/eeva

E²VA short for Exploitation Experience with Vulnerable App is a vulnerable app to learn userspace exploitation on Android

Primary LanguageJavaGNU General Public License v3.0GPL-3.0

E2VA, the Damn Vulnerable App

E2VA is an app allowing for binary exploitation on Android OS. It allows an external user to select and communicate with modules that contain severe vulnerabilities. Therefore, E2VA enables research on the applicability of standard binary exploitation techniques to Android apps, which call native functions.

E2VA stands for Exploitation Experience (with) Vulnerable App. It is the foundation of a series of blog posts that describe exploitation of some already existing vulnerable modules.

E2VA Architecture

The app runs on a Pixel 3 emulator (without Google Play for root access), running Android 12 (API level 31), and an x86 - 64 architecture. Other setups have not yet been tested!

Installation

Warning: This app requests a runtime - permission that it needs to stay active for e.g. long debugging sessions. As this app contains actual vulnerabilities, there is always a risk of some third party attacking the app, getting code execution and rampaging through your system. Therefore, launch E2VA in a controlled environment, which does not contain any important and/or personal information that must not be lost and/or leaked. (or accept the risk)

Currently, there are two ways of installing E2VA.

APK

Use the .apk file, which is (hopefully kept) up to date with the current version of E2VA. This is the intended route, i.e. taking perspective of an attacker, it is more likely to have access to an .apk - file than the app's original source code.

Build via Android Studio

As this is just the pushed Android Studio project of E2VA, one can just build the app, create own modules, optimize communication between external client and E2VA etc.

Emulator Hardware Profile

Up to this point, an AVD (Android Virtual Device) to run E2VA can be created by either using a predefined hardware profile in Android Studio (called Pixel 3), or by importing the hardware profile in this repository.