Category: Technologies


Android applications are bundled and distributed as apk(s), aka Android application package.To make an APK file, a program for Android is first compiled, and then all of its parts are packaged into one file. An APK file contains all of that program’s code (such as .dex files), resources, assets, certificates, and manifest file. As is the case with many file formats, APK files can have any name needed, provided that the file name ends in “.apk”.

Apk Contents:

An APK file is an archive that usually contains the following files and directories:

  • META-INF directory:
    • MANIFEST.MF: the Manifest file
    • CERT.RSA: The certificate of the application.
    • CERT.SF: The list of resources and SHA-1 digest of the corresponding lines in the MANIFEST.MF file; for example:
 Signature-Version: 1.0
 Created-By: 1.0 (Android)
 SHA1-Digest-Manifest: wxqnEAI0UA5nO5QJ8CGMwjkGGWE=
 ...
 Name: res/layout/exchange_component_back_bottom.xml
 SHA1-Digest: eACjMjESj7Zkf0cBFTZ0nqWrt7w=
 ...
 Name: res/drawable-hdpi/icon.png
 SHA1-Digest: DGEqylP8W0n0iV/ZzBx3MW0WGCA=
  • lib: the directory containing the compiled code that is specific to a software layer of a processor, the directory is split into more directories within it:
    • armeabi: compiled code for all ARM based processors only
    • armeabi-v7a: compiled code for all ARMv7 and above based processors only
    • arm64-v8a: compiled code for all ARMv8 arm64 and above based processors only[7][8]
    • x86: compiled code for x86 processors only
    • x86_64: compiled code for x86 64 processors only
    • mips: compiled code for MIPS processors only
  • res: the directory containing resources not compiled into resources.arsc (see below).
  • assets: a directory containing applications assets, which can be retrieved by AssetManager.
  • AndroidManifest.xml: An additional Android manifest file, describing the name, version, access rights, referenced library files for the application. This file may be in Android binary XML that can be converted into human-readable plaintext XML with tools such as AXMLPrinter2, android-apktool, or Androguard.
  • classes.dex: The classes compiled in the dex file format understandable by the Dalvik virtual machine
  • resources.arsc: a file containing precompiled resources, such as binary XML for example.

Decompilation process:

Our prerequisite would be these 3 tools:

  • dex2jar: Used to convert the apk to jar file. Can be downloaded from here.

  • JD-GUI: Used to view the contents/source from the jar file decompiled in previous step. Details are here.

  • apktool: For reverse engineering the apk to extract files and folders. This can be used to extract the manifest individually and then reading from it. It is available here for download.

dex2jar and JD-GUI are used together. dex2jar converts apk to jar file and JD-GUI provides the editor to browse that jar file. To use dex2jar:

  1. Download dex2jar from here and extract it to a separate folder.
  2.  Execute the following command to decompile an apk:

    sh d2j-dex2jar.sh testapp.apk

  3. It might happen that terminal might show you a permissions error related to d2j_invoke.sh while executing step 2, if that happens then provide d2j_invoke.sh with appropriate permissions by executing:

    sudo chmod +x d2j_invoke.sh

  4. Post above steps, testapp.jar should be generated which can be opened and browsed via JD-GUI. This file contains all the decompiled code(.class files)

screenshot17

We are already able to browse the source code using dex2jar and JD-GUI, however, another important tool in the arsenal is apktool, which is a tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications. It also makes working with an app easier because of the project like file structure and automation of some repetitive tasks like building apk, etc. Apps/Apks. Decoding of an apk via apktool can be done by using following command:

apktool d test.apk

Repackaging as an apk can be done by:

apktool b test

JD-GUI, d2j and apktool is the essential tooling required to get an effective and deep insight into 3rd party apps which often exist as black boxes. As shown above, the usage is simple and pretty straight forward. I would request you to share your inputs and experiences in comments with these tools or any others that you might have explored for decoding Android or any other platform apps.

 

Advertisements

Ensuring Quality in iOS Apps

Code coverage is an important metric that is a measure used to describe the degree to which the source of a program is executed when a particular test suite runs. A program with high code coverage, measured as a percentage, has had more of its source code executed during testing which suggests it has a lower chance of containing undetected software bugs compared to a program with low code coverage. Many different metrics can be used to calculate code coverage; some of the most basic are the percent of program subroutines and the percent of program statements called during execution of the test suite.

