Home
EVABS (Extremely Vulnerable Android Labs) is an Android application that aims at helping Android security beginners with a CTF-style, story-based lab series. The application has 12 levels as of now, with the difficulty stepping-up linearly. Each level introduces the user to a particular vulnerability and gifts a flag if exploited successfully.
- Linux/MAC (Recommended)
- Basic Android programming
- Android device (rooted)/Emulator
Setting up of rest of the requirements pertaining to each level will be covered in the Solutions section while solving the levels.
First of all, since this is an Android application, we obviously need an Android emulator or a rooted Android device. Personally, I use a rooted Lenovo low-end device for all the testing purposes (which is not my primary device). You can choose what you would like. There are many options like the default Android emulator which ships with the Android SDK or any of those emulators like Genymotion. Once you've fixed this part, you can move on and set it up. For this, I've already written a script, which automatically installs the necessary tools on a Linux machine and as well sets up the device/emulator. But you can always go ahead and do this manually in case you'd like to learn.
ADB (Android Debug Bridge) is a command-line tool that comes packed with the Android SDK. Just like the name suggests, it's a bridge between your computer and your Android device. This utility is used for multiple purposes including the installation of apps into the device, retrieving or copying a file to/from the device etc. As far as Android security and development are concerned, ADB is a must in the arsenal. In case you're wondering an easy way to install ADB in Linux, here it is:
sudo apt-get install android-tools-adb
To check the successful installation of ADB, connect your device/start your emulator and open a terminal window and do:
adb devices
If the device is connected with USB debugging on, this should show the serial number of the device/name of the emulator along with the port.
Note:
- Go here to know how to enable USB debugging.
- If it's a device, make sure to put the USB connection on
USB storagemode. If it's onCharge-only, which is default on many devices, ADB will not work. - From here onwards, I will be using
deviceto refer to both an Android device/emulator.
If the above command showed your device, you're good to go! Download the EVABS APK file or clone the whole repo if you're planning to have a look at the project. Open a terminal window in the downloaded folder and install the apk to the device:
adb install EVABSv1.0.1.apk
This will give a success message indicating the installation. This completes the initial setup for the labs. Head on to the 'Solutions' page to start solving the labs.