lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
hpr-knowledge-base/hpr_transcripts/hpr4117.txt
Lee Hanken 7c8efd2228 Initial commit: HPR Knowledge Base MCP Server 
- MCP server with stdio transport for local use
- Search episodes, transcripts, hosts, and series
- 4,511 episodes with metadata and transcripts
- Data loader with in-memory JSON storage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00

146 lines
17 KiB
Plaintext
Raw Permalink Blame History

Episode: 4117
Title: HPR4117: JAMBOREE !
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr4117/hpr4117.mp3
Transcribed: 2025-10-25 19:50:01
---
This is Hacker Public Radio Episode 4117 for Tuesday the 14th of May 2024.
Today's show is entitled J-A-M-B-O-R-E.
It is hosted by Operator and is about 19 minutes long.
It carries an explicit flag.
The summary is Java Android Magisk Burp Objection, root emulator EasyJ-A-M-B-O-R-E.
Hello everyone and welcome to an episode of Hacker Public Radio with their host Operator.
What I'm going to be talking about today is the tool I've been working on for the best couple of years.
It's a installer of sorts, portable installer for Android emulation and testing.
And there's a bunch of other tools in here for AI and stuff like that.
And I won't go into the detail right now, but I'll just give you the forward of, you know, it's Jamperey.
It's called Java Android Magisk Burp Objection and root emulator Easy. It's acronym.
And the problem and the reason I created this tool is that I was told to kind of keep an eye on our web application space for my employer while we looked for a new web application guy.
And I was asked to look at some Android applications or some mobile applications.
And I said, I can't use docs or blue stacks, which are kind of free tools that are basically spyware and hardware that you put on your system that do God knows what.
So I said, I need a legit way to test Android applications without, you know, installing software that I don't trust.
So this is a way to legitimately install, you know, Google Android emulation through the ADD or AVD, they call it Android AVD emulator.
So if you want a legit Android emulator in Windows within a few seconds that you can have full root access with it and it's got certificate sign and you can expect the traffic and you can hook the functions and run tools on top of it.
So this is what you want. And that's the problem. And I've added other tools in here because I make scripts to do stuff. So I've gotten some AI stuff and here I'll go over if you're interested in AI images or any of the LLM, local LLM's, LLLA imagery, any of that stuff, that's what this has got set up for too.
Other than that, there's a few other security tools, Active Directory testing with Bloodhound. If you haven't done any of that, that is fun stuff to do. And that's pretty much it.
But the goal is to make it one no administrator except for the drivers for the emulator if you want hardware acceleration, which you do want, you do not want to have to wait five minutes for the emulator to boot.
But you can use it in a pinch. So that said, if you need an emulator and you need it fast, you can get it fast, but it will not run fast. You need administrator for that.
So the other piece of it is having it portable. So I want a one click way to do the thing that I'm trying to do.
And these installers are on GitHub and, you know, there's a bad script that does a thing and then it pulls down some stuff and does something else and pulls it and it makes a mess of your system.
We see a little bit more portability. I would guess with things like installers like the I want to say many are something.
A lot of them now are using these installers, which is called Arya or many something. I'll get to it in a second.
Anyways, they're getting a little bit better as far as the installers, but what is up happening with a lot of people is they have a broken Python environment where they have environment variables set all over the place where they have an IDE installed and which is an IDE for people that don't program.
They have a lot of applications that give you a UI to wrap around all of your testing. So Microsoft is a studio or whatever is a big one.
And this to actually has PyTram built into it. So portable sort of Python PyTram.
But that's another piece of it. It's just having files all over the place and your environments messed up and oh, it's not working well because you have Python installed and it's an older version or two newer version or whatever.
So this handles all of that for you handles all the environment variables that reset some and just make stuff work.
So the thing I was talking about, the installer I was talking about was you might have heard something called chocolatey for Windows, maybe even anaconda.
The newer stuff is called miniconda and I might transfer everything over to miniconda, but that's probably not going to happen because I'm the only person that uses this tool.
So anyways, the whole purpose of it is to give you that portable Android experience in a very quick way and be able to inspect the software and see what track is going over the network.
The truth is, is all these, a lot of these applications are on for phones are security through obscurity and there is a very niche. I don't want to say very niche, but there is a.
An uncanny, the small number of people that can do this work that contest Android and mobile applications.
It's not necessarily difficult, but it's a lot of layers of nonsense that sits in front of this horrible code. So at the end of the day, you know, you have, you know, these things called anti root detection or, you know, they do a thing called SSL pending where the application itself has an SSL certificate.
So even if you have your own certificates and you can break that proxy connection, you have to also pull in as a certificate from the application itself or break the function call that calls that actual encryption.
So, you know, all these applications needs to say are kind of hidden and then once you finally peel the layers of obfuscation away, you usually end up with a pretty horrible application and if you're a bank app for your phone is probably going to be a different server or service in your bank for your website.