XCode allows to generate code coverage artefacts for any project, which it does by using llvm-cov internally. Although the code coverage metric/data is available in the XCode itself but often it is a requirement to transfer/export this data for an input to a third party tool so that the metrics can be made available to all stakeholder(eg: business). We will use this blog post to lay out the mechanism to export this profiling data regarding code coverage as a text file, so that other tools(Third Party, eg: TICS) can use this as input.

Pre-requisite:

  • Make sure that the code coverage generation is enabled in XCode and the metrics are visible in xcode itself. Much has already been said about this and some excellent documentation is available here.

Procedure:

  • Once you have made sure that the coverage metrics is enabled, run the tests.
  • Post the test run the console should tell you the location(path) where the profiling data was generated. In my case the path was located here:screen-shot-2017-01-18-at-10-51-04
  • Translate Coverage.Profdata(This should be available at the path which we identified in the step above). The translation is done via this command:

    /usr/bin/xcrun llvm-cov show -instr-profile /Users/path/to/DerivedData/Build/Intermediates/CodeCoverage/Coverage.profdata  /Users/path/to/DerivedData/Build/Intermediates/CodeCoverage/Products/Debug-iphonesimulator/Project.app/Project > /Users/path/where/you/want/imported/data/llvm-cov-show.txt

  • By now, at the provided path in the command above, a text file with llvm-cov coverage data(llvm-cov-show.txt) would have been generated. This file is the end product and can be used as input to the any of the third part tools.
  • X items on the visible list means x items inflated/created means x times getView() gets called with convertView as null.
  • Items in recycler at this time: 0
  • User scrolls up.
  • One more time getView() gets called, 2 things happen.
  • getView() gets called with convertView as null. getView() inflates and returns the view that just became visible.
  • The view that just disappeared gets dumped in the recycler.
  • Total views : number of views on screen+1 in recycler.
  • User scrolls further, View recycling kicks in, convertView is no longer null.

listview_recycler

Abstract Class Vs Interface

Yes, I do understand the title reflects the age old repetitive interview question. It has been asked again, again and again and then just some more times. But why, why is this so important. Why does every software company on the planet has the question sticking out of their heads. We all know the answer to this(duh??), they all know the answer to this(duh??), and nearly every preparation site answers this, then what is the big fuss about?

Well, the fantastic thing about an iceberg is its tip and then comes in the total size. In a very similar fashion, for this question, everybody understands the syntax but fails to understand the semantics. If you have been reading about this, few well know answers are:

  • Interface is a 100% abstract class
  • Java class(es) can implement multiple interfaces but it can extend only one abstract class.
  • Java interface should be implemented using keyword “implements”; A Java abstract class should be extended using keyword “extends”.

All the above arguments talk about the dynamics of implementations of an abstract class and interface(s). Although those are factually correct but lack in answering a fundamental design question, i.e., “When should my software use an abstract class and when should it use an interface”.

To answer this let us begin by asking a few questions, the first one is, Have you ever noticed that when we inherit from interfaces, we use “implements” however when we inherit from an abstract class we use “extends”?, Yes, No? Puzzled?

This little inheritance jargon is the key in understanding the usage of abstract classes vs interfaces. Not only in software engineering but in any engineering field(even in basic english), the keyword “implements” is associated with implementing a functionality and “extends” is associated with extending to enhance the characteristics of a type. Keeping this in mind, Whenever we are implementing we are actually defining “what” a class can do or what it is capable of. For example, a Ball which “is a” Toy is “capable of” bouncing. Got it?, Saw the light?, Not yet?

Maybe Now:

class Ball extends Toy implements Bounceable

So whenever we talk about functionality, think interfaces and whenever we talk about characteristics, think abstract classes(not always, but yes when we analyze in terms of extensions). So, as a general rule of thumb:

Interfaces:

  • Talk about what a class can do.(Functionality)
  • Declare what kind of functionality, a class should implement.
  •  Uses “is capable of” relationship.

Abstract Class(es):

  • Talks about characteristics an object should support.
  • Type of an Object
  • Uses “is a” relationship

Hope this cleared some of the fog.

A good way to share a functionality across teams or companies is to share it via packaging through libraries, where the code is invisible and the team requiring it can integrate it seamlessly with the code they are working on. iOS allows the usage of static libraries via “.a” files which can be statically loaded at compile time. Runtime usage of libraries(dynamically, “.so” files) is not allowed for user apps. Some general information about these archives and their usage is mentioned below:

• iOS Simulator and an iOS device have different architectures i.e i386 and armv7s respectively. This means it is necessary to test the final library (".a") file on a real device.

• It is possible to compile a i386 based lib via command line on the terminal on a Mac OS X system. However, it is not the same for if you are building for armv7s architecture. In case of armv7s (iOS device), XCode needs to be used.

