due to copy-on-write resource management technique. It doesn’t copy anything actually, just points to the pages of the parent process. The actual copying happens when there is a new write to the process’ pages.
The forking happens very efficiently. A new Dalvik VM is created, process gets its own thread and resources to work with. This enables code sharing among VMs thus resulting in minimal startup time.

SYSTEM SERVERS

This is the first process started by the Zygote.It loads a native library called Android_servers that provides interfaces to native functionalities.
It starts initializing each system service and and registering them with the previously started Service Manager. Each service runs in a separate Dalvik thread in system server.
ActivityManager is responsible for starting the Launcher App and registering click listeners to it. It also manages the activity lifecycle, maintains activity stack etc.
System Server also starts other services beginning with com.android such as com.android.phone, com.android.email. It also starts other managers such as Location Manager, Bluetooth Manager etc.

Activity Manager

It is responsible for activity thread process creation, activity stack management and activity lifecycle management. At the end, it launches an intent to start Home Launcher and registers on click listeners to it. Whenever a click is detected, it launches new apps from icons on home screen.
The click events are transferred to AcitivityManagerService via Binder IPC. AMS performs multiple steps:
Collect info about the target intent of intent object. It does so using resolveIntent() method.
Information about target is saved back into the intent object.
Now, it’s checked if the user can actually access the target using grantUriPermissionLocked() method.
Then AMS checks if the intent needs to be opened as a new task. It check for flags such as FLAG_ACTIVITY_NEW_TASK etc.
If the process doesn’t already exist for the target, the AMS has to create a new process for this.

Android Architecture Build Process

SSL Unpinning with Objection [another approach]

Android sdk installer:- windows,Linux,Macos. Check Stack Overflow
Check this repo to install android-sdk.
Patch with objection first

Syntax-:objection patchapk -s <apk's name>

On linux, if you noticed an error mostly in red,download apktool from the source and install.It is due to the dirty version.
Newly signed apk

Install with adb install <apk>

APK DEBUG PROCESS

Understanding the Java Virtual Machine

JVM is a virtual machine that allows the computer to run application compiled by java bytecode.It basically helps to convert java byte code to machine code and allows compiled code to be run by a virtual machine and not on hardware.JVM was designed for with huge storage and power which was why the Dalvik Vm was created.Bytecode is a set of instructions desined for efficient execution by an interpreter.Whereas Java bytecode is the instruction set of the Java Virtual Machine.

Android Virtual Machine

Every Android has it virtual machine, from Android 1.0 to 4.4,it was “Dalvik”,Google experimentally introduced ART or Android Runtime.Android users had the opportunity to choose between Dalvik and ART in Android 4.4.The .class generated contains the JVM class bytecodes.Android has its own optimized bytecode fromat called the Dalvik from version 1.0 to 4.4.Dalvik bytecodes are instructions set for a processor.

Compilation process

The compilation process converts the .class and .jar libraries into a single .dex file containing dalvik byte codes.This is possible with the dx command.DEX means Dalvik Executable.

ART over DALVIK

Android migrated to ART in Android 4.4.This execution environment executes dex properly.The benefit of ART over Dalvik is that the app runs and launches faster on ART, this is because DEX bytecode has been translated into machine code during installation, no extra time is needed to compile it during the runtime.The JIT based compilation in the previously used Dalvik has disadvantages of poor battery life, application lag, and performance.ART is based on the Ahead-of-Time compilaton process where compilation begins before a process starts.In ART, the compilation process happens during the app installation process itself. Even though this leads to higher app installation time, it reduces app lag, increases battery usage efficiency, etc.In Android version 7.0, JIT came back. The hybrid environment combining features from both a JIT compiler and ART was introduced.

