├── .github
└── FUNDING.yml
├── .gitignore
├── Binaries
├── meʼnu.go
└── narnia.go
├── InjuredAndroid-FlagWalkthroughs.md
├── InjuredAndroid
├── .gitignore
├── .project
├── .settings
│ └── org.eclipse.buildship.core.prefs
├── app
│ ├── .classpath
│ ├── .gitignore
│ ├── .project
│ ├── .settings
│ │ └── org.eclipse.buildship.core.prefs
│ ├── build.gradle
│ ├── google-services.json
│ ├── proguard-rules.pro
│ └── src
│ │ ├── androidTest
│ │ └── java
│ │ │ └── b3nac
│ │ │ └── injuredandroid
│ │ │ └── ExampleInstrumentedTest.kt
│ │ ├── main
│ │ ├── AndroidManifest.xml
│ │ ├── assets
│ │ │ ├── meʼnu
│ │ │ ├── narnia.arm64
│ │ │ ├── narnia.x86_64
│ │ │ └── test
│ │ ├── b3nac_logo-web.png
│ │ ├── cpp
│ │ │ ├── CMakeLists.txt
│ │ │ ├── encrypt.cpp
│ │ │ ├── encrypt.hpp
│ │ │ └── native-lib.cpp
│ │ ├── ic_launcher-web.png
│ │ ├── java
│ │ │ └── b3nac
│ │ │ │ └── injuredandroid
│ │ │ │ ├── AssemblyActivity.kt
│ │ │ │ ├── CSPBypassActivity.kt
│ │ │ │ ├── ContactActivity.java
│ │ │ │ ├── DatabaseSchema.java
│ │ │ │ ├── Decoder.java
│ │ │ │ ├── DeepLinkActivity.kt
│ │ │ │ ├── DisplayPostXSS.kt
│ │ │ │ ├── ExportedProtectedIntent.java
│ │ │ │ ├── FlagEightLoginActivity.kt
│ │ │ │ ├── FlagEighteenActivity.kt
│ │ │ │ ├── FlagFiveActivity.java
│ │ │ │ ├── FlagFiveReceiver.kt
│ │ │ │ ├── FlagFourActivity.kt
│ │ │ │ ├── FlagNineFirebaseActivity.kt
│ │ │ │ ├── FlagOneLoginActivity.kt
│ │ │ │ ├── FlagOneSuccess.kt
│ │ │ │ ├── FlagSevenSqliteActivity.kt
│ │ │ │ ├── FlagSeventeenActivity.kt
│ │ │ │ ├── FlagSixLoginActivity.kt
│ │ │ │ ├── FlagTenUnicodeActivity.kt
│ │ │ │ ├── FlagThreeActivity.kt
│ │ │ │ ├── FlagTwelveProtectedActivity.kt
│ │ │ │ ├── FlagTwoActivity.java
│ │ │ │ ├── FlagsOverview.kt
│ │ │ │ ├── Hide.java
│ │ │ │ ├── MainActivity.kt
│ │ │ │ ├── QXV0aA.kt
│ │ │ │ ├── RCEActivity.kt
│ │ │ │ ├── SecureSharedPrefs.kt
│ │ │ │ ├── SettingsActivity.java
│ │ │ │ ├── TestBroadcastReceiver.java
│ │ │ │ ├── VGV4dEVuY3J5cHRpb25Ud28.java
│ │ │ │ ├── XSSTextActivity.java
│ │ │ │ └── b25lActivity.kt
│ │ ├── res
│ │ │ ├── drawable-v24
│ │ │ │ └── ic_launcher_foreground.xml
│ │ │ ├── drawable
│ │ │ │ ├── b3nac_logo_background.xml
│ │ │ │ ├── ic_launcher_background.xml
│ │ │ │ └── support_background.xml
│ │ │ ├── layout
│ │ │ │ ├── activity_assembly.xml
│ │ │ │ ├── activity_b25l.xml
│ │ │ │ ├── activity_c_s_p_bypass.xml
│ │ │ │ ├── activity_contact.xml
│ │ │ │ ├── activity_deep_link.xml
│ │ │ │ ├── activity_display_post_xss.xml
│ │ │ │ ├── activity_exported_protected_intent.xml
│ │ │ │ ├── activity_flag_eight_login.xml
│ │ │ │ ├── activity_flag_eighteen.xml
│ │ │ │ ├── activity_flag_five.xml
│ │ │ │ ├── activity_flag_four.xml
│ │ │ │ ├── activity_flag_nine_firebase.xml
│ │ │ │ ├── activity_flag_one_login.xml
│ │ │ │ ├── activity_flag_one_success.xml
│ │ │ │ ├── activity_flag_seven_sqlite.xml
│ │ │ │ ├── activity_flag_seventeen.xml
│ │ │ │ ├── activity_flag_six_login.xml
│ │ │ │ ├── activity_flag_ten_unicode.xml
│ │ │ │ ├── activity_flag_three.xml
│ │ │ │ ├── activity_flag_twelve_exported.xml
│ │ │ │ ├── activity_flag_two.xml
│ │ │ │ ├── activity_flags_overview.xml
│ │ │ │ ├── activity_main.xml
│ │ │ │ ├── activity_qxv0a.xml
│ │ │ │ ├── activity_rce.xml
│ │ │ │ ├── activity_settings.xml
│ │ │ │ ├── activity_test_broadcast_reciever.xml
│ │ │ │ ├── activity_xsstext.xml
│ │ │ │ ├── content_assembly.xml
│ │ │ │ ├── content_c_s_p_bypass.xml
│ │ │ │ ├── content_deep_link.xml
│ │ │ │ ├── content_exported_protected_intent.xml
│ │ │ │ ├── content_flag_eight_login.xml
│ │ │ │ ├── content_flag_eighteen.xml
│ │ │ │ ├── content_flag_five.xml
│ │ │ │ ├── content_flag_four.xml
│ │ │ │ ├── content_flag_nine_firebase.xml
│ │ │ │ ├── content_flag_one_login.xml
│ │ │ │ ├── content_flag_seven_sqlite.xml
│ │ │ │ ├── content_flag_seventeen.xml
│ │ │ │ ├── content_flag_six_login.xml
│ │ │ │ ├── content_flag_ten_unicode.xml
│ │ │ │ ├── content_flag_three.xml
│ │ │ │ ├── content_flag_twelve_exported.xml
│ │ │ │ ├── content_flag_two.xml
│ │ │ │ ├── content_flags_overview.xml
│ │ │ │ ├── content_rce.xml
│ │ │ │ └── content_test_broadcast_reciever.xml
│ │ │ ├── menu
│ │ │ │ └── menu_main.xml
│ │ │ ├── mipmap-anydpi-v26
│ │ │ │ ├── b3nac_logo.xml
│ │ │ │ ├── b3nac_logo_round.xml
│ │ │ │ ├── ic_launcher.xml
│ │ │ │ ├── ic_launcher_round.xml
│ │ │ │ ├── support.xml
│ │ │ │ └── support_round.xml
│ │ │ ├── mipmap-hdpi
│ │ │ │ ├── androidlauncherimage.png
│ │ │ │ ├── b3nac_logo.png
│ │ │ │ ├── b3nac_logo_foreground.png
│ │ │ │ ├── b3nac_logo_round.png
│ │ │ │ ├── ic_launcher.png
│ │ │ │ ├── ic_launcher_foreground.png
│ │ │ │ ├── ic_launcher_round.png
│ │ │ │ ├── support.png
│ │ │ │ ├── support_foreground.png
│ │ │ │ └── support_round.png
│ │ │ ├── mipmap-mdpi
│ │ │ │ ├── b3nac_logo.png
│ │ │ │ ├── b3nac_logo_foreground.png
│ │ │ │ ├── b3nac_logo_round.png
│ │ │ │ ├── ic_launcher.png
│ │ │ │ ├── ic_launcher_foreground.png
│ │ │ │ ├── ic_launcher_round.png
│ │ │ │ ├── support.png
│ │ │ │ ├── support_foreground.png
│ │ │ │ └── support_round.png
│ │ │ ├── mipmap-xhdpi
│ │ │ │ ├── b3nac_logo.png
│ │ │ │ ├── b3nac_logo_foreground.png
│ │ │ │ ├── b3nac_logo_round.png
│ │ │ │ ├── ic_launcher.png
│ │ │ │ ├── ic_launcher_foreground.png
│ │ │ │ ├── ic_launcher_round.png
│ │ │ │ ├── support.png
│ │ │ │ ├── support_foreground.png
│ │ │ │ └── support_round.png
