Android

Broken Droid Factory : Crafting Vulnerable APKs For Pen Testing And Security Training


BDF is a Python tool designed to spin-up pseudo random vulnerable Android applications for vulnerability research, ethical hacking, and pen testing Android app practice.

  • To get started, download the dependancies and run BrokenDroidFactory.py, it’s as simple as that!
  • Create a pseudo random Android APK that contains an assortment of vulnerable and issue prone code.
  • After run, a README.md file is created detailing the app’s issues and vulnerabilities.

Getting Started

Installation

After cloning the repository all BDF dependencies can be installed manually or via the requirements file, with:

pip install -r REQUIREMENTS.txt

In addition to the above, you will also need a copy of the Android SDK. If you do not have this already it can be downloaded here by either downloading it via Android Studio or downloading it via the command line tools. To ensure that BDF picks up your SDK path perform one of the following:

  • Save your SDK path to C:\Users\<username>\AppData\Local\Android\Sdk on Windows.
  • Provide the path to your SDK to BDF with the -s paramiter.
  • Provide the path to your SDK when prompted by the command line.
  • Create a file at Broken-Droid-Factory/demoapp/local.properties with the contents sdk.dir=<path to your SDK>
  • Open the Android project demoapp in AndroidStudio, it will then create a local file called local.properties detailing your SDK path.

BDF has only been tested on Windows 10.

Usage

Run BDF with Python:

python BrokenDroidFactory.py

Several optional pramiters can be provided to BDF, use -h to see a full list:

optional arguments:
  -h, --help            Show this help message and exit.
  -o OUTPUT, --output OUTPUT
                        The output directory for the compiled APK to be saved
                        to.
  -t TEMPLATE, --template TEMPLATE
                        The path to the template app. Do not alter unless you
                        know what you're doing.
  -s SDK, --sdk SDK     The path to your local Android SDK.
  -c CHALLENGE, --challenge CHALLENGE
                        The desired challenge level for the created APK.
  -v, --verbose         Increase output verbosity.

After running BDF to completion you will be left with 2 files in the output directory (out if not provided). A README.md file detailing the workings and the types of challenges in the app, and an .apk file.

Types Of Challenges

Use BDF to create vulnerable and issue prone Android applications in the below categories:

  • Broken Crypto: Insecure Algorithm Usage
  • Broken Crypto: Predictable Key Material
  • Exploitable Exported Activities
  • Insecure Data Storage
  • Sensitive Data In Memory
  • Tapjacking
  • Task hijacking

Creating Your Own Patchers

Patchers are used by BDF to modify a template application source and add vulnerable and issue prone code to it.

A patcher must have several key aspects and have this purpose in mind.

However, outside of this how patchers are implemented is quite flexible and modular.

  • A patcher should be saved to the patchers directory.
  • A patcher should inherit patcher_interface.patcher
  • A patcher should have a member variable of difficulty set to an int value between 0 and 10 – where 0 means it provides no challenge and is used to add variability to the app, and a number higher than 0 denotes it’s difficulty score to complete (with the higher the score the more difficult it is).
  • A patcher should have a patch function (of which is automatically run when the patcher is called by BDF) and should return a string based on what the patcher has done.
  • A reference to your created patcher class should be added to the patcher_list list variable in BrokenDroidFactory.py
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Starship : Revolutionizing Terminal Experiences Across Shells

Starship is a powerful, minimal, and highly customizable cross-shell prompt designed to enhance the terminal…

15 hours ago

Lemmy : A Decentralized Link Aggregator And Forum For The Fediverse

Lemmy is an innovative, open-source platform designed for link aggregation and discussion, providing a decentralized…

15 hours ago

Massive UX Improvements, Custom Disassemblers, And MSVC Support In ImHex v1.37.0

The latest release of ImHex v1.37.0 introduces a host of exciting features and improvements, enhancing…

16 hours ago

Ghauri : A Powerful SQL Injection Detection And Exploitation Tool

Ghauri is a cutting-edge, cross-platform tool designed to automate the detection and exploitation of SQL…

19 hours ago

Writing Tools : Revolutionizing The Art Of Writing

Writing tools have become indispensable for individuals looking to enhance their writing efficiency, accuracy, and…

19 hours ago

PatchWerk : A Tool For Cleaning NTDLL Syscall Stubs

PatchWerk is a proof-of-concept (PoC) tool designed to clean NTDLL syscall stubs by patching syscall…

2 days ago