Backdooring Android Apps for Dummies

TL;DR – In this post, we’ll explore some mobile malware: how to create them, what they can do, and how to avoid them. Are you interested in learning more about how to protect your phone from shady figures? Then this blog post is for you. Introduction We all know the classic ideas about security on […]

Intercepting Flutter traffic on Android x64

In a previous blogpost, I explained my steps for reversing the binary to identify the correct offset/pattern to bypass certificate validation. As a very quick summary: Flutter doesn’t use the system’s proxy settings, and it doesn’t use the system’s certificate store, so normal approaches don’t work. My previous guide only explained how to intercept […]

Intercepting traffic from Android Flutter applications

Update: The explanation below explains the step for ARMv7. For ARMv8 (64bit), see this blogpost. Flutter is Google’s new open source mobile development framework that allows developers to write a single code base and build for Android, iOS, web and desktop. Flutter applications are written in Dart, a language created by Google more than 7 […]

Solving Flaggy Bird (Google CTF 2019)

A few weekends ago we participated in the Google CTF. While we didn’t make it to the top 10, we did manage to solve quite a few challenges. This is my writeup of FlaggyBird, the only mobile challenge that was available. The challenge The challenge was an .apk that did not require network connectivity. Installing […]