│ │ │ ├── mipmap-xxhdpi
│ │ │ │ ├── b3nac_logo.png
│ │ │ │ ├── b3nac_logo_foreground.png
│ │ │ │ ├── b3nac_logo_round.png
│ │ │ │ ├── ic_launcher.png
│ │ │ │ ├── ic_launcher_foreground.png
│ │ │ │ ├── ic_launcher_round.png
│ │ │ │ ├── support.png
│ │ │ │ ├── support_foreground.png
│ │ │ │ └── support_round.png
│ │ │ ├── mipmap-xxxhdpi
│ │ │ │ ├── b3nac_logo.png
│ │ │ │ ├── b3nac_logo_foreground.png
│ │ │ │ ├── b3nac_logo_round.png
│ │ │ │ ├── ic_launcher.png
│ │ │ │ ├── ic_launcher_foreground.png
│ │ │ │ ├── ic_launcher_round.png
│ │ │ │ ├── support.png
│ │ │ │ ├── support_foreground.png
│ │ │ │ └── support_round.png
│ │ │ ├── values
│ │ │ │ ├── colors.xml
│ │ │ │ ├── dimens.xml
│ │ │ │ ├── ic_launcher_background.xml
│ │ │ │ ├── strings.xml
│ │ │ │ └── styles.xml
│ │ │ └── xml
│ │ │ │ ├── file_paths.xml
│ │ │ │ └── network_security_config.xml
│ │ └── support-web.png
│ │ └── test
│ │ └── java
│ │ └── b3nac
│ │ └── injuredandroid
│ │ └── ExampleUnitTest.java
├── build.gradle
├── gradle.properties
├── gradle
│ └── wrapper
│ │ ├── gradle-wrapper.jar
│ │ └── gradle-wrapper.properties
├── gradlew
├── gradlew.bat
└── settings.gradle
├── LICENSE
├── README.md
└── flutter_module
├── .android
├── Flutter
│ ├── build.gradle
│ └── src
│ │ └── main
│ │ ├── AndroidManifest.xml
│ │ └── java
│ │ └── io
│ │ └── flutter
│ │ └── plugins
│ │ └── GeneratedPluginRegistrant.java
├── app
│ ├── build.gradle
│ └── src
│ │ └── main
│ │ ├── AndroidManifest.xml
│ │ ├── java
│ │ └── com
│ │ │ └── flutterxssmodule
│ │ │ └── host
│ │ │ └── MainActivity.java
│ │ └── res
│ │ ├── drawable
│ │ └── launch_background.xml
│ │ ├── mipmap-hdpi
│ │ └── ic_launcher.png
│ │ └── values
│ │ └── styles.xml
├── build.gradle
├── gradle.properties
├── gradle
│ └── wrapper
│ │ ├── gradle-wrapper.jar
│ │ └── gradle-wrapper.properties
├── gradlew
├── gradlew.bat
├── include_flutter.groovy
└── settings.gradle
├── .gitignore
├── .ios
├── Config
│ ├── Debug.xcconfig
│ ├── Flutter.xcconfig
│ └── Release.xcconfig
├── Flutter
│ ├── AppFrameworkInfo.plist
│ ├── FlutterPluginRegistrant
│ │ ├── Classes
│ │ │ ├── GeneratedPluginRegistrant.h
│ │ │ └── GeneratedPluginRegistrant.m
│ │ └── FlutterPluginRegistrant.podspec
│ ├── Generated.xcconfig
│ ├── README.md
│ ├── engine
│ │ └── Flutter.podspec
│ ├── flutter_export_environment.sh
│ ├── flutterxssmodule.podspec
│ └── podhelper.rb
├── Podfile
├── Runner.xcodeproj
│ ├── project.pbxproj
│ ├── project.xcworkspace
│ │ ├── contents.xcworkspacedata
│ │ └── xcshareddata
│ │ │ ├── IDEWorkspaceChecks.plist
│ │ │ └── WorkspaceSettings.xcsettings
│ └── xcshareddata
│ │ └── xcschemes
│ │ └── Runner.xcscheme
├── Runner.xcworkspace
│ ├── contents.xcworkspacedata
│ └── xcshareddata
│ │ ├── IDEWorkspaceChecks.plist
│ │ └── WorkspaceSettings.xcsettings
└── Runner
│ ├── AppDelegate.h
│ ├── AppDelegate.m
│ ├── Assets.xcassets
│ ├── AppIcon.appiconset
│ │ ├── Contents.json
│ │ ├── Icon-App-1024x1024@1x.png
│ │ ├── Icon-App-20x20@1x.png
│ │ ├── Icon-App-20x20@2x.png
│ │ ├── Icon-App-20x20@3x.png
│ │ ├── Icon-App-29x29@1x.png
│ │ ├── Icon-App-29x29@2x.png
│ │ ├── Icon-App-29x29@3x.png
│ │ ├── Icon-App-40x40@1x.png
│ │ ├── Icon-App-40x40@2x.png
│ │ ├── Icon-App-40x40@3x.png
│ │ ├── Icon-App-60x60@2x.png
│ │ ├── Icon-App-60x60@3x.png
│ │ ├── Icon-App-76x76@1x.png
│ │ ├── Icon-App-76x76@2x.png
│ │ └── Icon-App-83.5x83.5@2x.png
│ └── LaunchImage.imageset
│ │ ├── Contents.json
│ │ ├── LaunchImage.png
│ │ ├── LaunchImage@2x.png
│ │ ├── LaunchImage@3x.png
│ │ └── README.md
│ ├── Base.lproj
│ ├── LaunchScreen.storyboard
│ └── Main.storyboard
│ ├── Info.plist
│ └── main.m
├── .metadata
├── README.md
├── build.gradle
├── lib
├── auth-bypass.dart
├── login-xss.dart
├── main.dart
├── plugin_ssl_bypass.dart
├── profile.dart
└── run_javascript.dart
├── pubspec.yaml
├── settings.gradle
└── test
└── widget_test.dart
/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | github: [B3nac]
2 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # NDK directories
2 | .cxx
3 | app/.cxx
4 | InjuredAndroid/app/.cxx
5 |
6 | # built application files
7 | *.ap_
8 |
9 | # files for the dex VM
10 | *.dex
11 |
12 | # Java class files
13 | *.class
14 |
15 | # generated files
16 | bin/
17 | gen/
18 |
19 | # Local configuration file (sdk path, etc)
20 | local.properties
21 |
22 | # Windows thumbnail db
23 | Thumbs.db
24 |
25 | # OSX files
26 | .DS_Store
27 |
28 | # Android Studio
29 | *.iml
30 | .idea
31 | #.idea/workspace.xml - remove # and delete .idea if it better suit your needs.
32 | .gradle
33 | build/
34 | .navigation
35 | captures/
36 | output.json
37 |
38 | #NDK
39 | obj/
40 | .externalNativeBuild
41 |
--------------------------------------------------------------------------------
/Binaries/meʼnu.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import "fmt"
4 |
5 | func main() {
6 |
7 | const test = "HIIMASTRING"
8 |
9 | fmt.Println(test)
10 |
11 | }
12 |
--------------------------------------------------------------------------------
/Binaries/narnia.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import "fmt"
4 | import "os"
5 |
6 | func main() {
7 |
8 | const testOne = "Treasure"
9 | const rick = "https://www.youtube.com/watch?v=dQw4w9WgXcQ"
10 | const testTwo = "_"
11 | const potato = "You found a potato!"
