Allsafe – Intentionally Vulnerable Android Application

Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable Android apps, this one is less like a CTF and more like a real-life application that uses modern libraries and technologies. Additionally, I have included some Frida based challenges for you to explore. Have fun and happy hacking!
Useful Frida Scripts

I have my Frida scripts (more like templates) in other repository. I’m sure they might be quite handy for the Frida related tasks. Check it out: https://github.com/t0thkr1s/frida
Tasks / Vulnerabilities

1. Insecure Logging

Simple information disclosure vulnerability. Use the logcat command-line tool to discover sensitive information.
Resources & HackerOne Reports:

2. Hardcoded Credentials

Some credentials are left in the code. Your task is to reverse engineer the app and find sensitive information.
Resources & HackerOne Reports:

3. Root Detection

This is purely for Frida practice. Make the code believe that you device is not rooted!
4. Arbitrary Code Execution

Loading modules securely with third-party apps are not easy. Write a PoC application and exploit the vulnerability!
Resources & HackerOne Reports:

5. Secure Flag Bypass

Another Frida-based task. No real vulnerability here, just have fun bypassing the secure flag!
Resources & HackerOne Reports:

6. Certificate Pinning Bypass

Certificate pinning is implemented using the OkHttp library. You have to bypass it in order to view the traffic with Burp Suite.
Resources & HackerOne Reports:

7. Insecure Broadcast Receiver

There’s a vulnerable broadcast recevier in the application. Trigger it with the correct data and you’re done!
Resources & HackerOne Reports:

8. Deep Link Exploitation

Similar to the insecure broadcast receiver, you need to provide the right query parameter to complete this task!
Resources & HackerOne Reports:

9. SQL Injection

Just a regular SQL injection that you’d find in web applications. No need to reverse the code to bypass the login mechanism.
Resources & HackerOne Reports:

Show me how it’s done!


10. Vulnerable WebView

You can also complete this task without decompiling the application. Pop an alert dialog and read files!
Resources & HackerOne Reports:

11. Smali Patching

In this task, you have to modify the execution flow of the application by editing the Smali code. Finally, rebuild and sign the APK!
Resources & HackerOne Reports:

12. Native Library

The application uses a native library that validates the entered password. Reverse engineer the library to find the password then use Frida to hook the native method.
Resources & HackerOne Reports:

Download Allsafe

Leave a Reply

Your email address will not be published. Required fields are marked *