Skip to content

Xamarin

Reverse Engineering

  1. Unpack the apk
    apktool b com.vulnapp.apk
    
  2. Inside the unkown assemblies folder use tools/Xamarin_XALZ_decompress.py at master ยท x41sec/tools ยท GitHub to parse the headers from XLZ to PE so you can decrypt it with DnSpy

Traffic Interception

One technique to rule them all

AVD does not utilise the built in proxy settings of Android Devices, it utilises some magic under the hood to proxy traffic. Works on non-proxy aware applications 1. Set up an Pixel 3a XL android emulated device (needs to have SDK < 29). 2. Use Android Studio Virtual Device Manager with the following command line args. 3. Drag and drop the APK to the device to install it. 4. Install burp certificate on the device by following the guide: https://secabit.medium.com/how-to-configure-burp-proxy-with-an-android-emulator-31b483237053

# -list-avds : List virtual devices
C:\Users\Karim\AppData\Local\Android\Sdk\emulator\emulator.exe -list-avds


# --writeable : start as root
# --http-proxy
C:\Users\Karim\AppData\Local\Android\Sdk\emulator\emulator.exe -avd 'Pixel_3a_XL_API_28'  -http-proxy 127.0.0.1:8080 -writable-system

Alternatively, if the device requires Google Play services: 1. Root an Android build with Google Play services using GitHub - newbit1/rootAVD: Script to root AVDs running with QEMU Emulator from Android Studio 2. Follow the same steps described above, but don't use the -writable-system flag when starting the device.

Intercept Traffic using tooling

SSL Unpinning

Resources