12 | const testThree = "Planet"
13 | const help = "Available commands are testOne, rick, testTwo, potato, testThree"
14 |
15 | if len(os.Args) <= 1 {
16 | fmt.Println("A parameter is needed!")
17 | fmt.Println(os.Args)
18 | return
19 | }
20 |
21 | outputToString := os.Args[1]
22 |
23 | if (outputToString == "--help") {
24 | fmt.Println(help)
25 | }
26 |
27 | if (outputToString == "testThree") {
28 | fmt.Println(testThree)
29 | }
30 |
31 | if (outputToString == "potato") {
32 | fmt.Println(potato)
33 | }
34 |
35 | if (outputToString == "testTwo") {
36 | fmt.Println(testTwo)
37 | }
38 |
39 | if (outputToString == "rick") {
40 | fmt.Println(rick)
41 | }
42 |
43 | if (outputToString == "testOne") {
44 | fmt.Println(testOne)
45 | }
46 |
47 | }
48 |
--------------------------------------------------------------------------------
/InjuredAndroid/.gitignore:
--------------------------------------------------------------------------------
1 | *.iml
2 | .gradle
3 | /local.properties
4 | /.idea/workspace.xml
5 | /.idea/libraries
6 | .DS_Store
7 | /build
8 | /captures
9 | .externalNativeBuild
10 |
--------------------------------------------------------------------------------
/InjuredAndroid/.project:
--------------------------------------------------------------------------------
1 |
2 |
3 | InjuredAndroid2
4 | Project InjuredAndroid2 created by Buildship.
5 |
6 |
7 |
8 |
9 | org.eclipse.buildship.core.gradleprojectbuilder
10 |
11 |
12 |
13 |
14 |
15 | org.eclipse.buildship.core.gradleprojectnature
16 |
17 |
18 |
--------------------------------------------------------------------------------
/InjuredAndroid/.settings/org.eclipse.buildship.core.prefs:
--------------------------------------------------------------------------------
1 | connection.project.dir=
2 | eclipse.preferences.version=1
3 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/.classpath:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/.gitignore:
--------------------------------------------------------------------------------
1 | /build
2 | /release
3 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/.project:
--------------------------------------------------------------------------------
1 |
2 |
3 | app
4 | Project app created by Buildship.
5 |
6 |
7 |
8 |
9 | org.eclipse.jdt.core.javabuilder
10 |
11 |
12 |
13 |
14 | org.eclipse.buildship.core.gradleprojectbuilder
15 |
16 |
17 |
18 |
19 |
20 | org.eclipse.jdt.core.javanature
21 | org.eclipse.buildship.core.gradleprojectnature
22 |
23 |
24 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/.settings/org.eclipse.buildship.core.prefs:
--------------------------------------------------------------------------------
1 | connection.project.dir=..
2 | eclipse.preferences.version=1
3 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/build.gradle:
--------------------------------------------------------------------------------
1 | apply plugin: 'com.android.application'
2 | apply plugin: 'kotlin-android'
3 | apply plugin: 'kotlin-android-extensions'
4 | apply plugin: 'com.google.gms.google-services'
5 |
6 | android {
7 | compileSdkVersion 29
8 | defaultConfig {
9 | applicationId "b3nac.injuredandroid"
10 | multiDexEnabled true
11 | minSdkVersion 21
12 | targetSdkVersion 29
13 | versionCode 17
14 | versionName "1.0.9"
15 | testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
16 | externalNativeBuild {
17 | cmake {
18 | cppFlags ""
19 | }
20 | ndk {
21 | // Filter for architectures supported by Flutter.
22 | abiFilters 'armeabi-v7a', 'arm64-v8a', 'x86_64'
23 | }
24 | }
25 | }
26 | buildTypes {
27 | release {
28 | minifyEnabled true
29 | proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
30 | }
31 | }
32 | compileOptions {
33 | sourceCompatibility = 1.8
34 | targetCompatibility = 1.8
35 | }
36 | externalNativeBuild {
37 | cmake {
38 | path "src/main/cpp/CMakeLists.txt"
39 | version "3.10.2"
40 | }
41 | }
42 | lintOptions {
43 | checkReleaseBuilds false
44 | }
45 | kotlinOptions {
46 | jvmTarget = '1.8'
47 | }
48 | }
49 |
50 | dependencies {
51 | implementation fileTree(include: ['*.jar'], dir: 'libs')
52 | implementation 'com.android.support:multidex:1.0.3'
53 | implementation 'androidx.appcompat:appcompat:1.1.0'
54 | implementation 'com.android.support:design:29.1.1'
55 | implementation 'androidx.constraintlayout:constraintlayout:1.1.3'
56 | implementation 'androidx.coordinatorlayout:coordinatorlayout:1.1.0'
57 | implementation 'com.google.android.material:material:1.1.0'
58 | implementation 'androidx.localbroadcastmanager:localbroadcastmanager:1.0.0'
59 | implementation 'com.google.firebase:firebase-firestore:21.4.0'
60 | implementation 'com.google.firebase:firebase-database:19.2.1'
61 | implementation 'com.google.firebase:firebase-auth:19.2.0'
62 | implementation 'androidx.navigation:navigation-fragment:2.3.0'
63 | implementation 'androidx.navigation:navigation-ui:2.3.0'
64 | implementation 'androidx.navigation:navigation-fragment-ktx:2.3.5'
65 | implementation 'androidx.navigation:navigation-ui-ktx:2.3.5'
66 | testImplementation 'junit:junit:4.12'
67 | androidTestImplementation 'androidx.test.ext:junit:1.1.1'
68 | androidTestImplementation 'androidx.test.espresso:espresso-core:3.2.0'
69 | androidTestImplementation 'com.android.support.test.espresso:espresso-core:3.0.1'
70 | androidTestImplementation 'com.android.support.test.espresso:espresso-intents:3.0.2'
71 | androidTestImplementation 'com.android.support.test:rules:1.0.2'
72 | androidTestImplementation 'com.android.support.test:runner:1.0.2'
73 | androidTestImplementation 'androidx.test:rules:1.2.0'
74 | androidTestImplementation 'androidx.test:runner:1.2.0'
75 | implementation "androidx.core:core-ktx:+"
76 | implementation "androidx.security:security-crypto:1.1.0-alpha01"
77 | implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
78 | implementation 'com.android.volley:volley:1.1.1'
79 | implementation project(path: ':flutter')
80 |
81 | }
82 | repositories {
83 | mavenCentral()
84 | }
85 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/google-services.json:
--------------------------------------------------------------------------------
1 | {
2 | "project_info": {
3 | "project_number": "430943006316",
4 | "firebase_url": "https://injuredandroid.firebaseio.com",
5 | "project_id": "injuredandroid",
6 | "storage_bucket": "injuredandroid.appspot.com"
7 | },
8 | "client": [
9 | {
10 | "client_info": {
11 | "mobilesdk_app_id": "1:430943006316:android:d97db57e11e42a1a037249",
12 | "android_client_info": {
13 | "package_name": "b3nac.injuredandroid"
14 | }
15 | },
16 | "oauth_client": [
17 | {
18 | "client_id": "430943006316-85ibmlobpn5p6c14b2keslrh5r6kgsn4.apps.googleusercontent.com",
19 | "client_type": 3
20 | }
21 | ],
22 | "api_key": [
23 | {
24 | "current_key": "AIzaSyCUImEIOSvqAswLqFak75xhskkB6illd7A"
25 | }
26 | ],
27 | "services": {
28 | "appinvite_service": {
29 | "other_platform_oauth_client": [
30 | {
31 | "client_id": "430943006316-85ibmlobpn5p6c14b2keslrh5r6kgsn4.apps.googleusercontent.com",
32 | "client_type": 3
33 | }
34 | ]
35 | }
36 | }
37 | }
38 | ],
39 | "configuration_version": "1"
40 | }
--------------------------------------------------------------------------------
/InjuredAndroid/app/proguard-rules.pro:
--------------------------------------------------------------------------------
1 | # Add project specific ProGuard rules here.