Understanding the whole process

The src folders stores the java and kotlin source code
Resource files are stored in the res folder.
The Android Interface Definition Language [AIDL] allows you to define the programming interface for client and service communication using IPC.IPC is inter process communication.AIDL can be used between any process in Android.
Library modules contains java or kotlin classes, Android Components and resoures, although assets are not supported.The codes and resources of the library project are compiled and packaged with the application.Therefore, an library module can be a compile time artifact.
Android library compiles into an Android Archive (AAR) file that you can use as a dependency for an Android app module.AAR files can contain Android resources and a manifest file, which allows you to bundle in shared resources like layouts and drawables in addition to Java or Kotlin classes and methods.
JAR Libraries is a Java library and unlike AAR it cannot contain Android resources and manifests.
Android Asset Packaging Tool (aapt2) compiles the AndroidManifest and resource files into a single apk.It is divided into two steps compiling and linking.It improves performance since it is only one file changes.You only need to compile one file and link with the intermediate files.It also support android file resources like drawables and xml.When you invoke AAPT2 for compilation, you should pass a single resource file as an input per invocation.AAPT2 then parses the file and generates an intermediate binary file with a .flat extension.The link phase merges all the intermediate files generated in the compile phase and outputs one .apk file. You can also generate R.java and proguard-rules at this time.
Resources.arsc: The output .apk file does not include the DEX file, so the DEX file is not included, and since it is not signed, it is an APK that cannot be executed.It contains the metadata information of the resourses such as the index of all resources in the packages.An apk is a binary file,and the APK that can be actually executed, and the APK that you often build and execute are uncompressed and can be used simply by expanding it in memory.The R.java that is output with the APK is assigned a unique ID, which allows the Java code to use the resource during compilation as seen below.Arsc is the index of the resource used when executing the application.

Starting from Android studio 3.1,D8 waas made the official compiler.D8 produces smaller dex files with better performance when compared with the old dx.R8 is used to compile the code. R8 is an optimized version of D8.D8 plays the role of dexer that converts class files into DEX files and the role of desugar that converts Java 8 functions into bytecode that can be executed by Android.R8 further optimizes the dex bytecode. R8 provides features like optimization, obfuscation, remove unused classes.Obfuscation reduces the size of your app by shortening the names of classes, methods, and fields.Optimization reduces the DEX file size by rewriting unnecessary parts and inlining.By doing Desugaring we can use the convenient language features of Java 8 in older devices.
Dex and Multidex -:R8 compiles one file known as the classes.dex.If you are using Multidex, that is not the case, but multiple DEX files will appear, but for the time being, classes.dex will be created.If the number of application method exceeeds 65536 including the reference libraries, a build error will occur.The method ID range is 0 to 0xFFFF[0 to 65535].In order to avoid this, it is useful to review the dependency of the application and use R8 to remove unused code or use Multidex.e.g

Signing the apk

All apks require a digital signature before they can be installed or updated on your device.For Debug builds, Android Studio automatically signs the app using the debug certificate generated by the Android SDK tools when we run.A debug Keystore and a debug certificate is automatically created.For release builds, you need a Keystore and upload the key to build a signed app. You can either make an APK file with apkbuilder and finally optimize with zipalign on cmd or have Android Studio handle it for you with the ‘Generated Signed Apk option’.

Java for Android

Setting up Nox player with Android Studio
Hello world code in java-:

public class Hello {
	public static void main(String[] args){
    System.out.println("Hello world!!");		
	}
}

Commenting in java, use //

//TODO-:

Running java code on cmd, use java file.java

Variable and arithmetic operators

public class Hello {
	public static void main(String[] args){
    System.out.println("Hello world!!");
    //Number
    int number = -5;
    System.out.println(number);	
	}
}

The long keyword can also be used to store integers and can store up 2 ^ 63.

long number = 5;
System.out.println(num);

For decimal numbers, use float or double

public class Hello {
	public static void main(String[] args){
    System.out.println("Hello world!!");
    //Number
    int number = -5;
    System.out.println(number);
    long num = 5;
    System.out.println(num);
    double myDouble = 2.5;
    //float
    float myFloat = (float) 2.9;
    System.out.println(myDouble);	
    System.out.println(myFloat);
	}
}

You can also use char to store unicode values

char myUnicodeChar =  '\u00A9';
System.out.println(myChar);
System.out.println(myUnicodeChar);

Use String for characters

String myString = "Meisma";

For boolean, use Boolean for true or false

Boolean myBool = true;

Instead of using int or long to hold huge numbers, double can also be used.

int a  =  5;
int b  = 10;
double answer =  (double) a / b ;
System.out.println(answer);

Adding String in java

String string1 = "Man";
String string2 = "go";
System.out.println(string1 + string2);

Relational and Logical Operators && Conditions

Conditions

int num = 9;
if (num>10) {
   System.out.println("Greater than 10");
} else {
   Systemm.out.println("Lesser thn 10");
}

