Cycle Scanner

Hello everyone , In this blog post , I will try to explain my solution steps for Cycle Scanner challenge from Mobile Hacking Lab Platform . i hope it will be useful for you

  1. After install the app : my App GUI has a problem and i can’t access the button that enable the service use this command to enable the service :

    1. adb shell am startservice com.mobilehackinglab.cyclicscanner/.scanner.ScanService

    image.png

  2. let’s examine the AndroidManifest.xml file we found : Main Activity and the Service :

  3. Main Activity Structure :

    1. handlePermissions() :

      1. Checks if the app has permission to manage all files. If granted, calls setupSwitch; otherwise, launches an intent to request the permission.

    2. setupSwitch() :

      1. handle enabling or disabling the scan service.

      2. If switched on, starts the scan service and shows a toast message.

      3. If switched off, displays a toast stating that the service cannot be stopped and forces the switch back to "on."

    3. startService() :

      1. Starts the scan service in the foreground and displays a toast indicating that the service has started . :

  4. Scan Service Structure :

    1. Service Lifecycle :

      1. onCreate (): Initializes the handler thread (HandlerThread) and sets up the ServiceHandler with the new thread’s Looper.

      2. onStartCommand () : Starts the foreground notification and sends a message to ServiceHandler to begin scanning.

      3. onBind () : Returns null, as this service does not support binding.

    2. we have the channel_id : ForegroundScanServiceChannel and the channel_name ScanService

    3. Access the External Storage :

      1. Environment.getExternalStorageDirectory() Retrieves the external storage directory using and checks if it is not null.

      2. File externalStorageDirectory represents the root directory of the external storage.

    4. use FilesKt.walk to look for Each file is checked for readability and whether it is a file.

      1. Scan Each File : ScanEngine.INSTANCE.scanFile(file) to determine if the file is safe. Logs the result as either "SAFE" or "INFECTED”

  5. ScanFile Function :

    1. scans a given file to check whether its hash matches any known malware samples.

    2. Uses ProcessBuilder to execute the command in a shell .command("sh", "-c", command) , redirecting the error stream to the standard output to the external storage .

    3. Read Command Output : Retrieves the output of the toybox sha1sum command

    4. then Extract Hash Value and Compare Hash Against Known Malware

  6. attack here try to manipulate the object that created in the AbsolutePath

    1. create a file that contain malicious code the upload the file and then launch the scan : "nano test.txt ; touch kero" contain command "test.txt ; touch kero " and then upload it to the /sdcard/Download

    2. and here we success

PreviousFood StoreNextDocument Viewer

Last updated