2 | # You can control the set of applied configuration files using the
3 | # proguardFiles setting in build.gradle.
4 | #
5 | # For more details, see
6 | # http://developer.android.com/guide/developing/tools/proguard.html
7 |
8 | # If your project uses WebView with JS, uncomment the following
9 | # and specify the fully qualified class name to the JavaScript interface
10 | # class:
11 | #-keepclassmembers class fqcn.of.javascript.interface.for.webview {
12 | # public *;
13 | #}
14 | -keep class com.google.crypto.** { *; }
15 | # Uncomment this to preserve the line number information for
16 | # debugging stack traces.
17 | #-keepattributes SourceFile,LineNumberTable
18 |
19 | # If you keep the line number information, uncomment this to
20 | # hide the original source file name.
21 | #-renamesourcefileattribute SourceFile
22 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/androidTest/java/b3nac/injuredandroid/ExampleInstrumentedTest.kt:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid
2 |
3 | import androidx.test.runner.AndroidJUnit4
4 | import org.junit.After
5 | import org.junit.Before
6 | import org.junit.Rule
7 | import org.junit.Test
8 | import org.junit.runner.RunWith
9 | import android.content.Intent
10 | import android.net.Uri
11 | import androidx.test.espresso.intent.Intents
12 | import androidx.test.espresso.intent.Intents.intended
13 | import androidx.test.espresso.intent.matcher.IntentMatchers.hasComponent
14 | import androidx.test.rule.ActivityTestRule
15 |
16 | @RunWith(AndroidJUnit4::class)
17 | class DeepLinkingTest {
18 |
19 | @Rule
20 | @JvmField
21 | val activityTestRule = ActivityTestRule(MainActivity::class.java)
22 |
23 | @Before
24 | fun setUp() {
25 | Intents.init()
26 | }
27 |
28 | @After
29 | fun tearDown() {
30 | Intents.release()
31 | }
32 |
33 | @Test
34 | fun should_launch_secondActivity_when_deepLinkingToActivityTwo() {
35 | val intent = Intent(Intent.ACTION_VIEW, Uri.parse("flag11://"))
36 | activityTestRule.launchActivity(intent)
37 | intended(hasComponent(DeepLinkActivity::class.java!!.getName()))
38 | }
39 |
40 | @Test
41 | fun should_launch_RCEActivity() {
42 | val intent = Intent(Intent.ACTION_VIEW, Uri.parse("flag13://rce"))
43 | activityTestRule.launchActivity(intent)
44 | intended(hasComponent(RCEActivity::class.java!!.getName()))
45 | }
46 |
47 | }
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/assets/meʼnu:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/B3nac/InjuredAndroid/2cc669a1829427f1183b47b80af846cc919bd6f6/InjuredAndroid/app/src/main/assets/meʼnu
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/assets/narnia.arm64:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/B3nac/InjuredAndroid/2cc669a1829427f1183b47b80af846cc919bd6f6/InjuredAndroid/app/src/main/assets/narnia.arm64
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/assets/narnia.x86_64:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/B3nac/InjuredAndroid/2cc669a1829427f1183b47b80af846cc919bd6f6/InjuredAndroid/app/src/main/assets/narnia.x86_64
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/assets/test:
--------------------------------------------------------------------------------
1 | text.txt
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/b3nac_logo-web.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/B3nac/InjuredAndroid/2cc669a1829427f1183b47b80af846cc919bd6f6/InjuredAndroid/app/src/main/b3nac_logo-web.png
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/cpp/CMakeLists.txt:
--------------------------------------------------------------------------------
1 | # For more information about using CMake with Android Studio, read the
2 | # documentation: https://d.android.com/studio/projects/add-native-code.html
3 |
4 | # Sets the minimum version of CMake required to build the native library.
5 |
6 | cmake_minimum_required(VERSION 3.4.1)
7 |
8 | # Creates and names a library, sets it as either STATIC
9 | # or SHARED, and provides the relative paths to its source code.
10 | # You can define multiple libraries, and CMake builds them for you.
11 | # Gradle automatically packages shared libraries with your APK.
12 |
13 | add_library( # Sets the name of the library.
14 | native-lib
15 |
16 | # Sets the library as a shared library.
17 | SHARED
18 |
19 | # Provides a relative path to your source file(s).
20 | native-lib.cpp)
21 | add_library( # Sets the name of the library.
22 | encrypt
23 |
24 | # Sets the library as a shared library.
25 | SHARED
26 |
27 | # Provides a relative path to your source file(s).
28 | encrypt.cpp
29 | encrypt.hpp)
30 |
31 | # Searches for a specified prebuilt library and stores the path as a
32 | # variable. Because CMake includes system libraries in the search path by
33 | # default, you only need to specify the name of the public NDK library
34 | # you want to add. CMake verifies that the library exists before
35 | # completing its build.
36 |
37 | find_library( # Sets the name of the path variable.
38 | log-lib
39 |
40 | # Specifies the name of the NDK library that
41 | # you want CMake to locate.
42 | log)
43 |
44 | # Specifies libraries CMake should link to your target library. You
45 | # can link multiple libraries, such as libraries you define in this
46 | # build script, prebuilt third-party libraries, or system libraries.
47 |
48 | target_link_libraries( # Specifies the target library.
49 | native-lib
50 |
51 | # Links the target library to the log library
52 | # included in the NDK.
53 | ${log-lib})
54 |
55 |
56 |
57 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/cpp/encrypt.cpp:
--------------------------------------------------------------------------------
1 | //
2 | // Created by b3nac on 6/28/20.
3 | //
4 |
5 | #include
6 | #include "encrypt.hpp"
7 |
8 | using namespace std;
9 |
10 | extern "C" const char* encryptDecrypt(string encryptThis) {
11 | char key[5] = {'W', 'I', 'N'}; //Can be any chars, and any size array
12 |
13 | string output = encryptThis;
14 |
15 | for (int i = 0; i < encryptThis.size(); i++) {
16 | output[i] = encryptThis[i] ^ key[i % (sizeof(key) / sizeof(char))];
17 | }
18 | return output.c_str();
19 | }
20 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/cpp/encrypt.hpp:
--------------------------------------------------------------------------------
1 | //
2 | // Created by b3nac on 6/28/20.
