Skip to content

Getting Started With EVABS

Abhishek J M edited this page Oct 15, 2018 · 17 revisions

Welcome to the EVABS wiki!

EVABS (Extremely Vulnerable Android Labs) is an Android application that aims at helping Android security beginners with a CTF-style, story-based lab series. The application has 12 levels as of now, with the difficulty stepping-up linearly. Each level introduces the user to a particular vulnerability and gifts a flag if exploited successfully. At every level, the player is exposed to a different vulnerability which can be found in real-world applications.

Requisites:

  • Linux/MAC (Recommended)
  • Basic Java/Android programming
  • Android SDK + Studio
  • Android device (rooted)/Emulator

Setting up of rest of the requirements pertaining to each level will be covered in the Solutions section while solving the levels.

Setting up the environment

First of all, since this is an Android application, we obviously need an Android emulator or a rooted Android device. Personally, I use a rooted Lenovo low-end device for all the testing purposes (which is not my primary device). You can choose what you would like. There are many options like the default Android emulator which ships with the Android SDK or any of those emulators like Genymotion. Once you've fixed this part, you can move on and set it up. For this, I've already written a script, which automatically installs the necessary tools on a Linux machine and as well sets up the device/emulator. But you can always go ahead and do this manually in case you'd like to learn.

Installing and Configuring ADB

ADB (Android Debug Bridge) is a command-line tool that comes packed with the Android SDK. Just like the name suggests, it's a bridge between your computer and your Android device. This utility is used for multiple purposes including the installation of apps into the device, retrieving or copying a file to/from the device etc. As far as Android security and development are concerned, ADB is a must in the arsenal. In case you're wondering an easy way to install ADB in Linux, here it is:

sudo apt-get install android-tools-adb

Before we go ahead and check ADB, we need to connect our device to the computer or start our emulator. To start an emulator from the Android SDK, navigate to the SDK folder (depends on where you have extracted it) > tools and open a terminal session here. ./emulator -list-avds will list all the created and available emulators. If this command results null, please go ahead and check the process to create an AVD.

Then, launch an AVD of your choice with ./emulator @your_avd_name

To check the successful installation of ADB, connect your device/start your emulator and open a terminal window and do:

adb devices

adb devices

If the device is connected with USB debugging on, this should show the serial number of the device/name of the emulator along with the port.

Note:

  • Go here to know how to enable USB debugging.
  • If it's a device, make sure to put the USB connection on USB storage mode. If it's on Charge-only, which is default on many devices, ADB will not work.
  • From here onwards, I will be using device to refer to both an Android device/emulator.

If the above command showed your device, you're good to go! Download the EVABS APK file or clone the whole repo if you're planning to have a look at the project. Open a terminal window in the downloaded folder and install the apk to the device:

adb install EVABSv1.0.1.apk

This will give a success message indicating the installation. This completes the initial setup for the labs. Head on to the 'Solutions' page to start solving the labs.

Clone this wiki locally
You can’t perform that action at this time.