Below mentioned are the steps to create a library that can be statically linked to iOS code on a device:

• Fire up XCode and choose a new project template type under OS X→Frameworks and Libraries→C/C++ Libraries.

choose_project

• Name the project and choose type as “Static”.
• Import or just drag and drop .c and .h files into the project.
• Click on “Build Settings” for the project. “Base SDK” should be Latest iOS(7.0) and “Architectures” should be Standard(armv6, armv7).

arch

• Check the “Build Phases” in targets. Add or move the header files to “Public”.
• Select the appropriate scheme and build (Make sure you have a connected iOS device which can be selected as a scheme).

scheme

• Go to Product→Archive→Distribute→Save to save the end product which will be a folder containing the headers and the .a file.

Below mentioned are the steps to create a library that can be statically linked to iOS code that will run ONLY on the simulator. Although this is redundant but is helpful if you just want a quick lib integration/usage check:

• Fire up the terminal on OS X and fire the two commands one after another.
• gcc -Wall -c -arch i386 -arch x86_64 *.c
• ar -cvq libXXYYYZZZ.a *.o

Python Challenges- Code Log

Have been working on Python Challanges by Nadev Samat and yes those are pretty tough and interesting at the same time. I tend to pickup stuff and leave it in the middle so this time I have decided to log my progress by posting code for each challenge I solve and hence keep a code and progress log simultaneously.

Challenge 0:

This one was pretty simple and just required:

>>>pow(2, 38)

on the terminal.
Answer was 274877906944

Challenge 1:

Went dumb(as originally I am) and tried to solve this one by hand, but realization came in after reading the first line and hence switched to code:

>>> import string
>>> str = "g fmnc wms bgblr rpylqjyrc gr zw fylb. rfyrq ufyr amknsrcpq ypc dmp. bmgle gr gl zw fylb gq glcddgagclr ylb rfyr'q ufw rfgq rcvr gq qm jmle. sqgle qrpgle.kyicrpylq() gq pcamkkclbcb. lmu ynnjw ml rfc spj";
>>> intab = "abcdefghijklmnopqrstuvwxyz"
>>> outab = "cdefghijklmnopqrstuvwxyzab"
>>> from string import maketrans
>>> trantab = maketrans(intab, outab)
>>> print str.translate(trantab)

Answer was ocr

Challenge 2:

>>>file = open('temp.txt')
>>>str=file.read()
>>>key = """\n!#%$&()+*@[]_^{}"""
>>> new2 =""
>>> for letter in str:
... if letter not in key:
... new2 += letter
...
>>> print(new2)

Answer was equality

Challenge 3:

>>>file = open('temp.txt')
>>>str=file.read()
>>>pat = re.compile('''
... [^A-Z] # any character except a capital letter
... [A-Z]{3} # three capital letters
... ( # the beginning of a capturing group
... [a-z] # one lowercase letter
... ) # the end of the group
... [A-Z]{3} # three capital letters
... [^A-Z] # any character except a capital letter
... ''', re.VERBOSE)
>>>  re.findall(pat,str)

Answer was linkedlist

Had too google a lot for challenges 3 and 4 as my regex and python knowledge are pretty nascent. But yes, I will be completing all the 31 challenges and posting those here.

Challenge 4:

Enjoyed this one, very little google was required and the code was pretty straight forward and this was the first time I used Python to fetch online resources. Here is the final code. This ran with a hiccup as I had to change the value of ‘stringholder’ once as per the instructs, but finally did the job:

>>> stringholder = '12345'
>>> url = 'http://www.pythonchallenge.com/pc/def/linkedlist.php?nothing='
>>> for x in range(0,399):
... req = urllib2.Request(url+stringholder)
... response = urllib2.urlopen(req)
... fullStr = response.read()
... list = re.findall('\d+', fullStr)
... length = len(list)
... stringholder = list[length - 1]
... print stringholder

Answer was peak

Challenge 5:

Another tough one, finding that banner.p was a task. I got to know about pickling from this one & the output, man I was totally blown away:

>>> import urllib, pickle
>>> url = 'http://www.pythonchallenge.com/pc/def/banner.p'
>>> stream = urllib.urlopen(url)
>>> object = pickle.load(stream)
>>> stream.close()
>>> print object #hint: output of banner program by Unix
>>> for item in object:
... print "".join(i[0]*i[1] for i in item)
...

