Security Testing for Android Cross Platform Application ( Xamarin & Cordova ) - Part 2

Hello All,

This is the continuation of my previous post where we tried to bypass SSL Pinning by modifying the JS File in Cordova framework. Now in this post we will focused on Xamarin based application and how to get C# code which is used for building of Android App using  Xamarin framework.

What is Xamarin?

According to Microsoft Docs
Xamarin allows you write code in C#, with a class library and runtime that works across all many platforms, including iOS, Android, and Windows, while still compiling native (non-interpreted) applications.

Let's Begin:

How to Identify Xamarin Based application?

The way I used to identify was by converting the apk file to jar using dex2jar to get source code for the application and jd-gui for viewing the source code.

Command:- d2j-dex2jar.bat yourapp.apk

Now open the .jar file with jd-gui and you can notice keyword "xamarin" in below screen.

So while going through the source code of application it was observed that most of file just had some generic java function compared to application containing functionality. This made me confused how the application is able to run so many different functionality 😕 compared to source code available to me.

So it was time to understand what was going on. As usually I used apktool to unzip the apk.
Command:- apktool d yourapp.apk

After unzipping the apk file I started looking for files in each folder and I found a folder named unknown where there was another folder named assemblies. The assemblies contained various .dll files which were used in the application.

What is DLL?

A Dynamic Link library (DLL) is a library that contains functions and codes that can be used by more than one program at a time.

Yes you read it correctly DLL's contain functions and codes. So let's try to decompile the DLL and read the codes

To decompile the dll you can used dotPeek

Open the dotPeek -->Explore Folder ⇒Select your folder containing DLL

Once you select your folder, dotPeek will start decompiling all the DLL's and  now you can read the source code of those DLL's which are written in c#.
Note: There are also some default assemblies which are provide by Microsoft .
So now you can perform source code review to find more vulnerabilities like sensitive information(DB Credentials, Encryption Keys etc), SQL Injection etc.

Thanks for reading the post.

Special thanks to all my friends who helped / supported / motivated me for writing blogs. 🙏


Post a Comment

Popular posts from this blog

GadgetToJScript, Covenant, Donut

Introduction to Callidus

Process Injection - Part V