Switch and Case statement

switch (num) {
   case 10:
        System.out.println("Wrong");
        break;
   case 9:
        System.out.println("Correct");
        break;
   default:
        System.out.println("LMAO!!!");
        break;				
}

Loops

while loop-:

public class Main {
	public static void main(String[] args) {
		int num = 0;
		while (true) {
			num+=1;
			System.out.println("Hello");
		    if (num == 7) {
			   System.out.println("Life is hard");
		       break;
			}
		}
	}
}

You can also use special keywords like break and continue in a while loop
You can also use do statement

do{
  System.out.println("Milk");
} while (x<5);

The scanner is used to input a number.You have to import the class Scanner from java.util.Scanner.

import java.util.Scanner;
public class Main {
    public static void main(String[] args) {
        System.out.println("Enter a number: ");
        Scanner myScanner = Scanner(System.in);
        int answer = new myScanner.nextInt(); //nextInt() should be used for a number
        System.out.println("The answer is :" + answer);
    }
}

For a string Scanner, use

String string = new myScanner.next();

Java Options pane-: A useful package for receiving user input is the JOptionPane class.Import with

import javax.swing.JOptionPane;

To get an input box, use the showInputDialog method -:

import javax.swing.JOptionPane;
public class Main {
	public static void main(String[] args) {
	  String first_name;
	  first_name = JOptionPane.showInputDialog("FirstName");//showInputDialog
	  System.out.println(first_name);
	}
}

To display a result, use the showMessageDialog method to display the result

import javax.swing.JOptionPane;
public class Main {
	public static void main(String[] args) {
	  String first_name,second_name,full_name;
	  first_name = JOptionPane.showInputDialog("FirstName-: ");//showInputDialog
	  second_name = JOptionPane.showInputDialog("SecondName-: ");
	  //full_name
	  full_name = "Your name is "+ first_name + " " + second_name;
	  JOptionPane.showMessageDialog(null,full_name);
	  System.exit(0);
	}
}

You can also add informational message to showMessageDialog.Syntax-:

JOptionPane.showMessageDialog(null,full_name,"Name",JOptionPane.INFORMATION_MESSAGE);

Other keywords-:

ERROR_MESSAGE
PLAIN_MESSAGE
QUESTION_MESSAGE
WARNING_MESSAGE

Generating a random number with class Random.

import java.util.Random;

public class Main {
	public static void main(String[] args){
		System.out.println("Random numbers");
		Random random = new Random();
		int number = random.nextInt();
		System.out.println(number);
	}
}

Setting limit for random number

int number = random.nextInt(20); //The argument 20 is the limit

Simple Arrays-:
Initializing new array with values

public class Main {
	public static void main(String[] args) {
		//Arrays in java
	     String[] students = {"Meisam","Zombies","Daddy","Great","Deadbeat"};
		 System.out.println(students[0]);  
	}
}

Creating an array with a defined memory

public class Main {
	public static void main(String[] args) {
		 //Arrays in java
	         String[] students = new String[5]; //Defining the amount of memory
		 students[0] = "Meisam";
		 students[1] = "Sarah";
		 System.out.println(students[0]);  
		 
	}
}

Accessing all the elements of an array with for loop

public class Main {
	public static void main(String[] args) {
		//Arrays in java
	     String[] students = new String[5];
		 students[0] = "Meisam";
		 students[1] = "Sarah";
		 students[2] = "Sarah";
		 students[3] = "Sarah";
		 students[4] = "Sarah";
		 for (int i=0; i<5; i++) {
			 System.out.println(students[i]);
		 }
		 
	}
}

You can also get the length of an array with the length class

public class Main {
	public static void main(String[] args) {
		//Arrays in java
	     String[] students = new String[5];
		 students[0] = "Meisam";
		 students[1] = "Sarah";
		 students[2] = "Sarah";
		 students[3] = "Sarah";
		 students[4] = "Sarah";
		 System.out.println("[+] Array's length is : " + students.length);
		 for (int i=0; i<students.length; i++) {
			 System.out.println(students[i]);
		 }
		 
	}
}

Object Oriented Programming

Defining a class which should be saved in a file e.g Phone.java

public class Phone {
	String name;
	int phoneNumber;
	int userSignature;
	String userModel;
	String imeiString;
}