People hammer on websites all the time, but people, the number of people that attack and or try to exploit applications for mobile devices is is is is minimal is nonexistent compared to the number of people.
It's a small, it's a small subset of a subset of a subset that actually gets to look at the stuff and see how awful it is and I just want to let everyone know that it is still pretty awful.
I mean we're talking to 2000 type of attacks where, you know, just simple replacing IDs with something and then something bad happens.
So, it's these layers of obfuscation that allow coders to write really bad code and they're protected by you can't really see the wizard behind the, the wish that it was behind the curtain right.
So, I'll go over real quickly kind of the tools and the approach.
So, instead of using these, you know, malware blue stacks, you got knocks and it's easy.
It's a powerful script. It's open source. You can look at it. I'll tell you if you look at the source code, the only weird thing that you'll see in there is a really long line that's a bunch of binary code.
You can take that binary code and obfuscate it whatever it is to license except the license for all the Android emulation stuff.
And I found that that actual line on Microsoft site oddly enough to help, you know, for our their automation.
So, if they're trying to roll out something using ADB or any of the Android tools, this one liner takeaway will basically create a zip file which is on.
It creates a zip file with all the text files in it for the licensing.
And then I extract that zip file and it sits in the folder so that it knows to look for those license files, which is kind of weird. So anyways, that's the only weird thing that's not inherently easy to read.
Everything else is straight up. You can see the source code. You can see what repositories it checks out.
I try to keep everything latest and greatest with the exception of the few things like Frida and whatever, but generally speaking, my rule and thumb is to pull down the latest and greatest version of whatever it is so that I don't have to manage versions.
And what I do is, you know, I use it a lot. I use it at home. I use it on my work computer. I use it all over the place. So if something happens, I usually do notice and I can fix it.
So it is a fun stuff. Android emulation. I have videos on how to do it, how to get a set up, how to get the environment set up. It's click, click, click easy. You have, you know, root within minutes and be able to see that traffic.
So I'll quickly go to the tool sets, RMS runtime, all of security. We've got burp, burp suite. We have zap and ZetaTack proxy using burp suite. So you can use both zap and burp suite at the same time with Android emulation. So you can pretty much have Android emulator going through burp suite and going through ZetaTack proxy and have the best of all all three worlds right there at the fingertips.
Good to go. You got Google Play, you can log in, do all your Google stuff. You got Java, you got Android 11, API 3.0. It's an older API, but I like to kind of pick the most common, not the latest and greatest. So you can pick whatever you want. You can make it latest and greatest, but you might have to do a little bit of work to get that root to work on a newer device.
So you can get root. It's got Magisk. So that's the part rule that will help you get root. Burp is of course burp suite testing web application, kind of the de facto standards, excuse me.
Of Android testing or web application testing, objections, set of tools for hooking functions, sort of like runtime of security.
Root, you have on the Android device itself. So if you need to play around with Android as root and just look around the file system, put a book around it's basically Linux and a bunch of really small binaries and some really cool creative stuff around security that they've done to make it more secured.
You got Frida and it sets up their certificates for you. This is the biggest piece of it. Setting up the certificates and setting this whole environment up for Android takes.
I mean, I've seen 80 pages of documentation and videos that go on for 40 minutes at a time.
I'm telling you within two minutes on a fast machine, you can have SSL decryption running runtime mobile security with burp suite and Zeta Tech proxy within seconds.
So it gives you all this pretty quickly. Automatical level 11, which is an image talked about AI image stuff. AutoTP sort of a cute project that didn't didn't pan out.
I don't know if they're still working on it, but it was supposed to be deployable agents that go and do stuff for you.
So you tell it to do something and it will create an AI agent that creates agents to do a thing for you.
Get Bloodhound, which is Active Directory tool. So you get three clicks that you don't have to install anything.
You know, don't need route. You don't need any of that. So if you haven't tested your Active Directory, definitely check out Bloodhound and Jambree.
It's like three clicks. You run the collection, logged in as any domain user, it doesn't matter.
And then you can take that file into a sandbox, whatever you want to do, and run the Neo4j.
And run Bloodhound and do all your analysts locally without even having the internet if you're terrified about, you know, stuff getting out.
Pychon, Oracle Linux through Whistle window window system for Linux, excuse me.
And Ubuntu with the option of installing Obama, which is a large language, all the stuff, and setting that up for you through Windows subsist Linux.
Postgres without admin, that would kind of took me a second. That was pretty creative. So if you need Postgres, that's going to be part of possibly if I do the new Bloodhound is a Docker container.
It's much faster, like 10 hundred times faster than the old Bloodhound, but it doesn't support as much stuff right now as of now.
But it's like a complete, most of a lot of rewrite on the engine core engine stuff.
So anyways, you've got a lot more Postgres than I had silly tab, which is like a conversational AI thing.
