1
00:00:00,720 --> 00:00:05,400
‫-: Hi. Within this lecture we are going to sign our APK

2
00:00:05,400 --> 00:00:07,830
‫and we are going to install it in our emulator.

3
00:00:07,830 --> 00:00:11,400
‫And finally we are going to see how to read content

4
00:00:11,400 --> 00:00:13,530
‫from Charles proxy.

5
00:00:13,530 --> 00:00:17,730
‫So far we have changed the content of our APK.

6
00:00:17,730 --> 00:00:20,880
‫We have manipulated the manifest file

7
00:00:20,880 --> 00:00:25,320
‫and we have added some network configuration file

8
00:00:25,320 --> 00:00:28,350
‫and now it's time to create an APK.

9
00:00:28,350 --> 00:00:32,310
‫Actually, we have created the APK but we didn't sign it

10
00:00:32,310 --> 00:00:36,480
‫so we couldn't actually install it on our emulator.

11
00:00:36,480 --> 00:00:40,050
‫So what I'm gonna do, I'm going to sign this

12
00:00:40,050 --> 00:00:43,054
‫and I'm going to move this on my desktop first

13
00:00:43,054 --> 00:00:46,620
‫and I'm going to use the previous method

14
00:00:46,620 --> 00:00:48,870
‫that we have seen in this course.

15
00:00:48,870 --> 00:00:53,460
‫Remember we use Jar Signer in order to sign this.

16
00:00:53,460 --> 00:00:54,570
‫And in order to do

17
00:00:54,570 --> 00:00:59,100
‫that you can actually use Windows comment prompt as well.

18
00:00:59,100 --> 00:01:03,270
‫But JDK should be installed on your computer

19
00:01:03,270 --> 00:01:06,150
‫I believe by now you know how to do this.

20
00:01:06,150 --> 00:01:08,760
‫Okay, so let me show you something.

21
00:01:08,760 --> 00:01:12,870
‫If we come over here to google.com

22
00:01:12,870 --> 00:01:17,870
‫and just search for Android sign APK commands line

23
00:01:18,060 --> 00:01:22,920
‫you will see the commands that we have been using so far.

24
00:01:22,920 --> 00:01:25,830
‫There are millions of results over here.

25
00:01:25,830 --> 00:01:28,170
‫You can even get these steps

26
00:01:28,170 --> 00:01:32,130
‫and instructions from Stack Overflow like this.

27
00:01:32,130 --> 00:01:34,380
‫But again, I'm going to copy

28
00:01:34,380 --> 00:01:37,620
‫and paste this key tool and jar signer

29
00:01:37,620 --> 00:01:41,490
‫in my notes and in the resources of this lecture

30
00:01:41,490 --> 00:01:46,140
‫so that you can just copy it and use it on your own.

31
00:01:46,140 --> 00:01:48,570
‫So that's exactly what we are trying to do.

32
00:01:48,570 --> 00:01:51,030
‫Remember we are using key tool

33
00:01:51,030 --> 00:01:53,850
‫in order to generate a key, okay?

34
00:01:53,850 --> 00:01:58,080
‫That's key store file, actually key store extension

35
00:01:58,080 --> 00:02:00,071
‫and then we use Jar Signer

36
00:02:00,071 --> 00:02:05,071
‫in order to use that key store file to sign our APK.

37
00:02:06,060 --> 00:02:08,850
‫Now remember there are a lot of other options as well.

38
00:02:08,850 --> 00:02:13,680
‫Like you can even download an APK for JAR signing.

39
00:02:13,680 --> 00:02:18,090
‫You can search Google Play for signing APKs

40
00:02:18,090 --> 00:02:21,360
‫or Jar Signer and you will find a lot

41
00:02:21,360 --> 00:02:24,420
‫of results, just download it and use it.

42
00:02:24,420 --> 00:02:27,870
‫But I'm going to do what we have been doing so far.

43
00:02:27,870 --> 00:02:31,083
‫So I'm going to open my notes like this, okay?

44
00:02:31,083 --> 00:02:35,970
‫And let me make this a little bit bigger here

45
00:02:35,970 --> 00:02:40,230
‫and I'm going to use this on my Turmo.

46
00:02:40,230 --> 00:02:43,500
‫And again, you should go to desktop

47
00:02:43,500 --> 00:02:46,770
‫in order to use it because your APK should be

48
00:02:46,770 --> 00:02:50,070
‫on desktop or where will you put your APK?

49
00:02:50,070 --> 00:02:51,420
‫Just make sure you go

50
00:02:51,420 --> 00:02:54,270
‫to that folder in order to use these comments.