3 | //
4 |
5 | #ifndef INJUREDANDROID_ENCRYPT_H
6 | #define INJUREDANDROID_ENCRYPT_H
7 |
8 | #endif //INJUREDANDROID_ENCRYPT_H
9 | #include
10 |
11 | using namespace std;
12 |
13 | extern "C" const char* encryptDecrypt(string encryptThis);
14 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/cpp/native-lib.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include "encrypt.hpp"
4 | #include
5 |
6 | using namespace std;
7 |
8 | extern "C" JNIEXPORT jstring JNICALL
9 | Java_b3nac_injuredandroid_AssemblyActivity_stringFromJNI(
10 | JNIEnv *env,
11 | jobject /* this */) {
12 |
13 | char key[5] = {'M', 'A', 'D'};
14 |
15 | string output = "win";
16 |
17 | for (int i = 0; i < output.size(); i++) {
18 | output[i] = output[i] ^ key[i % (sizeof(key) / sizeof(char))];
19 | }
20 | const char *test = output.c_str();
21 |
22 | return env->NewStringUTF(test);
23 | }
24 |
25 | extern "C" const char* encryptDecrypt(string encryptThis) {
26 | char key[5] = {'M', 'A', 'D'};
27 |
28 | string output = encryptThis;
29 |
30 | for (int i = 0; i < encryptThis.size(); i++) {
31 | output[i] = encryptThis[i] ^ key[i % (sizeof(key) / sizeof(char))];
32 | }
33 | string test = output.c_str();
34 |
35 | return output.c_str();
36 | }
37 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/ic_launcher-web.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/B3nac/InjuredAndroid/2cc669a1829427f1183b47b80af846cc919bd6f6/InjuredAndroid/app/src/main/ic_launcher-web.png
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/ContactActivity.java:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid;
2 |
3 | import android.content.Intent;
4 | import android.net.Uri;
5 | import android.os.Bundle;
6 | import android.view.View;
7 |
8 | import androidx.appcompat.app.AppCompatActivity;
9 |
10 | public class ContactActivity extends AppCompatActivity {
11 |
12 | @Override
13 | protected void onCreate(Bundle savedInstanceState) {
14 | super.onCreate(savedInstanceState);
15 | setContentView(R.layout.activity_contact);
16 | }
17 |
18 | public void goToEmailAppSelection(View view) {
19 | Intent emailIntent = new Intent(Intent.ACTION_VIEW, Uri.parse("mailto:b3nac.sec@gmail.com"));
20 | startActivity(emailIntent);
21 | }
22 |
23 | public void goToDigitalOcean(View view) {
24 | Intent digitalOceanIntent = new Intent(Intent.ACTION_VIEW, Uri.parse("https://m.do.co/c/9348bb7410b4"));
25 | startActivity(digitalOceanIntent);
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/DatabaseSchema.java:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid;
2 |
3 | import android.content.Context;
4 | import android.database.sqlite.SQLiteDatabase;
5 | import android.database.sqlite.SQLiteOpenHelper;
6 | import android.provider.BaseColumns;
7 |
8 | public final class DatabaseSchema {
9 | static final String SQL_CREATE_ENTRIES = "CREATE TABLE Thisisatest (_id INTEGER PRIMARY KEY,title TEXT,subtitle TEXT)";
10 | static final String SQL_DELETE_ENTRIES = "DROP TABLE IF EXISTS Thisisatest";
11 |
12 | public static class Add implements BaseColumns {
13 | public static final String COLUMN_NAME_SUBTITLE = "subtitle";
14 | public static final String COLUMN_NAME_TITLE = "title";
15 | public static final String TABLE_NAME = "Thisisatest";
16 | }
17 |
18 | public static class DataBaseHelper extends SQLiteOpenHelper {
19 | public static final String DATABASE_NAME = "Thisisatest.db";
20 | public static final int DATABASE_VERSION = 1;
21 |
22 | public DataBaseHelper(Context context) {
23 | super(context, DATABASE_NAME, null, 1);
24 | }
25 |
26 | public void onCreate(SQLiteDatabase db) {
27 | db.execSQL(DatabaseSchema.SQL_CREATE_ENTRIES);
28 | }
29 |
30 | public void onUpgrade(SQLiteDatabase db, int oldVersion, int newVersion) {
31 | db.execSQL(DatabaseSchema.SQL_DELETE_ENTRIES);
32 | onCreate(db);
33 | }
34 |
35 | public void onDowngrade(SQLiteDatabase db, int oldVersion, int newVersion) {
36 | onUpgrade(db, oldVersion, newVersion);
37 | }
38 | }
39 |
40 | private DatabaseSchema() {
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/Decoder.java:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid;
2 |
3 | import android.util.Base64;
4 |
5 | /**
6 | * Created by B3nac on 12/4/2018.
7 | */
8 |
9 | public class Decoder {
10 | private byte [] data = Base64.decode("NF9vdmVyZG9uZV9vbWVsZXRz", Base64.DEFAULT);
11 |
12 | public byte[] getData() {
13 | return data;
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/DisplayPostXSS.kt:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid
2 |
3 | import android.os.Bundle
4 | import android.webkit.WebChromeClient
5 | import android.webkit.WebView
6 | import androidx.appcompat.app.AppCompatActivity
7 |
8 | class DisplayPostXSS : AppCompatActivity() {
9 | override fun onCreate(savedInstanceState: Bundle?) {
10 | super.onCreate(savedInstanceState)
11 | val vulnWebView = WebView(this)
12 | setContentView(vulnWebView)
13 | val intent = intent
14 | val postText = intent.getStringExtra(XSSTextActivity.POST_STRING)
15 | vulnWebView.settings.javaScriptEnabled = true
16 | vulnWebView.webChromeClient = WebChromeClient()
17 | vulnWebView.loadData(postText, "text/html", "UTF-8")
18 | }
19 | }
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/ExportedProtectedIntent.java:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid;
2 |
3 | import android.content.ComponentName;
4 | import android.content.Intent;
5 | import android.os.Bundle;
6 |
7 | import com.google.android.material.floatingactionbutton.FloatingActionButton;
8 | import com.google.android.material.snackbar.Snackbar;
9 |
10 | import androidx.appcompat.app.AppCompatActivity;
11 | import androidx.appcompat.widget.Toolbar;
12 |
13 | public class ExportedProtectedIntent extends AppCompatActivity {
14 |
15 | @Override
16 | protected void onCreate(Bundle savedInstanceState) {
17 | super.onCreate(savedInstanceState);
18 | setContentView(R.layout.activity_exported_protected_intent);
19 | Toolbar toolbar = findViewById(R.id.toolbar);
20 | setSupportActionBar(toolbar);
21 |
22 | FloatingActionButton fab = findViewById(R.id.fab);
23 | fab.setOnClickListener(view -> Snackbar.make(view, "Replace with your own action", Snackbar.LENGTH_LONG)
24 | .setAction("Action", null).show());
25 |
26 | }
27 |
28 | @Override
29 | protected void onResume() {
30 | super.onResume();
31 |
32 | handleIntentExtras(getIntent()); // anything can be passed to getIntent() here
33 | }
34 |
35 | private void handleIntentExtras(Intent intent) {
36 |
37 | Intent unprotectedIntent = intent.getParcelableExtra("access_protected_component");
38 |
39 | assert unprotectedIntent != null;
40 |
41 | ComponentName name = unprotectedIntent.resolveActivity(getPackageManager());
42 |
43 | if (name.getPackageName().equals("b3nac.injuredandroid")) {
44 | startActivity(unprotectedIntent);
45 | }
46 | }
47 | }
48 |
49 |
50 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/FlagFiveActivity.java:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid;
2 |
3 | import android.content.ComponentName;
4 | import android.content.Intent;
5 | import android.content.IntentFilter;
6 | import android.content.pm.PackageManager;
7 | import android.os.Bundle;
8 | import android.view.View;
9 | import androidx.appcompat.app.AppCompatActivity;
10 | import androidx.appcompat.widget.Toolbar;
11 | import androidx.localbroadcastmanager.content.LocalBroadcastManager;
12 |
13 | import com.google.android.material.floatingactionbutton.FloatingActionButton;
14 | import com.google.android.material.snackbar.Snackbar;
15 | import android.widget.Button;
16 |
17 | public class FlagFiveActivity extends AppCompatActivity {
18 |
19 | int click = 0;
20 | private FlagFiveReceiver fReceiver = new FlagFiveReceiver();
21 |
22 |
23 | @Override
24 | protected void onCreate(Bundle savedInstanceState) {
25 | super.onCreate(savedInstanceState);
26 | setContentView(R.layout.activity_flag_five);
27 | Toolbar toolbar = findViewById(R.id.toolbar);
28 |
29 | setSupportActionBar(toolbar);
30 |
31 | FloatingActionButton fab = findViewById(R.id.fab);
32 | fab.setOnClickListener(view -> {
33 | if (click == 0) {
34 | Snackbar.make(view, "Where is bob.", Snackbar.LENGTH_LONG)
35 | .setAction("Action",null).show();
36 | click = click + 1;
37 | } else if (click == 1) {
38 | Snackbar.make(view, "Classes and imports.", Snackbar.LENGTH_LONG)
39 | .setAction("Action",null).show();
40 | click = 0;
41 | }
42 | });
43 |
44 | Button broadcastButton = findViewById(R.id.button9);
45 |
46 | //Get the PackageManager and ComponentName so you can toggle to broadcast receiver.
