Getting Started With EVABS
Welcome to the EVABS wiki!
EVABS (Extremely Vulnerable Android Labs) is an Android application that aims at helping Android security beginners with a CTF-style, story-based lab series. The application has 12 levels as of now, with the difficulty stepping-up linearly. Each level introduces the user to a particular vulnerability and gifts a flag if exploited successfully. At every level, the player is exposed to a different vulnerability which can be found in real-world applications.
- Linux/MAC (Recommended)
- Basic Java/Android programming
- Android SDK + Studio
- Android device (rooted)/Emulator
Setting up of rest of the requirements pertaining to each level will be covered in the
Solutions section while solving the levels.
Setting up the environment
First of all, since this is an Android application, we obviously need an Android emulator or a rooted Android device. Personally, I use a rooted Lenovo low-end device for all the testing purposes (which is not my primary device). You can choose what you would like. There are many options like the default Android emulator which ships with the Android SDK or any of those emulators like Genymotion. Once you've fixed this part, you can move on and set it up. For this, I've already written a script, which automatically installs the necessary tools on a Linux machine and as well sets up the device/emulator. But you can always go ahead and do this manually in case you'd like to learn.
Installing and Configuring ADB
ADB (Android Debug Bridge) is a command-line tool that comes packed with the Android SDK. Just like the name suggests, it's a bridge between your computer and your Android device. This utility is used for multiple purposes including the installation of apps into the device, retrieving or copying a file to/from the device etc. As far as Android security and development are concerned, ADB is a must in the arsenal. In case you're wondering an easy way to install ADB in Linux, here it is:
sudo apt-get install android-tools-adb
Before we go ahead and check ADB, we need to connect our device to the computer or start our emulator.
To start an emulator from the Android SDK, navigate to the
SDK folder (depends on where you have extracted it) > tools and open a terminal session here.
./emulator -list-avds will list all the created and available emulators. If this command results null, please go ahead and check the process to create an AVD.
Then, launch an AVD of your choice with
To check the successful installation of ADB, connect your device/start your emulator and open a terminal window and do:
If the device is connected with USB debugging on, this should show the serial number of the device/name of the emulator along with the port.
- Go here to know how to enable USB debugging.
- If it's a device, make sure to put the USB connection on
USB storagemode. If it's on
Charge-only, which is default on many devices, ADB will not work.
- From here onwards, I will be using
deviceto refer to both an Android device/emulator.
If the above command showed your device, you're good to go! Download the EVABS APK file or clone the whole repo if you're planning to have a look at the project. Open a terminal window in the downloaded folder and install the apk to the device:
adb install EVABSv1.0.1.apk
This will give a
success message indicating the installation. This completes the initial setup for the labs. Head on to the 'Solutions' page to start solving the labs.