51
00:02:54,270 --> 00:02:57,158
‫And we're going to run those comments one

52
00:02:57,158 --> 00:03:02,158
‫by one and don't forget to change their related places

53
00:03:02,610 --> 00:03:04,683
‫like the APK name over here.

54
00:03:05,700 --> 00:03:09,300
‫So I'm going to first create this key star.

55
00:03:09,300 --> 00:03:10,950
‫It will ask me for a password.

56
00:03:10,950 --> 00:03:14,040
‫I'm just going to give one and if you type it

57
00:03:14,040 --> 00:03:18,113
‫and hit enter it will just accept it, but you won't see it

58
00:03:18,113 --> 00:03:21,960
‫in the screen because of the security reasons, remember?

59
00:03:21,960 --> 00:03:25,830
‫Okay? And again, type the same password one more time.

60
00:03:25,830 --> 00:03:28,230
‫It will ask you for your credentials

61
00:03:28,230 --> 00:03:30,270
‫and some other information as well.

62
00:03:30,270 --> 00:03:33,270
‫You're more than welcome to just skip those

63
00:03:33,270 --> 00:03:36,150
‫or give some false information like this.

64
00:03:36,150 --> 00:03:40,050
‫But when you see this no you should say yes

65
00:03:40,050 --> 00:03:43,620
‫and I accidentally put in a like this.

66
00:03:43,620 --> 00:03:47,640
‫Okay, so let me do this one more time and here you go.

67
00:03:47,640 --> 00:03:49,890
‫It says no and I will say yes

68
00:03:49,890 --> 00:03:53,160
‫because it asks me if this is correct or not.

69
00:03:53,160 --> 00:03:56,730
‫Okay, so here is my key store file.

70
00:03:56,730 --> 00:03:59,430
‫Now I'm going to use this key store file.

71
00:03:59,430 --> 00:04:01,950
‫I'm going to use the jar signer tool

72
00:04:01,950 --> 00:04:04,950
‫in order to sign this APK.

73
00:04:04,950 --> 00:04:07,770
‫So I'm still in desktop, I'm still

74
00:04:07,770 --> 00:04:10,080
‫in the same place with my APK.

75
00:04:10,080 --> 00:04:12,240
‫And remember you have to change the name

76
00:04:12,240 --> 00:04:16,800
‫from here if you have another name in your APK.

77
00:04:16,800 --> 00:04:21,300
‫So mine is APK debug and I'm gonna go

78
00:04:21,300 --> 00:04:26,269
‫for it like this and it will ask me for my password, okay?

79
00:04:26,269 --> 00:04:30,650
‫And I will give the password that I have chosen

80
00:04:30,650 --> 00:04:33,510
‫and it's unable to open the JAR file.

81
00:04:33,510 --> 00:04:37,560
‫Let's see, yeah, I believe I have misspelled it.

82
00:04:37,560 --> 00:04:41,820
‫As you can see it's called APK debug in the comment

83
00:04:41,820 --> 00:04:44,010
‫but it's actually app debug.

84
00:04:44,010 --> 00:04:49,010
‫So make sure you get this right, like this app debug.

85
00:04:49,020 --> 00:04:52,230
‫And I'm going to try one more time.

86
00:04:52,230 --> 00:04:54,630
‫It will ask me for my password.

87
00:04:54,630 --> 00:04:58,920
‫I'm going to give it and let me see.

88
00:04:58,920 --> 00:04:59,850
‫Yep, here you go.

89
00:04:59,850 --> 00:05:04,850
‫Now the APK is actually signed, so I can install this

90
00:05:05,940 --> 00:05:10,410
‫on my emulator and do what I have to do.

91
00:05:10,410 --> 00:05:11,243
‫Here you go.

92
00:05:11,243 --> 00:05:13,980
‫Now it's installed on my emulator.

93
00:05:13,980 --> 00:05:17,040
‫So this is manipulated APK.

94
00:05:17,040 --> 00:05:19,560
‫We will be able to use the certificate that we

95
00:05:19,560 --> 00:05:22,830
‫have installed before from Charles proxy.

96
00:05:22,830 --> 00:05:26,220
‫Okay, and let me close everything down

97
00:05:26,220 --> 00:05:28,320
‫and let me open Charles.

98
00:05:28,320 --> 00:05:30,272
‫So here we go.

99
00:05:30,272 --> 00:05:35,272
‫So let's try to start the recording and SSL proxy.

100
00:05:35,670 --> 00:05:38,318
‫Now as you can see, both of them are running.

