Create consistency in wording in v2 tests #3559

Diolor · 2025-12-05T10:46:48Z

Please start by reviewing this. The v2 TESTs follow this pattern (where possible/TECH exists).

Diolor · 2025-12-05T10:51:37Z

fyi: This is a technique. Moved TOOL reference from the TEST to this file.

-Original file line number
+Diff line change
@@ Expand Up / @@ -210,7 +210,7 @@ Example: @@
     ```md
     ## Steps
-. Run @MASTG-TECH-0014 on the app and look for insecure random APIs.
+. Use @MASTG-TECH-0014 to look for insecure random APIs.
     ```
     Notes:
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up @@
     ## Steps
 . Reverse engineer the app (@MASTG-TECH-0017).
-. Run a static analysis (@MASTG-TECH-0014) tool and look for all usages of `SSLSocket` and `HostnameVerifier`.
+. Use @MASTG-TECH-0014 to look for all usages of `SSLSocket` and `HostnameVerifier`.
     {{ ../../../../rules/mastg-android-ssl-socket-hostnameverifier.yml }}
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up @@
     ## Steps
 . Reverse engineer the app (@MASTG-TECH-0017).
-. Run a static analysis (@MASTG-TECH-0014) tool and look for all usages of `SSLSocket` and `HostnameVerifier`.
+. Use @MASTG-TECH-0014 to look for all usages of `SSLSocket` and `HostnameVerifier`.
     {{ ../../../../rules/mastg-android-ssl-socket-hostnameverifier.yml }}
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -5,7 +5,7 @@ platform: android @@
     ## Basic APK Installation
-    Use `adb install` to install an APK on an emulator or connected device. The given path is the path of the APK on the host.
+    Use `adb install` (@MASTG-TOOL-0004) to install an APK on an emulator or connected device. The given path is the path of the APK on the host.
     ```bash
     adb install ./myApp.apk
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -3,8 +3,10 @@ title: Reverse Engineering Android Apps @@
     platform: android
     ---
-    Android's openness makes it a favorable environment for reverse engineers, offering big advantages that are not available with iOS. Because Android is open-source, you can study its source code at the Android Open Source Project (AOSP) and modify the OS and its standard tools any way you want. Even on standard retail devices, it is possible to do things like activating developer mode and sideloading apps without jumping through many hoops. From the powerful tools shipping with the SDK to the wide range of available reverse engineering tools, there are a lot of niceties to make your life easier.
+    Android's openness makes it a favorable environment for reverse engineers, offering significant advantages not available on iOS. Because Android is open-source, you can study its source code at the Android Open Source Project (AOSP) and modify the OS and its standard tools any way you want. Even on standard retail devices, it is possible to do things like activating developer mode and sideloading apps without jumping through many hoops. From the powerful tools included with the SDK to the wide range of reverse engineering tools available, there are many features to make your life easier.
-    However, there are also a few Android-specific challenges. For example, you'll need to deal with both Java bytecode and native code. Java Native Interface (JNI) is sometimes deliberately used to confuse reverse engineers (to be fair, there are legitimate reasons for using JNI, such as improving performance or supporting legacy code). Developers sometimes use the native layer to "hide" data and functionality, and they may structure their apps such that execution frequently jumps between the two layers.
+    However, there are a few Android-specific challenges as well. For example, you'll need to deal with both Java bytecode and native code. Java Native Interface (JNI) is sometimes deliberately used to confuse reverse engineers (to be fair, there are legitimate reasons for using JNI, such as improving performance or supporting legacy code). Developers sometimes use the native layer to "hide" data and functionality, and they may structure their apps such that execution frequently jumps between the two layers.
-    You'll need at least a working knowledge of both the Java-based Android environment and the Linux OS and Kernel, on which Android is based. You'll also need the right toolset to deal with both the bytecode running on the Java virtual machine and the native code.
+    You'll need at least a working knowledge of both the Java-based Android environment and the Linux OS and Kernel, on which Android is based. You'll also need the right toolset to work with both bytecode running on the Java virtual machine and native code.
+    To reserve engineer Android apps, consider the following techniques: @MASTG-TECH-0016, @MASTG-TECH-0017, @MASTG-TECH-0018.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Create consistency in wording in v2 tests #3559

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Diolor Dec 5, 2025 •

edited

Loading

Uh oh!

Diolor Dec 5, 2025

Uh oh!

Uh oh!