You can have different character cards and play around with that, and then volatility three is a memory addressing tool.
And I need to add one more, which is Ducky to Spark and Arduino IDE. That's another one I need to add in there.
But anyways, I will do that while I'm mumbling, that's you.
So what is this for? It's for people that want to easily check something out or have a portable environment with everything that they need.
So that's kind of the point of the whole thing is to give quick and easy setup of this type of stuff.
And it ends up being, you know, kind of a dumping ground for, like I said, for all my tools and set up to Spark.
Let's see, Arduino, AR, D-U-I-N-O-I-D-E, and with Ducky to Spark.
I want to save that.
Alright, so that's pretty much the use cases, right?
Who wants to check this out?
Pintesters? Any Pintesters? Anyone that does any Java programming?
Node. It has Node in there, too, by the way.
Java, Node, Python, Git, all in a single click, 8080B.
So you can have an 80B bridge, an 80B bridge to an Android device.
Python, Java, Node, Git, all in one single portable command line and be good to go and not have to do anything.
So if you want a quick environment to set up in, you don't want to install anything, you don't have admin.
Who cares? Nothing cares. All your endpoint tools.
Don't care about anything except for sharp hound and bloodhound.
Binary, both. They don't like. There's other ways to collect that information and run it through a bloodhound.
But that's the only thing that anything we'll complain about as far as like endpoint tools or any of that stuff.
Nothing cares about it. It's just kind of terrifying that you can install a full blown, you know, two different programming languages
and do run whatever you want to run without endpoint tools being detecting you.
So kids, pretty much, that's pretty much it.
I should have like an episode for each type of, each type of option or each button or each thing.
But I just don't have enough time to go everything and I have a list a mile long of other episodes to do.
But mainly if anybody wants to be shown how this works or maybe you want me to do a show on a specific part of this.
But I have videos on the site. It's jamboree.armacurti.com.
If you want to quickly get to my GitHub, I don't put it in the show notes, I guess.
But it's, it's, I use a lot. I use burpsweet. I use it just for burpsweet. I use it for Android testing.
I use it for AI stuff. If I need to do any AI imagery, local AI image or local language models.
Bloodhound not so much anymore. But, and if I'm ever doing any ADB stuff, I'll just plug my phone in and then click the command prompt link.
And it'll pull down ADB and pull down all the stuff and automatically do it all. Send it all up for me.
Oh, it also has YouTube downloader, which I need to add to.
YouTube downloader is like a tool to download YouTube videos and stuff.
Which is also fun because it does some extra stuff. And it just basically has a command line that it runs.
It opens up a text file, you dump in the links that you want to download or the channels you want to download.
And it will do all of the handling of the downloading for you.
I did use to do multi-threaded support with YouTube downloader.
So instead of downloading each file one at a time, it would download all the files or one file at a time with like 14 threads at a time.
And that was like if you're going to download like gigs of stuff.
So I just have a download one at a time and I didn't do the multi-threading stuff.
I have a bad file somewhere that will do multi-threaded YouTube download through using REC2, which is a multi-threaded downloader.
So if you have to download a lot of stuff on the web, do four threads at a time for connection up to 15 domains or so.
So you can pull down, basically you can ruin your bandwidth with REC2 and like YouTube downloader.
Anyways, that's pretty much it.
Like I said, if anybody wants me to do a lab on any of this stuff or like a workshop, or if you want me to do a specific episode about Silly Tavern or Olama or any of that stuff, there are a million other things out there.
But the purpose of this tool is to bring it all together and make it easy and portable.
And if something happens, don't worry, just delete the folder and you're done.
Like you don't have to worry about anything messing up your system, your reboot, and it's done.
So anyways, I hope someone uses it besides me, there's a handful of people that use it and outside of myself.
But I don't know, it's just a little project I've been working on and it's the thing that's bothered me that barrier to entry for Android testing has bothered me for probably 15 years.
And this is the only project I know of an existence that gives you auditable code to get to that point where you can look at Android applications and not worry about getting malware or spyware, a bunch of crap taking over your system.
Anyways, y'all have a great time and I will try to do some other episodes on some other cool stuff.
But feel free to reach out, let me know if you want me to do an episode on a specific part of Champerry or whatever, let me know.
Also looking for interviews, so if you want to do an interview, hit me up.
You got my contact information on my site.
Anyways, have a good one, take it easy, and later.
You have been listening to Hacker Public Radio at HackerPublicRadio.org.
Today's show was contributed by a HBR listener like yourself.
If you ever thought of recording podcasts, you click on our contribute link to find out how easy it leads.
Hosting for HBR has been kindly provided by an honesthost.com, the internet archive and our syncs.net.
On this otherwise status, today's show is released under Creative Commons Attribution 4.0 International License.
Reference in New Issue View Git Blame Copy Permalink