E2VA is an app allowing for binary exploitation on Android OS. It allows an external user to select and communicate with modules that contain severe vulnerabilities. Therefore, E2VA enables research on the applicability of standard binary exploitation techniques to Android apps, which call native functions.
E2VA stands for Exploitation Experience (with) Vulnerable App. It is the foundation of a series of blog posts that describe exploitation of some already existing vulnerable modules.
The app runs on a Pixel 3 emulator (without Google Play for root access), running Android 12 (API level 31), and an x86 - 64 architecture. Other setups have not yet been tested!
Warning: This app requests a runtime - permission that it needs to stay active for e.g. long debugging sessions. As this app contains actual vulnerabilities, there is always a risk of some third party attacking the app, getting code execution and rampaging through your system. Therefore, launch E2VA in a controlled environment, which does not contain any important and/or personal information that must not be lost and/or leaked. (or accept the risk)
Currently, there are two ways of installing E2VA.
Use the .apk
file, which is (hopefully kept) up to date with the current version of E2VA. This is the intended route, i.e. taking perspective of an attacker, it is more likely to have access to an .apk
- file than the app's original source code.
As this is just the pushed Android Studio project of E2VA, one can just build the app, create own modules, optimize communication between external client and E2VA etc.
Up to this point, an AVD (Android Virtual Device) to run E2VA can be created by either using a predefined hardware profile in Android Studio (called Pixel 3), or by importing the hardware profile in this repository.