CVE-2017-13156

A python script that checks an APK and an Android device for being vulnerable to CVE-2017–13156

python-janus-vulnerability-scan This is a simple script that scans an APK and an Android device for being vulnerable of CVE-2017–13156 CVE-2017-13156 (Janus Vulnerability) A serious vulnerability in Android allows attackers to inject a DEX file into an APK file without affecting the signatures (ie modify the code in applications without affecting their signatures) Th

Mobile-Application-Pentesting (APK) My personal Mobile App Pentesting Notes Currently this only contains resources/notes about Android applications (APK) Feel Free to dm me with any suggestions Static Analysis Automated tools: MobSF is a great automated framework for both static and dynamic analysis Manual tools: jadx-gui testapk Extract the Java code from the APK: apk

Janus-CVE-2017-13156 Instructions for use : java -jar Janusjar Janus [dex_file] [apk_file] [output_file] Janusjar : source/Janusjar

Abhishek Satasiya 🎓 Education Master of Engineering – Information Systems Security Concordia University, Sep 2021 - Aug 2023 🏆 GPA: 375/40 (Honors: Golden Key Honour Society, Dean’s list, Top 15%) Bachelor of Engineering – Information Technology Gujarat Technological University, Aug 2016 - Aug 2020 🏅 GPA: 867/100 (Fully funded undergra

Janus Vulnerability (CVE-2017-13156) Exploit with Proof-of-Concept(POC) Android package installer does not check extra data before PKZIP, thus we can concat DEX & APK together with little bit of fix to pass the installation ART can run both APK and DEX, so here DEX ahead of baseapk is actually the one to execute extract the original classesdex from apk use APKTOOL t

Janus Vulnerability (CVE-2017-13156) Exploit with Proof-of-Concept(POC) Android package installer does not check extra data before PKZIP, thus we can concat DEX & APK together with little bit of fix to pass the installation ART can run both APK and DEX, so here DEX ahead of baseapk is actually the one to execute extract the original classesdex from apk use APKTOOL t

To determine if an APK is vulnerable to CVE-2017-13156

Check-CVE-2017-13156py root@ubuntu:~/CVE-2017-13156$ pip install androguard root@ubuntu:~/CVE-2017-13156$ python Check-CVE-2017-13156py InsecureBankv2apk Checking if InsecureBankv2apk is vulnerable to CVE-2017-13156 vulnerability InsecureBankv2apk md5: 5ee4829065640f9c936ac861d1650ffc InsecureBankv2apk is signed v1 scheme: True v2 scheme: False v3 scheme: False minSdkV

A collection of tools for the Janus exploit [CVE-2017-13156].

Janus Toolkit This is a collection of tools for the Janus exploit [CVE-2017-13156], affecting AOSP versions 511, 60, 601, 70, 711, 712, 80 as described here You can read more at the writeup from Guardsquare Tools Janus AndroidManifest extractor Usage Extract the AndroidManifestxml from the target APK using Apktool Run manifest_dummypy to generate dummy clas

Hi there! I'm Giacomo Ferretti 👋 Website • Email Repositories Here are my favorite personal projects, grouped by category 🤖 Android Name Description Stars Forks Language Odex Patcher Run arbitrary code by patching OAT files Paranoid Deobfuscator

CVE-2017-13156-Janus复现

CVE-2017-13156-Janus 复现 攻击者利用Janus漏洞（CVE-2017-13156）可以绕过Android系统的signature scheme V1签名机制，任意修改应用代码而不影响其签名。Android的签名机制用来防护应用被篡改，正常来说，应用被修改了，需要重新对其签名，否则无法安装到设备上。应用在安装时，系统会校验apk的签�

CVE-2017–13156

Janus Vulnerability (CVE-2017-13156) Exploit with Proof-of-Concept(POC) Android package installer does not check extra data before PKZIP, thus we can concat DEX & APK together with little bit of fix to pass the installation ART can run both APK and DEX, so here DEX ahead of baseapk is actually the one to execute extract the original classesdex from apk use APKTOOL t

The MPT (Mobile Pentest Toolkit) is a must-have solution for your android penetration testing workflow.

MPT (Mobile Pentest Toolkit) The MPT (Mobile Pentest Toolkit) is a must-have solution for your android penetration testing workflows This tool allow you to automate security tasks and focus on security assessment without to know, where the tools are located and with parameters are required Features: Automation of your security checks Perform project based security assessment