BDF is a Python tool designed to spin-up pseudo random vulnerable Android applications for vulnerability research, ethical hacking, and pen testing Android app practice.
BrokenDroidFactory.py, it’s as simple as that! README.md file is created detailing the app’s issues and vulnerabilities. After cloning the repository all BDF dependencies can be installed manually or via the requirements file, with:
pip install -r REQUIREMENTS.txt In addition to the above, you will also need a copy of the Android SDK. If you do not have this already it can be downloaded here by either downloading it via Android Studio or downloading it via the command line tools. To ensure that BDF picks up your SDK path perform one of the following:
C:\Users\<username>\AppData\Local\Android\Sdk on Windows.-s paramiter.Broken-Droid-Factory/demoapp/local.properties with the contents sdk.dir=<path to your SDK>demoapp in AndroidStudio, it will then create a local file called local.properties detailing your SDK path.BDF has only been tested on Windows 10.
Run BDF with Python:
python BrokenDroidFactory.py Several optional pramiters can be provided to BDF, use -h to see a full list:
optional arguments:
-h, --help Show this help message and exit.
-o OUTPUT, --output OUTPUT
The output directory for the compiled APK to be saved
to.
-t TEMPLATE, --template TEMPLATE
The path to the template app. Do not alter unless you
know what you're doing.
-s SDK, --sdk SDK The path to your local Android SDK.
-c CHALLENGE, --challenge CHALLENGE
The desired challenge level for the created APK.
-v, --verbose Increase output verbosity. After running BDF to completion you will be left with 2 files in the output directory (out if not provided). A README.md file detailing the workings and the types of challenges in the app, and an .apk file.
Use BDF to create vulnerable and issue prone Android applications in the below categories:
Patchers are used by BDF to modify a template application source and add vulnerable and issue prone code to it.
A patcher must have several key aspects and have this purpose in mind.
However, outside of this how patchers are implemented is quite flexible and modular.
patchers directory.patcher_interface.patcherdifficulty set to an int value between 0 and 10 – where 0 means it provides no challenge and is used to add variability to the app, and a number higher than 0 denotes it’s difficulty score to complete (with the higher the score the more difficult it is).patch function (of which is automatically run when the patcher is called by BDF) and should return a string based on what the patcher has done.patcher_list list variable in BrokenDroidFactory.pyMySQL is the most popular open-source relational database management system. It is fast, reliable, and a…
Git is the most widely used version control system in the world. It was created by…
Go (also called Golang) is an open-source programming language built by Google. It is designed to…
Visual Studio Code (VS Code) is an open-source code editor developed by Microsoft. It is one…
Nginx (pronounced "engine x") is an open-source, high-performance web server and reverse proxy. It is used…
Apache is one of the most widely used open-source web servers in the world. It is…