47 | ComponentName mReceiverComponentName = new ComponentName(this, FlagFiveReceiver.class);
48 | PackageManager mPackageManager = getPackageManager();
49 |
50 | //Use LocalBroadcastManager so that the broadcast is not received by other applications.
51 | LocalBroadcastManager.getInstance(this).registerReceiver
52 | (fReceiver, new IntentFilter(FlagFiveReceiver.ACTION_CUSTOM_BROADCAST));
53 |
54 | //onClick method for the button
55 | broadcastButton.setOnClickListener(view -> broadcastIntent());
56 | }
57 |
58 | @Override
59 | protected void onDestroy() {
60 | LocalBroadcastManager.getInstance(this).unregisterReceiver(fReceiver);
61 | super.onDestroy();
62 | }
63 | public void broadcastIntent() {
64 | Intent intent = new Intent(FlagFiveReceiver.ACTION_CUSTOM_BROADCAST);
65 | sendBroadcast(intent);
66 | }
67 |
68 | }
69 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/FlagFiveReceiver.kt:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid
2 |
3 | import android.content.BroadcastReceiver
4 | import android.content.Context
5 | import android.content.Intent
6 | import android.util.Log
7 | import android.widget.Toast
8 |
9 | class FlagFiveReceiver : BroadcastReceiver() {
10 | override fun onReceive(context: Context, intent: Intent) {
11 | SecureSharedPrefs.setContext(context)
12 |
13 | if (click == 0) {
14 | val sb = StringBuilder()
15 | sb.append("""
16 | Action: ${intent.action}
17 |
18 | """.trimIndent())
19 | sb.append("""
20 | URI: ${intent.toUri(Intent.URI_INTENT_SCHEME)}
21 |
22 | """.trimIndent())
23 | val log = sb.toString()
24 | Log.d("DUDE!:", log)
25 | Toast.makeText(context, log, Toast.LENGTH_LONG).show()
26 | click++
27 | } else if (click == 1) {
28 | val win = "Keep trying!"
29 | Toast.makeText(context, win, Toast.LENGTH_LONG).show()
30 | click++
31 | } else if (click == 2) {
32 | val win = "You are a winner " + VGV4dEVuY3J5cHRpb25Ud28.decrypt("Zkdlt0WwtLQ=")
33 | FlagsOverview().flagFiveButtonColor = true
34 | SecureSharedPrefs().editBoolean(context, "flagFiveButtonColor", true)
35 | Toast.makeText(context, win, Toast.LENGTH_LONG).show()
36 | click = 0
37 | } else {
38 | val win = "Keep trying!"
39 | Toast.makeText(context, win, Toast.LENGTH_LONG).show()
40 | }
41 | }
42 |
43 | companion object {
44 | var click = 0
45 | const val ACTION_CUSTOM_BROADCAST = "com.b3nac.injuredandroid.intent.action.CUSTOM_INTENT"
46 | }
47 | }
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/FlagFourActivity.kt:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid
2 |
3 | import android.content.Intent
4 | import android.os.Bundle
5 | import android.view.View
6 | import android.widget.EditText
7 | import androidx.appcompat.app.AppCompatActivity
8 | import com.google.android.material.floatingactionbutton.FloatingActionButton
9 | import com.google.android.material.snackbar.Snackbar
10 |
11 | class FlagFourActivity : AppCompatActivity() {
12 | var click = 0
13 | override fun onCreate(savedInstanceState: Bundle?) {
14 | super.onCreate(savedInstanceState)
15 | setContentView(R.layout.activity_flag_four)
16 | SecureSharedPrefs.setContext(this)
17 |
18 | val fab = findViewById(R.id.fab)
19 | fab.setOnClickListener { view ->
20 | if (click == 0) {
21 | Snackbar.make(view, "Where is bob.", Snackbar.LENGTH_LONG)
22 | .setAction("Action", null).show()
23 | click++
24 | } else if (click == 1) {
25 | Snackbar.make(view, "Classes and imports.", Snackbar.LENGTH_LONG)
26 | .setAction("Action", null).show()
27 | click = 0
28 | }
29 | }
30 | }
31 |
32 | fun submitFlag(view: View?) {
33 |
34 | val editText2 = findViewById(R.id.editText2)
35 | val post = editText2.text.toString()
36 | val decoder = Decoder()
37 | val bob = String(decoder.getData())
38 | if (post == bob) {
39 | val intent = Intent(this, FlagOneSuccess::class.java)
40 | FlagsOverview().flagFourButtonColor = true
41 | SecureSharedPrefs().editBoolean(this, "flagFourButtonColor", true)
42 | startActivity(intent)
43 | }
44 | }
45 | }
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/FlagOneLoginActivity.kt:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid
2 |
3 | import android.content.Intent
4 | import android.os.Bundle
5 | import android.view.View
6 | import android.widget.EditText
7 | import androidx.appcompat.app.AppCompatActivity
8 | import androidx.appcompat.widget.Toolbar
9 | import com.google.android.material.floatingactionbutton.FloatingActionButton
10 | import com.google.android.material.snackbar.Snackbar
11 |
12 | class FlagOneLoginActivity : AppCompatActivity() {
13 | var click = 0
14 | override fun onCreate(savedInstanceState: Bundle?) {
15 | super.onCreate(savedInstanceState)
16 | setContentView(R.layout.activity_flag_one_login)
17 | SecureSharedPrefs.setContext(this)
18 | val toolbar = findViewById(R.id.toolbar)
19 | setSupportActionBar(toolbar)
20 | val fab = findViewById(R.id.fab)
21 | fab.setOnClickListener { view ->
22 | if (click == 0) {
23 | Snackbar.make(view, "The flag is right under your nose.", Snackbar.LENGTH_LONG)
24 | .setAction("Action", null).show()
25 | click++
26 | } else if (click == 1) {
27 | Snackbar.make(view, "The flag is also under the GUI.", Snackbar.LENGTH_LONG)
28 | .setAction("Action", null).show()
29 | click = 0
30 | }
31 | }
32 | }
33 |
34 | fun submitFlag(view: View?) {
35 | val editText2 = findViewById(R.id.editText2)
36 | val post = editText2.text.toString()
37 | if (post == "F1ag_0n3") {
38 | val intent = Intent(this, FlagOneSuccess::class.java)
39 | FlagsOverview().flagOneButtonColor = true
40 | SecureSharedPrefs().editBoolean(this, "flagOneButtonColor", true)
41 | startActivity(intent)
42 | }
43 | }
44 | }
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/FlagOneSuccess.kt:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid
2 |
3 | import android.content.Intent
4 | import android.os.Bundle
5 | import android.view.Menu
6 | import android.view.MenuItem
7 | import androidx.appcompat.app.AppCompatActivity
8 |
9 | class FlagOneSuccess : AppCompatActivity() {
10 | override fun onCreate(savedInstanceState: Bundle?) {
11 | super.onCreate(savedInstanceState)
12 | setContentView(R.layout.activity_flag_one_success)
13 | }
14 | override fun onCreateOptionsMenu(menu: Menu): Boolean {
15 | menuInflater.inflate(R.menu.menu_main, menu)
16 | return true
17 | }
18 |
19 | override fun onOptionsItemSelected(item: MenuItem): Boolean {
20 | val itemId = item.itemId
21 | if (itemId == R.id.action_home) {
22 | startActivity(Intent(this, MainActivity::class.java))
23 | }
24 | if (itemId == R.id.action_contact) {
25 | startActivity(Intent(this, ContactActivity::class.java))
26 | }
27 | if (itemId == R.id.action_settings) {
28 | startActivity(Intent(this, SettingsActivity::class.java))
29 | }
30 | return true
31 | }
32 | }
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/FlagSixLoginActivity.kt:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid
2 |
3 | import android.content.Intent
4 | import android.os.Bundle
5 | import android.view.View
6 | import android.widget.EditText
7 | import androidx.appcompat.app.AppCompatActivity
8 | import androidx.appcompat.widget.Toolbar
