Create Cert for HTTPS

openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes

Sniffing HTTPS traffic

Still possible in 2022, thanks to a little tool going by the name „burpsuit“. It’s easy: Set up a proxy server and configure your end device to use that proxy.

Starting with Android Nougat the cert has to be installed at system-level. For this, you have to enable root debugging in the developer settings and transfer the file manually using adb. Full explanation here.

openssl x509 -inform der -in burp.der -out burp.pem

mv burp.pem openssl x509 -inform pem -subject_hash_old -in burp.pem | head -1.0

With adb root move cert to /system/etc/security/cacerts/ and chmod 644.


Patching APK’s

Ever run into a situation where you can no longer use an older version of an app because it forces you to update? Or the app tries to take money from for unlocking an already built-in but inaccessible „premium feature“?

Patching APK’s consists of these steps:

  1. Unpacking the APK: apktool d -r some.apk -o output_dir
  2. Patching the smali byte-code: Remove or change using your favorite editor
  3. Packing the code back to an APK: apktool b output_dir -o modded.apk
  4. Signing the new APK:
    1. Create key (only needed once): keytool -genkey -v -keystore key.keystore -alias robocoffee -keyalg RSA -keysize 2048 -validity 10000
    2. Sign with key: jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore key.keystore modded.apk robocoffee ~/Android/Sdk/build-tools/<version>/apksigner sign --ks key.keystore modded.apk
  5. Install new APK: adb install modded.apk

Decompiling APK’s

You can decompile even minified / obfuscated APK’s using one of these tools (I prefer the latter). Why would you want to do that? For example, when you like a feature in an App and reverse-engineer how it’s done.

Decompile into Java source code using Procryon:

  1. apktool d -s some.apk -o output_dir
  2. dex2jar output_dir/classes.dex
  3. procyon-decompiler classes-dex2jar.jar -o decompiled_dir

Or alternatively, one tool to rule them all: jadx --deobf some.apk

In my opinion JADX with the built-in deobfuscator gives the most readable results. Note however that some blocks might now be decompiled in either case, leaving you no other option but to read nasty byte-code.

Hardware Stupid

How to toast a micro controller

  1. Short peripheral chip by applying the wrong voltage to either one of its inputs
  2. Connect the shorted chip to your micro controllers power outputs, effectively shorting it too

Lesson: Don’t mess with micro controllers in the middle of the night, especially not when you’re tired and lazy.