Skip to content
/ pSlip Public

pSlip is a Android static analysis toolkit designed primarily to detect components exposing dangerous permissions

License

Apache-2.0 license
6 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

actuator/pSlip

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pSlip-ShmooconXX-2025-Slidedeck.pdf
pSlip-ShmooconXX-2025-Slidedeck.pdf
 
 
pSlip.py
pSlip.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

License GitHub release (latest by date) GitHub stars GitHub forks GitHub contributors

Overview

This tool is designed to identify Android apps that could be vulnerable instances of the 'Permission-Slip' attack; AKA a 'Confused Deputy'.

This occurs when an application is leveraged into performing actions on behalf of a less privileged app & results in elevated permissions.

Features

  • Parses APK files to extract manifest information.
  • Hardcoded AES keys and IVs in the application code.
  • Displays all permissions requested by the application.
  • Provides example ADB commands to test identified activities.
  • Exported activities that handle android.intent.action.CALL intents.
  • Exported activities or activity-aliases with intent filters that have the javascript scheme.
  • Exported activities intent with intent filters that require potentially vulnerable permissions that are set to a 'normal' or weak permission-level.

Dependencies

  • Python 3
  • apktool (for decoding APK files)
  • jadx (for decompiling APKs, required for AES scanning)

How It Works

By examining the application's manifest and identifying exported activities that can handle specific intents, pSlip helps pinpoint areas where the app might be susceptible to such attacks.

This enables security researchers and developers to identify and mitigate these vulnerabilities.

Installation

  1. Clone the repository: 
    git clone https://github.com/actuator/pSlip.git
cd pSlip

Usage

The script supports the following flags:

  • -h, --help Show help message and exit.
  • -p List all permissions requested by the application.
  • -perm Scan for custom permissions with a 'normal' protection level.
  • -js Scan for JavaScript injection vulnerabilities.
  • -call Scan for components using dangerous CALL intents.
  • -aes Scan for hardcoded AES keys and IVs.
  • -all Scan for all of the above.
  • -allsafe Same as -all but skips AES check for faster scans and stability

Example Usage

To analyze a single APK file:

python pSlip.py path/to/your.apk -js -call -html report.htm

To analyze all APK files in a directory:

python pSlip.py path/to/directory -all -html report.htm

Once potential vulnerabilities are detected, the pSlip generates POC ADB commands to test the identified components when applicable.

It is important to note that this tool relies on parsing the Android manifest for intent filter entries, whose presence or absence may not be indicative of exploitability.

Contributing

Pull requests are welcome, however for major changes please open an issue first to discuss what you would like to change.

I appreciate any contributions that improve the functionality and usability of the tool.

About

pSlip is a Android static analysis toolkit designed primarily to detect components exposing dangerous permissions

Topics

android python mobile exploitation-framework vulnerability-detection mobile-development vulnerability-scanners

Resources

Readme

License

Apache-2.0 license
Activity

Stars

6 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

1.0.1 Latest
Jan 20, 2025

Packages

No packages published

Languages