9 | import com.google.android.material.floatingactionbutton.FloatingActionButton
10 | import com.google.android.material.snackbar.Snackbar
11 |
12 | class FlagSixLoginActivity : AppCompatActivity() {
13 | var click = 0
14 | override fun onCreate(savedInstanceState: Bundle?) {
15 | super.onCreate(savedInstanceState)
16 | setContentView(R.layout.activity_flag_six_login)
17 | SecureSharedPrefs.setContext(this)
18 | val toolbar = findViewById(R.id.toolbar)
19 | setSupportActionBar(toolbar)
20 | val fab = findViewById(R.id.fab)
21 | fab.setOnClickListener { view: View? ->
22 | if (click == 0) {
23 | Snackbar.make(view!!, "Keys.", Snackbar.LENGTH_LONG)
24 | .setAction("Action", null).show()
25 | click++
26 | } else if (click == 1) {
27 | Snackbar.make(view!!, "Classes.", Snackbar.LENGTH_LONG)
28 | .setAction("Action", null).show()
29 | click = 0
30 | }
31 | }
32 | }
33 |
34 | fun submitFlag(view: View?) {
35 | val editText3 = findViewById(R.id.editText3)
36 | val post = editText3.text.toString()
37 | if (post == VGV4dEVuY3J5cHRpb25Ud28.decrypt("k3FElEG9lnoWbOateGhj5pX6QsXRNJKh///8Jxi8KXW7iDpk2xRxhQ==")) {
38 | val intent = Intent(this, FlagOneSuccess::class.java)
39 | FlagsOverview.flagSixButtonColor = true
40 | val secure = SecureSharedPrefs()
41 | secure.editBoolean(this, "flagSixButtonColor", true)
42 | startActivity(intent)
43 | }
44 | }
45 | }
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/FlagThreeActivity.kt:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid
2 |
3 | import android.content.Context
4 | import android.content.Intent
5 | import android.os.Bundle
6 | import android.view.View
7 | import android.widget.EditText
8 | import androidx.appcompat.app.AppCompatActivity
9 | import androidx.appcompat.widget.Toolbar
10 | import com.google.android.material.floatingactionbutton.FloatingActionButton
11 | import com.google.android.material.snackbar.Snackbar
12 |
13 | class FlagThreeActivity : AppCompatActivity() {
14 |
15 | var click = 0
16 |
17 | override fun onCreate(savedInstanceState: Bundle?) {
18 | super.onCreate(savedInstanceState)
19 | setContentView(R.layout.activity_flag_three)
20 | SecureSharedPrefs.setContext(this)
21 |
22 | val toolbar = findViewById(R.id.toolbar)
23 | setSupportActionBar(toolbar)
24 | val fab = findViewById(R.id.fab)
25 | fab.setOnClickListener { view ->
26 | if (click == 0) {
27 | Snackbar.make(view, "R stands for resources.", Snackbar.LENGTH_LONG)
28 | .setAction("Action", null).show()
29 | click++
30 | } else if (click == 1) {
31 | Snackbar.make(view, "Check .xml files.", Snackbar.LENGTH_LONG)
32 | .setAction("Action", null).show()
33 | click = 0
34 | }
35 | }
36 | }
37 |
38 | fun submitFlag(view: View?) {
39 | val editText2 = findViewById(R.id.editText2)
40 | val post = editText2.text.toString()
41 |
42 | if (post == getString(R.string.cmVzb3VyY2VzX3lv)) {
43 | val intent = Intent(this, FlagOneSuccess::class.java)
44 | FlagsOverview().flagThreeButtonColor = true
45 | SecureSharedPrefs().editBoolean(this, "flagThreeButtonColor", true)
46 | startActivity(intent)
47 | }
48 | }
49 | }
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/FlagTwelveProtectedActivity.kt:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid
2 |
3 | import android.content.Intent
4 | import android.net.Uri
5 | import android.os.Bundle
6 | import android.webkit.WebChromeClient
7 | import android.webkit.WebView
8 | import androidx.appcompat.app.AppCompatActivity
9 | import androidx.appcompat.widget.Toolbar
10 |
11 | class FlagTwelveProtectedActivity : AppCompatActivity() {
12 | var click = 0
13 | override fun onCreate(savedInstanceState: Bundle?) {
14 | super.onCreate(savedInstanceState)
15 | val flagWebView = WebView(this)
16 | setContentView(flagWebView)
17 | SecureSharedPrefs.setContext(this)
18 | val toolbar = findViewById(R.id.toolbar)
19 | setSupportActionBar(toolbar)
20 |
21 | var uri: Uri? = null
22 | val intentToUri = intent.getStringExtra("totally_secure")
23 | uri = Uri.parse(intentToUri)
24 | flagWebView.settings.javaScriptEnabled = true
25 | flagWebView.webChromeClient = WebChromeClient()
26 |
27 | if (intent == null || !intent.hasExtra("totally_secure")) {
28 | finish()
29 | return
30 | }
31 | val onlyAcceptThisSchema = "https" == uri.scheme
32 | if (onlyAcceptThisSchema) {
33 | FlagsOverview.flagTwelveButtonColor = true
34 | val secure = SecureSharedPrefs()
35 | secure.editBoolean(applicationContext, "flagTwelveButtonColor", true)
36 | correctFlag()
37 | } else {
38 | flagWebView.loadData(intent.getStringExtra("totally_secure"), "text/html", "UTF-8")
39 | }
40 | }
41 |
42 | private fun correctFlag() {
43 | val intent = Intent(this, FlagOneSuccess::class.java)
44 | startActivity(intent)
45 | }
46 | }
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/FlagTwoActivity.java:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid;
2 |
3 | import android.os.Bundle;
4 | import android.view.View;
5 | import androidx.appcompat.app.AppCompatActivity;
6 | import androidx.appcompat.widget.Toolbar;
7 | import com.google.android.material.floatingactionbutton.FloatingActionButton;
8 | import com.google.android.material.snackbar.Snackbar;
9 |
10 | public class FlagTwoActivity extends AppCompatActivity {
11 | int click = 0;
12 |
13 | @Override
14 | protected void onCreate(Bundle savedInstanceState) {
15 | super.onCreate(savedInstanceState);
16 | setContentView(R.layout.activity_flag_two);
17 | Toolbar toolbar = findViewById(R.id.toolbar);
18 | setSupportActionBar(toolbar);
19 |
20 | FloatingActionButton fab = findViewById(R.id.fab);
21 | fab.setOnClickListener(view -> {
22 | if (click == 0) {
23 | Snackbar.make(view, "Key words Activity and exported.", Snackbar.LENGTH_LONG)
24 | .setAction("Action",null).show();
25 | click = click + 1;
26 | } else if (click == 1) {
27 | Snackbar.make(view, "Exported Activities can be accessed with adb or Drozer.", Snackbar.LENGTH_LONG)
28 | .setAction("Action",null).show();
29 | click = 0;
30 | }
31 | });
32 | }
33 |
34 | }
35 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/Hide.java:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid;
2 |
3 | import android.util.Base64;
4 |
5 | public class Hide {
6 | private static byte[] encKey = Base64.decode("Q2FwdHVyM1RoMXM=", 0);
7 | private static byte[] encKeyTwo = Base64.decode("e0NhcHR1cjNUaDFzVG9vfQ==", 0);
8 | private static String remoteUrl = "9EEADi^^:?;FC652?5C@:5]7:C632D6:@]4@>^DB=:E6];D@?";
9 |
10 | static byte[] getKey() {
11 | return encKey;
12 | }
13 |
14 | static byte[] getAnotherKey() {
15 | return encKeyTwo;
16 | }
17 |
18 | static String getRemoteUrl() {
19 | return remoteUrl;
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/QXV0aA.kt:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid
2 |
3 | import androidx.appcompat.app.AppCompatActivity
4 | import android.os.Bundle
5 | import android.util.Log
6 | import android.view.View
7 | import android.widget.Toast
8 | import com.google.firebase.auth.FirebaseAuth
9 |
10 | class QXV0aA : AppCompatActivity() {
11 |
12 | private var mAuth: FirebaseAuth? = null
13 |
14 | override fun onCreate(savedInstanceState: Bundle?) {
15 | super.onCreate(savedInstanceState)