Instantiating a class in main class

public class Main {
	public static void main(String[] args) {
		Phone iphone = new Phone();//Creating an instance of a class
		//Attributes
		iphone.name = "Iphone 11"; 
		iphone.phoneNumber = "08109978500";
		//Accessing the field of a class
		System.out.println(iphone.name);
	}
}

Creating a function in java public void Name(String me)

public class Phone {
	String name;
	String phoneNumber;
	//Creating a methodd
	//If you don't want to return any value, use the keyword void as seen below
	public void printString(String trackName) {
		System.out.println("Playing track :" + trackName);
	}
}

Calling a method

iphone.printString("Bahubali");

Access modifiers helps to restrict the scope of a class, constructor, variable, method, or data member. It provides security, accessibility, etc. to the user depending upon the access modifier used with the element.It can be public, private, default and protected.If you don’t use anything as the modifier,it is public.

public class Phone {
	String name;
	String phoneNumber;
	//Use of access modifiers
	public String model = "SM-1234";

Calling it

System.out.println(iphone.model);

Although this private fields can be accessed by a method in the class

public class Phone {
	String name;
	String phoneNumber;
	//Use of access modifiers
	private String model = "SM-1234";
	//Creating a methodd
	//If you don't want to return any value, use the keyword void as seen below
	public void printString(String trackName) {
		System.out.println("Playing track :" + trackName);
	}
	public void accessPrivateField() {
		System.out.println(model);
	} 
}

Setting a value with a method and also get a value with a method even if it is set to private-:

public class Phone {
	private String name;
	String phoneNumber;
	//Use of access modifiers
	private String model = "SM-1234";
	//Creating a methodd
	//If you don't want to return any value, use the keyword void as seen below
	public void printString(String trackName) {
		System.out.println("Playing track :" + trackName);
	}
	public void accessPrivateField() {
		System.out.println(model);
	}
    //set class field 'name'	
	public void setName(String name){
		this.name = name;
	}
	//return class field name	
	public String getName() {
		return this.name;
	}
}

Calling it-:

public class Main {
	public static void main(String[] args) {
		Phone iphone = new Phone();//Creating an instance of a class
		//Attributes
		//iphone.name = "Iphone 11"; 
		iphone.phoneNumber = "08109484844978500";
		//Accessing the field of a class
		//System.out.println(iphone.name);
		iphone.accessPrivateField();
		iphone.printString("Bahubali");
		iphone.setName("Iphone 22");
		//System.out.println(iphone.name);
		System.out.println(iphone.getName());
	}
}

Creating a constructor

A constructor in Java is a special method used to initialize objects. It is called when an instance of a class is created, and it can set initial values for object attributes. Constructors are essential for creating and initializing objects in Java.

public Phone(String name,String phoneNumber) {
		this.name = this.name;
		this.phoneNumber = phoneNumber;
		this.model =  "SM-1234";
	}

Creating classes and subclasses

SuperClass Animal-:

public class Animal {
	private String name;
	private String typeA;
	private int legNumbers;
	private Boolean hasTail;
	
	public Animal(String name,String typeA,int legNumber,Boolean hasTail) {
		this.name = name;
		this.typeA = typeA;
		this.legNumbers = legNumber;
		this.hasTail = hasTail;
	}
	
	public void setName(String name) {
	    this.name = name;
	
	}
	public void setTypeA(String name) {
	    this.typeA = typeA;
	
	}
}

Subclasss Bird-:Fields are passed to the super class Animal with super() object

public class Bird extends Animal {
	public Bird(String name,String typeA,int legNumber,Boolean hasTail){
	super(name,typeA,legNumber,hasTail);
	}
}

Instatiating the class Bird

//Bird
public class Main{
	public static void main(String[] args) {
		//Instatiating our Bird class
		Bird phoenix = new Bird("Bangis","Parrot",10,true);
		//Setting a Name
		phoenix.setName("Hawk");
		//Accessing the superclass function
		System.out.println(phoenix.getName());
	}
}

You can also create other fields within a subclass that won’t be passed to the super class but you have to extend the class and not the constructor.

public class Bird extends Animal {
	private int wings;
	public Bird (String name,String typeA,int legNumber,Boolean hasTail,int wings){
	super(name,typeA,legNumber,hasTail);
	this.wings = wings;
	}
	public void canFly() {
		if (this.wings > 0) {
			System.out.println("[+]Can fly");
		} else {
			System.out.println("[+]Cannot fly");
		}
	}
	public void setWings(int wings) {
		this.wings = wings;
	}
	public int getWings() {
		return this.wings;
	}
}

You can also override method in the main class with the @Override keyword.