-Original file line number
+Diff line change
@@ Expand Up / @@ -9,11 +9,11 @@ profiles: [L1, L2] @@
     ## Overview
-    In this test case we will identify dependencies in Android Studio and scan them with @MASTG-TOOL-0131.
+    In this test case we will identify dependencies in Android Studio.
     ## Steps
-. Follow @MASTG-TECH-0131 and execute a scan through the build environment of Android Studio by using Gradle.
+. Use @MASTG-TECH-0131 to scan through the build environment of Android Studio by using Gradle.
     ## Observation
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -10,17 +10,17 @@ profiles: [L1, L2] @@
     ## Overview
-    To test for the [use of broken encryption modes](../../../Document/0x04g-Testing-Cryptography.md#broken-block-cipher-modes) in Android apps, we need to focus on methods from cryptographic frameworks and libraries that are used to configure and apply encryption modes.
+    To test for the [use of broken encryption modes](../../../Document/0x04g-Testing-Cryptography.md#broken-block-cipher-modes) in Android apps, we should focus on methods in cryptographic frameworks and libraries used to configure and apply encryption modes.
-    In Android development, the `Cipher` class from the Java Cryptography Architecture (JCA) is the primary API that allows you to specify the encryption mode for cryptographic operations. [`Cipher.getInstance`](https://developer.android.com/reference/javax/crypto/Cipher#getInstance(java.lang.String)) defines the transformation string, which includes the encryption algorithm, mode of operation, and padding scheme. The general format is `"Algorithm/Mode/Padding"`. For example:
+    In Android development, the `Cipher` class from the Java Cryptography Architecture (JCA) is the primary API for specifying the encryption mode for cryptographic operations. [`Cipher.getInstance`](https://developer.android.com/reference/javax/crypto/Cipher#getInstance(java.lang.String)) defines the transformation string, which includes the encryption algorithm, mode of operation, and padding scheme. The general format is `"Algorithm/Mode/Padding"`. For example:
     ```kotlin
     Cipher.getInstance("AES/ECB/PKCS5Padding")
     ```
-    In this test we're going to focus on symmetric encryption modes such as [ECB (Electronic Codebook)](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB)).
+    In this test, we're going to focus on symmetric encryption modes such as [ECB (Electronic Codebook)](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB)).
-    ECB (defined in [NIST SP 800-38A](https://csrc.nist.gov/pubs/sp/800/38/a/final)) is generally discouraged [see NIST announcement in 2023](https://csrc.nist.gov/news/2023/decision-to-revise-nist-sp-800-38a) due to its inherent security weaknesses. While not explicitly prohibited, its use is limited and advised against in most scenarios. ECB is a block cipher mode that operate deterministically, dividing plaintext into blocks and encrypting them separately, which reveals patterns in the ciphertext. This makes it vulnerable to attacks like [known-plaintext attacks](https://en.wikipedia.org/wiki/Known-plaintext_attack) and [chosen-plaintext attacks](https://en.wikipedia.org/wiki/Chosen-plaintext_attack).
+    ECB (defined in [NIST SP 800-38A](https://csrc.nist.gov/pubs/sp/800/38/a/final)) is generally discouraged [see NIST announcement in 2023](https://csrc.nist.gov/news/2023/decision-to-revise-nist-sp-800-38a) due to its inherent security weaknesses. While not explicitly prohibited, its use is limited and advised against in most scenarios. ECB is a block cipher mode that operates deterministically, dividing plaintext into blocks and encrypting them separately, which reveals patterns in the ciphertext. This makes it vulnerable to attacks like [known-plaintext attacks](https://en.wikipedia.org/wiki/Known-plaintext_attack) and [chosen-plaintext attacks](https://en.wikipedia.org/wiki/Chosen-plaintext_attack).
     For example, the following transformations are all [considered vulnerable](https://support.google.com/faqs/answer/10046138?hl=en):
@@ Expand All @@
     You can learn more about ECB and other modes in [NIST SP 800-38A - Recommendation for Block Cipher Modes of Operation: Methods and Techniques](https://csrc.nist.gov/pubs/sp/800/38/a/final). Also check the [Decision to Revise NIST SP 800-38A, Recommendation for Block Cipher Modes of Operation: Methods and Techniques](https://csrc.nist.gov/news/2023/decision-to-revise-nist-sp-800-38a) and [NIST IR 8459 Report on the Block Cipher Modes of Operation in the NIST SP 800-38 Series](https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8459.pdf) for the latest information.
-    **Out of Scope**: Asymmetric encryption modes like RSA are out of scope for this test because they don't use block modes like ECB.
+    **Out of Scope**: Asymmetric encryption modes, such as RSA, are out of scope for this test because they don't use block modes like ECB.
     In the transformation strings like `"RSA/ECB/OAEPPadding"` or `"RSA/ECB/PKCS1Padding"`, the inclusion of `ECB` in this context is misleading. Unlike symmetric ciphers, **RSA doesn't operate in block modes like ECB**. The `ECB` designation is a [placeholder in some cryptographic APIs](https://github.com/openjdk/jdk/blob/680ac2cebecf93e5924a441a5de6918cd7adf118/src/java.base/share/classes/com/sun/crypto/provider/RSACipher.java#L126) and doesn't imply that RSA uses ECB mode. Understanding these nuances helps prevent false positives.
     ## Steps
-. Run @MASTG-TECH-0014 with a tool such as @MASTG-TOOL-0110 on the app binary, or use @MASTG-TECH-0033 (dynamic analysis) with a tool like @MASTG-TOOL-0001, and look for cryptographic functions specifying the encryption mode to insecure modes.
+. Use @MASTG-TECH-0014 or use @MASTG-TECH-0033 to look for cryptographic functions specifying the encryption mode to insecure modes.
     ## Observation
@@ Expand Down @@

Uh oh!

Create consistency in wording in v2 tests #3559

Are you sure you want to change the base?

Uh oh!

Create consistency in wording in v2 tests #3559

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Diolor Dec 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Diolor Dec 5, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Diolor Dec 5, 2025 •

edited

Loading