Android

This guide should get you an Android VM that is capable of running the needed programs for the Holiday Hack Challenge. This guide will probably get out-dated rather quickly, so if something doesn’t line up perfectly just use common sense. Also this was my first time touching Android, so I may not do things the most efficient way – I would hope there’s some command line flags to automate this update process.

Building the Android VM

  1. Install the Android-SDK and qemu-kvm. apt-get install android-sdk qemu-kvm
  2. Launch the android sdk. android

  3. In the Android SDK Manager, uncheck everything but Android SDK Tools, Android SDK Platform-tools, and Android SDK Build-Tools underneath the tools folder. Android

  4. Click Install 3 Packages, accept the license agreement and begin installation.
  5. Once the update finishes, close and re-open the Android SDK Manager.
  6. We now have a lot more items, with everything under API 25 being checked. Uncheck that and click install 2 packages, this should update Android SDK Tools and SDK Platform-tools.
  7. Close and re-open the Android SDK Manager yet again… This is a bit like the Windows Update Process.
  8. You should now see “SDK Platform” underneath the API 25 folder. Uncheck everything but that and click Install 3 packages.
  9. You know the drill… Close and Re-Open the Android SDK Manager.
  10. Uncheck everything in the API 25 folder yet again, and select Google APIs Intel x86 Atom System Image
  11. Good News! We can now create the Android Device. Click on Tools in the top left and go to “Manage AVD”
  12. Fill the options as you see fit, below are the ones I did: Android
  13. Click Start to launch the KVM. If you get an error here you most likely need to enable virtualization. In VMWare Workstation the option is “Virtualize Intel VT-x/EPT or AMD-V/RVI” underneath the processors option. If the option isn’t there right click on the VM, go to Manage and Change Host Compatability to the highest version of VMware it lets you. Android
  14. You should now have an Android VM! Android
  15. Click the SDCard in the top left (you may have to drag it down).
  16. Select the SDCard and click something along the lines of “Use with this device, format, or erase”.

Configuring the Proxy on the Phone

  1. Open Settings and click “More” underneath “Wireless & Networks”
  2. Click on “Cellular Networks”
  3. Click “Access Point Names”
  4. Click “T-Mobile US”
  5. Click “Proxy” and set it to your Kali box.
  6. Clicl “Port” and set it to your Kali box.
  7. Click the 3 dots in the top left and save your settings. After you do this you can go back to the home screen, by clicking the circle button to the right of the VM.
  8. Open a web browser and you should be able to see requests now going through burp. If not, open up Burp go to the proxy > Options tab click edit and change it to listen on all interfaces. Android

Installing the Burp Certificate

  1. On your Kali go to http://burp/cert (note the proxy has to be configured)
  2. Download cacert.der
  3. Rename cacert.der to cacert.cer
  4. Copy the cert to your device by running: /usr/share/android-sdk/platform-tools/adb push cacert.cer /mnt/sdcard/cacert.cer
  5. Click Settings > Security > Install from SDCard > Virtual SD Card and click on cacert.cer
  6. Give it a name, and click Okay.
  7. It will force you to set a PIN, click “Continue without fingerprint” then set a 4 digit pin.
  8. All web and app traffic should now be going through Burp!