Answer was channel

Challenge 6:

Phewww, Man, this puzzle was exhausting. You get started with 3 clues: ‘zip’, ‘Now there are pairs’ and ‘channel’. It gives a weak idea that Python zip module is to be used. Hence, Altering the page url to ‘channel.zip’ from channel.html gives us a zip file. I unzipped this file to find lots of files with ‘nothings'(remember?) and a readme file. Now, there are 2 hints in the readme file, first is: “Start with 90052” and “Answer is inside the zip”. Being Lazy as I am, I ignored the 2nd advice completely and followed the LinkedList approach of extracting the nothings and following those but now for a much larger dataset(~1000). Here’s the initial code below:

>>> import zipfile
>>> zip = zipfile.ZipFile(open('channel.zip', 'r'))
>>> nothing = '90052.txt'

>>> while True:
... raw_data = zip.read(nothing, None)
... print raw_data
... nothing = int(raw_data.split()[-1])
... nothing = str(nothing)+'.txt'

Just when I thought I was done I got this:

Next nothing is 46145
Collect the comments.

I had to modify the code and the final code looked like:

>>> import zipfile
>>> zip = zipfile.ZipFile(open('channel.zip', 'r'))
>>> nothing = '90052.txt'
>>> comments = []
>>> while True:
...     raw_data = zip.read(nothing, None)
...     print raw_data
...     nothing = int(raw_data.split()[-1])
...     nothing = str(nothing)+'.txt'
...     comments.append(zip.getinfo(nothing).comment)
print "".join(comments)

This leaves us with the answer, hockey and only if at all it was so easy. I entered this into the url and got this: it’s in the air. look at the letters.

Taking a closer look at the hockey reveals that the answer is oxygen.

Challenge 7:

First things first, through this one I got introduced to the PIL(Python Imaging Library). I had to download and install it as an external module using the help of this link(plus ofcourse a bit of scavenging on stackoverflow). Coming back to the Image being shown in challenge 7, with some pixel manipulation in the middle(once again I omitted the fact that the pixel manipulation was exactly in the middle and tried to play around by printing the random pixel rgba values from the picture).

This was the final code which led to the final answer:

>>> from PIL import Image
>>> original = Image.open("oxygen.png")
>>> y = original.size[1]/2
>>> print "".join([chr(original.getpixel((x,y))[0]) for x in range(0, original.size[0],7)])

After running this code, I got the following:

smart guy, you made it. the next level is [105, 110, 116, 101, 103, 114, 105, 116, 121]pe_

The answer was integrity.

Challenge 8:

As compared to the last few puzzles, this one was relatively easy. Our first clue is the text at the bottom of the page: “Where is the missing link?”. Moving the cursor on the image of the fly indicates that the image is actually a hyperlink and clicking on it brings up a username, password authentication box with a cryptic text “The server says: inflate”. From here nowhere to go, I decided to delve into the source and found “un” and “pw”, which are actually encoded bz2 streams(Ok, Ok I admit I did not find about the stream format on my own) and here is some relevent info regarding bz2 streams. Had to use Python to decompress the streams to reveal the username and password:

>>> import bz2
>>> un = 'BZh91AY&SYA\xaf\x82\r\x00\x00\x01\x01\x80\x02\xc0\x02\x00 \x00!\x9ah3M\x07<]\xc9\x14\xe1BA\x06\xbe\x084'
>>> pw = 'BZh91AY&SY\x94$|\x0e\x00\x00\x00\x81\x00\x03$ \x00!\x9ah3M\x13<]\xc9\x14\xe1BBP\x91\xf08'
>>> bz2.decompress(un)
'huge'
>>> bz2.decompress(pw)
'file'

Challenge 9:
Puzzle 9 tells us to “connect the dots”. The Source reveals 2 sets of values which can only be co-ordinate values. Plotting the coordinate values give us the image of a bull(took trial and error, I tried ox too).
Code is given below:

>>> from PIL import Image
>>> im = Image.new('RGB', (640, 487))
>>> file = open('first_list.txt')
>>> str_first = file.read()
>>> import re
>>> str_first = re.sub('\n', '', str_first)
>>> first_list = str_first.split(",")
>>> flx = first_list[0::2]
>>> fly = first_list[1::2]
>>> file2 = open("second_list.txt")
>>> str_sec = file2.read()
>>> str_sec = re.sub('\n', '', str_sec)
>>> second_list = str_sec.split(",")
>>> slx = second_list[0::2]
>>> sly = second_list[1::2]
>>> im = Image.new('RGB', (640, 487))
>>> for i in range(len(flx)):
...     im.putpixel((int(flx[i]), int(fly[i])), (255, 0, 0))
...     i = i + 1
... 
>>> i = 0
>>> for i in range(len(slx)):
...     im.putpixel((int(slx[i]), int(sly[i])), (255, 0, 0))
...     i = i + 1
... 
>>> im.save('test.png')test

Automation- Python to the rescue

Automation, let’s accept it, it is not easy, either it is a product line or getting your code built on the click of a button or as we have all done at some point of time, manually changing those  long and long repeated lines of code and hoping that a robot will do it for you(or maybe that rookie intern ;)).

