mirror of
https://github.com/carlospolop/hacktricks.git
synced 2023-12-14 19:12:55 +01:00
Merge pull request #699 from KhasMek/master
Add information relevant to the Xamarin AssemblyStore
This commit is contained in:
commit
91b24ae435
|
@ -80,6 +80,12 @@ In case of Android **APKs these dll files are compressed** and cannot be directl
|
|||
python3 xamarin-decompress.py -o /path/to/decompressed/apk
|
||||
```
|
||||
|
||||
It is possible instead of dll files you will see `assemblies.blob` and `assemblies.manifest` in the assemblies directory. This is a Xamarin AssemblyStore and the currently recommended way to pack dlls in an Android application. The `assemblies.manifest` is a text file describing the contents of the binary file `assemblies.blob`. To unpack these you will need use [pyxamstore](https://github.com/jakev/pyxamstore).
|
||||
|
||||
```
|
||||
pyxamstore unpack -d /path/to/decompressed/apk/assemblies/
|
||||
```
|
||||
|
||||
In the case of the iOS, **dll files inside the IPA files can be directly loaded** into a decompiler (no need to uncompress anything).
|
||||
|
||||
**Most of the application code can be found when we decompile the dll files.** Also note that Xamarin Framework based apps contain 90% of common code in the builds of all platforms like iOS and Android etc. 
|
||||
|
@ -105,6 +111,7 @@ Try to check if the application has any kind of SSL pinning in place. If not, us
|
|||
## References
|
||||
|
||||
* [https://www.appknox.com/security/xamarin-reverse-engineering-a-guide-for-penetration-testers](https://www.appknox.com/security/xamarin-reverse-engineering-a-guide-for-penetration-testers)
|
||||
* [https://thecobraden.com/posts/unpacking_xamarin_assembly_stores/](https://thecobraden.com/posts/unpacking_xamarin_assembly_stores/)
|
||||
|
||||
<details>
|
||||
|
||||
|
|
Loading…
Reference in a new issue