This quickly brings up the class implementing microphone access. The code needs to request this permission explicitly, so looking for _AUDIO in the decompiled Java code is a good start. The game in question had an unintentionally exposed service: In order to be exposed, they either need an android:exported="true" attribute or an child. The rules for tags like, or are: these aren’t accessible to other applications by default. Many of the potentially affected components are visible in the AndroidManifest.xml file.
These can be triggered by other applications in order to abuse application’s privileged access. While I don’t have much experience with Android vulnerabilities, I know that one typical vulnerability are exposed application components.
The game-apktool directory is more complete, and its Smali code is more reliable because closer to the source. Now I have a game-procyon directory with the easy to read but not always entirely correct Java code of the game. Procyon Decompiler doesn’t have the option to exclude a single class, so I removed it from the JAR file. This took a while and hanged up for a particular class for me. My tool of choice so far is Procyon Decompiler: java -jar procyon-decompiler.jar -o game-procyon game-dex2jar.jar Now I have game-dex2jar.jar containing Java classes, without any of the non-code files. I can get it by turning the code into a regular Java JAR file using dex2jar first: d2j-dex2jar.sh -f game.apk Smali is fairly readable but I still prefer “proper” Java code. And it will translate the code into Smali which is a kind of assembler language.
It will also decode various XML files such as AndroidManifest.xml. This will unpack the package into a directory named game-apktool. So the first step is running apktool on it: apktool d -o game-apktool game.apk It’s a regular ZIP file but its contents aren’t very useful still. You can search for this ID along with the keyword “APK”, it will give you one of the websites providing Android application packages for download. The application ID will be in the page address, for example. Google Play won’t let you download it, but it’s still useful to locate the application there first. First you need the package of the application.
0 kommentar(er)