Animal class-:

public void eat(String food) {
		System.out.println(this.name + " eats " + food);
	}

Bird Class-:

@Override
	public void eat(String food) {
		super.eat(food);
	}

Polymorphism refers to a class having multiple constructors or two methods doing two different stuffs.The core feature of polymorphism is the data type parameter.

public void canFly() {
		if (this.wings > 0) {
			System.out.println("[+]Can fly");
		} else {
			System.out.println("[+]Cannot fly");
		}
	}
	public void canFly(int wings){
		if (wings > 0) {
			System.out.println("[+]Can fly");
		} else {
			System.out.println("[+]Cannot fly");
		}
	}

Null keyword
final keyword is used to create a constant.

final String x = "Sleep";
x = "sleep";
System.out.println(x);

ArrayList

Import with -:

import java.util.ArrayList

Initializing a new Arraylist

ArrayList<String> names = new ArrayList<>();

Adding a value with the add() method

names.add("Meisam");
names.add("Sarah");

Picking a value with function get()

names.get(0);

Length of the ArrayList

names.size();

Use contains to check if an Arraylist contains a value,It will return a boolean.

names.contains("Shayla");

Remove a value with remove()

names.remove("Value");

To print the index of a value

names.indexOf("Shayla");

Check if it is empty with isEmpty function

names.isEmpty()

MAP

Import Map

import java.util.Map;

Initialzing a map but to instantiate object HashMap, use import java.util.HashMap

//<> contains the  data type for the key and value
Map<String,String> contacts = new HashMap<String, String>();

To add a value, use put()

contacts.put("Meisam","08109978500");

To retrieve a value, use get()

contacts.get("Meisam");

Getting the size of a Map

contacts.size()

Remove a key

contacts.remove("Meisam");

Check is a value exists with containsKey() and containsValue()

contacts.containsKey("Me");
contacts.containsValue("08109978585858558");

Syntax for each loop-:

for (type var : array) {
    statements using var;
}

Static keyword - Inner Classes

When the static keyword is a dded to a field, it does work for instance of the object but the object itself.It should not be added to the constructor the class.e.g

public class Student {
	public static String name;
	private int id;
	private String falseName;
	public Student(int id,String falseName) {
		this.id = id;
	}
	public void setName(String name){
		this.name =  name;
	}
	public void setId(int id){
		this.id =  id;
	}
	public void setFalseName(String falseName) {
		this.falseName = falseName;
	}
	public String getName(){
		return this.name;
	}
	public int getId(){
		return this.id;
	}
	public String getFalseName(){
		return this.falseName;
	}
}

You can only set the static variable with a setter and accessed with getters as seen above.

public class Main {
	public static void main(String[] args) {
		Student student = new Student(10,"Sarah");
	    student.setName("Lame");
		System.out.println(student.getName());
		 
	}
}

Although variables with the static keyword can be changed by calling the Class directly.The static method is memory friendly and can be ensure memory handling.

Student.name =  "Kris";

Inner Classes are classes within a class.

public class Student {
	private int id;
	private String name;
	
	public class innerClass {
		private int innerId;
		private String innerName;
		
		public innerClass(int innerId,String innerName) {
			this.innerId = innerId;
			this.innerName = innerName;
		}
	}
}

Instatiating an inner class

Student.innerClass inner = new Student().new innerClass(1,"Name");

Nox emulator adb not connected

Nox might be running on a different port.

Installing frida-server

Help

Running frida to spawn executable

Use command-:

frida --codeshare sahabrifki/okhttp3-obfuscated---ssl-pinning-bypass -f  "package-name" -U

Bypass Okhttp3 with multiple ssl pinning script

Syntax-:

frida --codeshare akabe1/frida-multiple-unpinning  -f  "package-name" -U

Script-:
Push the burp cert with-:

adb push cacert.cer /data/local/tmp/root.cer

More Tips

Nox_adb.exe location

Path-: C:\Program Files (x86)\Nox\bin\nox_adb.exe