101
00:05:38,318 --> 00:05:41,400
‫Okay. Make sure you see the start and stop

102
00:05:41,400 --> 00:05:44,100
‫and make sure you include everything over here

103
00:05:44,100 --> 00:05:48,540
‫and make sure you changed the proxy in the settings as well.

104
00:05:48,540 --> 00:05:53,490
‫So when I come to my security with app I, I'm going to try

105
00:05:53,490 --> 00:05:57,180
‫and log in with my previously created account

106
00:05:57,180 --> 00:06:00,900
‫Or I can even sign up, or something like this.

107
00:06:00,900 --> 00:06:05,640
‫Okay? So if I say sign in, there is a network error.

108
00:06:05,640 --> 00:06:08,190
‫As you can see, it doesn't sign me in.

109
00:06:08,190 --> 00:06:10,560
‫It doesn't log me in.

110
00:06:10,560 --> 00:06:14,310
‫So there is a timeout, but if I come over here

111
00:06:14,310 --> 00:06:18,090
‫I can see the fire store google.com over here.

112
00:06:18,090 --> 00:06:23,070
‫So let me filter this result by running fire over here.

113
00:06:23,070 --> 00:06:24,570
‫And as you can see there are a couple

114
00:06:24,570 --> 00:06:29,186
‫of things like fire store console, fire store.

115
00:06:29,186 --> 00:06:31,620
‫So I'm going to try and see

116
00:06:31,620 --> 00:06:35,494
‫if I can actually go to any HTTPS websites.

117
00:06:35,494 --> 00:06:38,340
‫So google.com seems to be working

118
00:06:38,340 --> 00:06:41,850
‫so there is nothing wrong with Charles proxy itself.

119
00:06:41,850 --> 00:06:46,020
‫So we are having some difficulties regarding our app.

120
00:06:46,020 --> 00:06:48,090
‫So I'm going to try one more time

121
00:06:48,090 --> 00:06:50,550
‫and it still gives me some timeout.

122
00:06:50,550 --> 00:06:53,940
‫So if you experience any problem like that

123
00:06:53,940 --> 00:06:58,080
‫make sure you stop the SSL proxy like this, okay?

124
00:06:58,080 --> 00:07:02,400
‫And then try to sign in or sign up ,to go into the feed

125
00:07:02,400 --> 00:07:06,840
‫because we need the collection name eventually anyway, okay

126
00:07:06,840 --> 00:07:10,200
‫maybe we got the Firebase ID by now

127
00:07:10,200 --> 00:07:13,890
‫but we didn't get the collection name.

128
00:07:13,890 --> 00:07:15,750
‫Now if you started again

129
00:07:15,750 --> 00:07:19,110
‫and try to edit a tweet for example

130
00:07:19,110 --> 00:07:24,110
‫maybe we will experience another time out over here.

131
00:07:24,240 --> 00:07:29,220
‫But we are inside of our feed activity

132
00:07:29,220 --> 00:07:33,011
‫so maybe we got what we need by now.

133
00:07:33,011 --> 00:07:35,100
‫But in order to be sure

134
00:07:35,100 --> 00:07:38,070
‫I'm going to try this a couple of more times.

135
00:07:38,070 --> 00:07:41,520
‫Like I'm going to stop the SSL proxy over here

136
00:07:41,520 --> 00:07:45,300
‫and I'm going to tweet what we have written so far.

137
00:07:45,300 --> 00:07:48,180
‫Okay? And I'm going to get this data

138
00:07:48,180 --> 00:07:50,730
‫in my tweet activity like that.

139
00:07:50,730 --> 00:07:53,430
‫I'm going to start SSL proxy again.

140
00:07:53,430 --> 00:07:58,080
‫I'm going to try and yeah, it still works as you can see.

141
00:07:58,080 --> 00:07:59,340
‫You can start and stop

142
00:07:59,340 --> 00:08:03,900
‫from here and I'm going to add another tweet,

143
00:08:03,900 --> 00:08:06,540
‫at least attempt to add another tweet.

144
00:08:06,540 --> 00:08:08,820
‫It'll gimme time out one more time.

145
00:08:08,820 --> 00:08:12,892
‫If I get there, maybe we can stop the SSL proxy

146
00:08:12,892 --> 00:08:17,790
‫and just tweet it and then start the SSL proxy later on.

147
00:08:17,790 --> 00:08:20,190
‫You you're gonna have to improvise a little bit.

148
00:08:20,190 --> 00:08:23,346
‫You're gonna have to try this a couple of more times

149
00:08:23,346 --> 00:08:27,240
‫in order to be sure that you are getting a lot of data so

150
00:08:27,240 --> 00:08:30,180
‫that you can analyze them later on.