16 | setContentView(R.layout.activity_qxv0a)
17 | }
18 |
19 | fun signInAnonymously(view: View) {
20 | mAuth = FirebaseAuth.getInstance()
21 | mAuth!!.signInAnonymously()
22 | .addOnCompleteListener(this) { task ->
23 | if (task.isSuccessful) {
24 | Toast.makeText(this@QXV0aA, "Authentication succeeded.",
25 | Toast.LENGTH_SHORT).show()
26 | } else {
27 | Toast.makeText(this@QXV0aA, "Authentication failed.",
28 | Toast.LENGTH_SHORT).show()
29 |
30 | }
31 | }
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/SecureSharedPrefs.kt:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid
2 |
3 | import android.app.Application
4 | import android.content.Context
5 | import androidx.security.crypto.EncryptedSharedPreferences
6 | import androidx.security.crypto.MasterKey
7 |
8 | class SecureSharedPrefs : Application() {
9 |
10 | companion object {
11 |
12 | private lateinit var context: Context
13 |
14 | fun setContext(con: Context) {
15 | context = con
16 | }
17 | }
18 |
19 | private val preferencesName = "b3nac.injuredandroid.encrypted"
20 |
21 | var masterKey = MasterKey.Builder(context, MasterKey.DEFAULT_MASTER_KEY_ALIAS).setKeyScheme(MasterKey.KeyScheme.AES256_GCM).build()
22 |
23 | val sharedPreferences = EncryptedSharedPreferences.create(
24 | context,
25 | preferencesName,
26 | masterKey, // masterKey created above
27 | EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
28 | EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM)
29 |
30 | fun editBoolean(context: Context, string: String, boolean: Boolean) {
31 |
32 | val editor = sharedPreferences.edit()
33 | editor.putBoolean(string, boolean).apply()
34 | editor.clear()
35 |
36 | }
37 |
38 | fun getBooleanValue(context: Context, string: String, boolean: Boolean): Boolean{
39 |
40 | sharedPreferences.getBoolean(string, boolean)
41 | return boolean
42 | }
43 |
44 | fun putString(context: Context, string: String, value: String?) {
45 | val editor = sharedPreferences.edit()
46 | editor.putString(string, value).apply()
47 | editor.clear()
48 | }
49 |
50 | fun getString(s: String, s1: String): String? {
51 |
52 | return sharedPreferences.getString(s, s1)
53 |
54 | }
55 | }
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/SettingsActivity.java:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid;
2 |
3 | import androidx.appcompat.app.AppCompatActivity;
4 | import androidx.appcompat.app.AppCompatDelegate;
5 |
6 | import android.content.Context;
7 | import android.content.SharedPreferences;
8 | import android.os.Bundle;
9 | import android.view.View;
10 | import android.widget.Switch;
11 |
12 | public class SettingsActivity extends AppCompatActivity {
13 |
14 | @Override
15 | protected void onCreate(Bundle savedInstanceState) {
16 | super.onCreate(savedInstanceState);
17 | setContentView(R.layout.activity_settings);
18 | Switch darkModeSwitch = findViewById(R.id.switch1);
19 |
20 | darkModeSwitch.setOnCheckedChangeListener((buttonView, isChecked) -> {
21 | if (isChecked) {
22 | AppCompatDelegate.setDefaultNightMode(AppCompatDelegate.MODE_NIGHT_YES);
23 | } else {
24 | AppCompatDelegate.setDefaultNightMode(AppCompatDelegate.MODE_NIGHT_NO);
25 | }
26 | });
27 | }
28 |
29 | public void clearFlags(View view) {
30 | SharedPreferences settings = getSharedPreferences("b3nac.injuredandroid", Context.MODE_PRIVATE);
31 | SharedPreferences flutterprefs = getSharedPreferences("FlutterSharedPreferences", Context.MODE_PRIVATE);
32 | SharedPreferences secureprefs = getSharedPreferences("b3nac.injuredandroid.encrypted", Context.MODE_PRIVATE);
33 | SharedPreferences.Editor editor = settings.edit();
34 | SharedPreferences.Editor fluttereditor = flutterprefs.edit();
35 | SharedPreferences.Editor secureprefseditor = secureprefs.edit();
36 | editor.clear();
37 | editor.apply();
38 | fluttereditor.clear();
39 | fluttereditor.apply();
40 | secureprefseditor.clear();
41 | secureprefseditor.apply();
42 | }
43 |
44 | }
45 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/TestBroadcastReceiver.java:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid;
2 |
3 | import android.content.BroadcastReceiver;
4 | import android.content.Context;
5 | import android.content.Intent;
6 | import android.content.IntentFilter;
7 | import android.os.Bundle;
8 | import androidx.appcompat.app.AppCompatActivity;
9 | import android.webkit.WebView;
10 |
11 | public class TestBroadcastReceiver extends AppCompatActivity {
12 |
13 | @Override
14 | public void onCreate(Bundle savedInstanceState) {
15 | super.onCreate(savedInstanceState);
16 | IntentFilter filter = new IntentFilter("com.b3nac.injuredandroid.intent.action.CUSTOM_INTENT");
17 | this.registerReceiver(new Receiver(), filter);
18 | send();
19 | }
20 |
21 | public void send() {
22 |
23 | String uri = "Hi";
24 |
25 | Intent intent = new Intent(getApplicationContext(), FlagFiveReceiver.class);
26 | intent.setAction("com.b3nac.injuredandroid.intent.action.CUSTOM_INTENT");
27 | intent.putExtra("url", uri);
28 | sendBroadcast(intent);
29 | }
30 |
31 | private class Receiver extends BroadcastReceiver {
32 |
33 | @Override
34 | public void onReceive(Context arg0, Intent arg1) {
35 | String url = arg1.getExtras().getString("url");
36 | WebView webview = findViewById(R.id.Bob);
37 | webview.loadUrl(url);
38 | }
39 | }
40 |
41 | }
42 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/XSSTextActivity.java:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid;
2 |
3 | import android.content.Intent;
4 | import android.os.Bundle;
5 | import android.view.View;
6 | import androidx.appcompat.app.AppCompatActivity;
7 | import android.widget.EditText;
8 |
9 | public class XSSTextActivity extends AppCompatActivity {
10 | public static final String POST_STRING = "com.b3nac.injuredandroid.DisplayPostXSS";
11 |
12 | @Override
13 | protected void onCreate(Bundle savedInstanceState) {
14 | super.onCreate(savedInstanceState);
15 | setContentView(R.layout.activity_xsstext);
16 | }
17 |
18 | public void submitText(View view) {
19 | Intent intent = new Intent(this, DisplayPostXSS.class);
20 | EditText editText = findViewById(R.id.editText);
21 | String post = editText.getText().toString();
22 | intent.putExtra(POST_STRING, post);
23 | startActivity(intent);
24 | }
25 |
26 | }
27 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/java/b3nac/injuredandroid/b25lActivity.kt:
--------------------------------------------------------------------------------
1 | package b3nac.injuredandroid
2 |
3 | import android.os.Bundle
4 | import androidx.appcompat.app.AppCompatActivity
5 |
6 | class b25lActivity : AppCompatActivity() {
7 |
8 | override fun onCreate(savedInstanceState: Bundle?) {
9 | super.onCreate(savedInstanceState)
10 | setContentView(R.layout.activity_b25l)
11 | SecureSharedPrefs.setContext(this)
12 |
13 | FlagsOverview().flagTwoButtonColor = true
14 |
15 | SecureSharedPrefs().editBoolean(this, "flagTwoButtonColor", true)
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/InjuredAndroid/app/src/main/res/drawable-v24/ic_launcher_foreground.xml:
--------------------------------------------------------------------------------
1 |
7 |
12 |
13 |
19 |