So, talking in terms of code, what actually is automation and how useful it is and what kind of tools does it use. To analyse all this, let me talk about a scenario(read mundane) that recently occurred during my day job which rather forced me to come up with a small ‘robot’. As the client would have it, While writing an objective-c client for a server, I had some java code lying around, which I was referring to and this Java code had a rather long list(~300) of enums(string based) and as we all know c does not support those string based pixies and would need to be stripped away. So, I was wondering that how can I just copy these into a .m file and quickly get away with it. After pondering for like 5 mins, I realized, that it would be better if I could just write some code which can edit my code and hence save me some time.

Having decided so, I picked up Python as the tool to work with and after 15 or so mins(Sorry, my bad, my Python is really lousy, since I mostly read about it but never practice it, but am sure it won’t be so after this post.), came up with this little piece on terminal:

f = open("xyz.h", 'r')
lines = f.readlines()
f.close()
f = open("xyz.h", 'w')
import re
for line in lines: p = re.compile('\((.*?)\)'); line = p.sub('', line); f.write(line);
f.close()

AND, voila, I had a file but this time with only enum constants(Before: ENUM_CONSTANTS(“string”) After: ENUM_CONSTANTS). The little robot just accomplished this in few lines code.

Now, I’m looking forward to use Python as much as possible to create little robots like these to edit my code so that I can create a few more bugs in the meantime 😉

Happy Coding.

Mac Musings- Pulling ‘strings’

‘strings’ is a very powerful good little devil, present in every unix like OS. Its primary job is to hunt down and print text strings embedded in binary strings such as executables. Like every other tool, it is very useful for both hackers and crackers. Pentesters specifically can use this tool to identify vulnerabilities(read static passwords/pass phrases and usernames) during black-box testing of apps.

Usage of ‘strings’ on mac is extremely simple and just requires firing up the terminal and typing in: strings filename

The output is a list of strings present in the binary(if any). So, Coders using static passwords, please beware!

Common usage includes piping it to grep and fold or redirecting the output to a file.

 

So the thing was, I was tying to setup the adb path on my mac and finally done, I decided to write a little tutorial so that anybody and everybody can simply go through the following instructs and just breeze through it:

  • Fire up the terminal on the mac.
  • Browse to the root directory and create a file named .bash_profile, using the command “touch .bash_profile“.
  • Using the command above can be a little tricky as the user might not have the permissions to create the file under the root directory, so as a solution to that we will use the “sudo chown username file/dirname“, to temporarily change the permissions for a given directory/file.
  • Next, type “open -e .bash_profile” to open it in TextEdit.
  • A TextEdit window will open, copy and past this into that window, export PATH=$PATH:/yoursdkfolderfull path/sdk/platform-tools
  • Save the changes and close text edit.
  • Restart terminal, while in the root directory, type: source .bash_profile
  • ADB should be setup now, check by firing the adb command on the terminal.
  • And Thats pretty much it.

Bits and Nibbles

  • Adding 2 Binary numbers:

One of the popular interview questions, usually in the preliminary or the telephonic rounds. Given 2 binary arrays of length, you need to find their sum?

Ans: The arrays can be initialized as java boolean types,
Eg:

                boolean A[] = { true, false, false };
		boolean B[] = { true, false, false };
		boolean C[] = { false, false, false, false };
		boolean carry = false;
		for (int j = B.length - 1; j >= 0; j--) 
		{
			C[j + 1] = ((A[j] ^ B[j]) ^ carry);
			if (A[j] && B[j]) 
			{
				carry = true;
			} 
			else 
			{
				carry = false;
			}

		}
		C[0] = carry;

		return C;

The Sum can be calculated by using the XOR operator with a carry.

 

  • Finding the unique number from a given array:

Given an array, which has a double of each number(1,1,2,3,2,3,4,4…….). Find a single Number which is unique?

Brute-Force approach: Walk through the array and compare the numbers using a counter variable or something similar.

Simple Approach: XOR the array. Only the unique number will remain.

 

  • Find if the number ‘n’ i s a power of 2 or not.

n & (n – 1) == 0 should be true.