151
00:08:30,180 --> 00:08:34,497
‫Okay, so far we have gathered some data, maybe we can come

152
00:08:34,497 --> 00:08:39,497
‫over to the sequence tab and search for fire star.

153
00:08:39,510 --> 00:08:43,080
‫Okay, and analyze the results.

154
00:08:43,080 --> 00:08:46,350
‫Now we have done a lot of tests, maybe they were successful

155
00:08:46,350 --> 00:08:47,790
‫maybe they were not.

156
00:08:47,790 --> 00:08:48,720
‫We are going to see

157
00:08:48,720 --> 00:08:52,290
‫if we managed to get the data that we need.

158
00:08:52,290 --> 00:08:54,936
‫So over here we see the request

159
00:08:54,936 --> 00:08:58,980
‫going to and coming from fire store.

160
00:08:58,980 --> 00:09:02,820
‫And if you click one of these post and connect things

161
00:09:02,820 --> 00:09:06,960
‫you can see the details on the bottom of this tool.

162
00:09:06,960 --> 00:09:08,340
‫As you can see.

163
00:09:08,340 --> 00:09:13,110
‫Now I'm going to look for mainly post request

164
00:09:13,110 --> 00:09:17,430
‫because when you try to send some information to a server

165
00:09:17,430 --> 00:09:20,010
‫it generally goes with a post request.

166
00:09:20,010 --> 00:09:22,080
‫So that's what I'm trying to do over here.

167
00:09:22,080 --> 00:09:23,790
‫So as you can see, I'm looking

168
00:09:23,790 --> 00:09:26,790
‫for post requests and I'm clicking on them

169
00:09:26,790 --> 00:09:29,850
‫and I'm trying to see the content of those.

170
00:09:29,850 --> 00:09:33,570
‫So for example, over here we have a post request and I'm

171
00:09:33,570 --> 00:09:36,960
‫if I go to contents of this request

172
00:09:36,960 --> 00:09:41,960
‫I can see the tweet app dash 9 6 0 3.

173
00:09:41,963 --> 00:09:43,920
‫So as you can see,

174
00:09:43,920 --> 00:09:47,370
‫this is trying to write and this is trying to listen.

175
00:09:47,370 --> 00:09:50,970
‫And over here we even see the collection name

176
00:09:50,970 --> 00:09:52,860
‫like this, tweets.

177
00:09:52,860 --> 00:09:54,296
‫So as you can see

178
00:09:54,296 --> 00:09:58,140
‫we actually managed to get the fire base ID

179
00:09:58,140 --> 00:10:02,520
‫and we actually managed to get the collection name as well.

180
00:10:02,520 --> 00:10:04,470
‫So we have been looking for the tweets

181
00:10:04,470 --> 00:10:07,620
‫and we have been looking for this ID.

182
00:10:07,620 --> 00:10:10,260
‫So maybe you can think that yeah

183
00:10:10,260 --> 00:10:13,590
‫we got this from the APK tool as well.

184
00:10:13,590 --> 00:10:15,555
‫And that is correct.

185
00:10:15,555 --> 00:10:19,530
‫However, there may be some time that you will

186
00:10:19,530 --> 00:10:23,340
‫experience some kind of a disruption in your process.

187
00:10:23,340 --> 00:10:27,060
‫Like maybe you cannot get easily the collection names

188
00:10:27,060 --> 00:10:31,718
‫or the fire base IDs inside of your APK de-compiled folders.

189
00:10:31,718 --> 00:10:35,400
‫So it's essential that you learn the skill.

190
00:10:35,400 --> 00:10:38,250
‫It's not even only for failure based hacking.

191
00:10:38,250 --> 00:10:41,760
‫You can use this network snipping in order to

192
00:10:41,760 --> 00:10:45,867
‫understand what is going on in the back end of

193
00:10:45,867 --> 00:10:49,779
‫an app so that you can try to understand the

194
00:10:49,779 --> 00:10:54,180
‫URL of the server so that maybe you can check

195
00:10:54,180 --> 00:10:57,660
‫for if there's something wrong with the server or not.

196
00:10:57,660 --> 00:10:59,340
‫So this is a very good skill,

197
00:10:59,340 --> 00:11:01,560
‫this is a very good practice for you.

198
00:11:01,560 --> 00:11:05,244
‫And now since we are pretty certain that we know

199
00:11:05,244 --> 00:11:09,180
‫the collection name and we know the Firebase ID

200
00:11:09,180 --> 00:11:12,690
‫it's time for us to hack into that server

201
00:11:12,690 --> 00:11:16,410
‫and see if they're appropriately configured or not.

202
00:11:16,410 --> 00:11:18,693
‫Let's do that in the next lecture.