Gangs Of Coder

1. Never judge a candle before it closes.

2. A clear prior trend is important for a meaningful reversal.

Utility methods to check whether device is rooted? or contains magisk and exposed modules etc.

Burp community version includes few essential manual tools from the Burp platform, however some of the features are available only in paid version.

https://portswigger.net/burp

Frida

It is a toolkit which allows run time hooking into application for developers, reverse-engineers and security researchers.

https://github.com/frida/frida

JADX-GUI

JADX has Command line and GUI tools for produce Java source code from Android Dex and JADX-GUI is UI based. .

https://github.com/skylot/jadx

scrcpy

This application provides display and control of Android devices connected via USB or over TCP/IP. It does not require any root access.

https://github.com/Genymobile/scrcpy

Logcat - Pidcat

It shows log entries for processes from a specific application package.

https://github.com/JakeWharton/pidcat

MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis.

https://github.com/MobSF/Mobile-Security-Framework-MobSF

Radare2

Radare is a portable reversing framework that can Disassemble/assemble many different architectures.

https://rada.re/r/

Objection

Objection is a runtime mobile exploration toolkit, powered by Frida It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device.

https://github.com/sensepost/objection

Ghidra

A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate and this reverse engineering tool helps to dig up the source code of a proprietary program which further gives you the ability to detect virus threats or potential bugs

https://ghidra-sre.org/

Checkra1n

Jailbreak for iPhone 5s through iPhone X, iOS 12.0 and up

https://checkra.in/

Metasploit

It is a penetration testing framework that enables pentesters to find, exploit, and validate vulnerabilities.

https://www.offsec.com/metasploit-unleashed/requirements/

Sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws

https://github.com/sqlmapproject/sqlmap

DB Browser for SQLite

DB Browser for SQLite (DB4S) is a high quality, visual, open source tool to create, design, and edit database files compatible with SQLite.

https://sqlitebrowser.org/

frida-ios-dump

Pull a decrypted IPA from a jailbroken device.

https://github.com/AloneMonkey/frida-ios-dump

Nmap

Nmap Free Security Scanner, Port Scanner, & Network Exploration Tool.

https://nmap.org/

Scrcpy

This application provides display and control of Android devices connected on USB (or over TCP/IP). It does not require any root access. It works on GNU/Linux, Windows and macOS.

https://github.com/Genymobile/scrcpy

Grapefruit: Runtime Application Instruments for iOS

Grapefruit is a runtime application instrumentation tool for iOS

https://github.com/ChiChou/grapefruit

1. Clear yours banking apps data

2. Add banking app and Google playstore to Magisk's DenyList (make sure the Enfore DenyList toggle is off in Magisk's settings)

3. Download and install the latest version of Shamiko(https://github.com/LSPosed/LSPosed.github.io/releases) via Magisk

4. Download and install the latest version of LSPosed(https://github.com/LSPosed/LSPosed/releases/latest) module via Magisk (also install the LSPosed(https://play.google.com/store/apps/details?id=org.lsposed.manager) app from the Play Store)

5. Reboot and open the LSPosed app to make sure it is working correctly

6. Download and install the latest version of Hide My Applist(https://play.google.com/store/apps/details?id=com.tsng.hidemyapplist) (HMA) app

7. Enable HMA in LSPosed

8. Reboot and open the HMA app to make sure it is working correctly

9. Follow the following steps to configure hiding in the HMA app:

Select Effective Apps -> Tap on "com.(name of your banking app)" -> Toggle Enable hide

Under the Preference head, tap on Select hide methods -> Check API requests, Intent queries, ID detections -> Tap OK

Under the Template config head, tap on 0 additional apps invisible -> Check Magisk, LSPosed and HMA

10. Tap on the save button on the top right corner of the app

11. Reboot and open your banking app, it shouldn't complain of root anymore!

https://www.didgeridoohan.com/magisk/MagiskHide

;

Hello Coder, 

Being an android developer daily open the android studio and always hit the rebuild or make project. But have you stopped for a min and thought about why these two options are available. So here I'm going to detail about this in easy language. 

"Rebuild" will recompile the entire project, including all dependencies and resources, and generate a new APK (Android Package) file. 

"Make" will also recompile the project, but it will only do a "incremental build" which will only build the files that have been changed since the last build.

 "Rebuild" is usually used when you are experiencing errors or issues with the project and want to ensure that everything is being built correctly.

 "Make" is used when you have made changes to the project and want to quickly test those changes without having to wait for the entire project to be recompiled.

CronetDataSource and DefaultHttpDataSource are both classes in ExoPlayer that provide the functionality for loading media data over the network. However, they use different libraries to handle the network connections.

DefaultHttpDataSource uses the built-in java.net package to handle network connections, while CronetDataSource uses the Cronet library.

Cronet is generally considered to be faster and more efficient than the built-in java.net package, so if performance is a major concern for your use case, CronetDataSource may be a better choice as it uses Cronet library.

It's worth noting that Cronet is a C++ library and it's only available in Android version 7.0 (API level 24) or higher, So if your app is targeting lower android version it will not work.

In summary, if your app is targeting Android 7.0 or higher and performance is a major concern for your use case, you should use the CronetDataSource. If your app is targeting lower Android versions or you don't need the highest level of performance, you can use the DefaultHttpDataSource.c 

AI tools that didn't exist one year ago. 

ChatGPT

Whisper

GPT-3

Codex

GitHub Copilot

InstructGPT

Text-to-product

AI slides

DALLE + API

Midjourney

Stable Diffusion

Runway videos

Email AI

AI chrome extensions

Replit Ghostwriter

No-code AI app builders

Ben's bites 

what else? 

 jadx-gui --show-bad-code /Users/prepladderpvtltd/Downloads/font.apk   

https://github.com/skylot/jadx