{"id":13498342,"url":"https://github.com/user1342/Broken-Droid-Factory","last_synced_at":"2025-03-29T01:30:20.510Z","repository":{"id":119823550,"uuid":"562218156","full_name":"user1342/Broken-Droid-Factory","owner":"user1342","description":"BDF is a Python tool designed to spin-up pseudo random vulnerable Android applications for training when it comes to vulnerability research, ethical hacking, and pen testing on Android apps. ","archived":false,"fork":false,"pushed_at":"2024-04-14T18:52:34.000Z","size":1393,"stargazers_count":41,"open_issues_count":0,"forks_count":3,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-28T19:16:10.085Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/user1342.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null},"funding":{"ko_fi":"JamesStevenson"}},"created_at":"2022-11-05T17:01:31.000Z","updated_at":"2025-03-20T16:13:36.000Z","dependencies_parsed_at":"2023-06-03T07:00:32.259Z","dependency_job_id":null,"html_url":"https://github.com/user1342/Broken-Droid-Factory","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/user1342%2FBroken-Droid-Factory","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/user1342%2FBroken-Droid-Factory/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/user1342%2FBroken-Droid-Factory/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/user1342%2FBroken-Droid-Factory/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/user1342","download_url":"https://codeload.github.com/user1342/Broken-Droid-Factory/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246125306,"owners_count":20727406,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T21:00:22.973Z","updated_at":"2025-03-29T01:30:20.223Z","avatar_url":"https://github.com/user1342.png","language":"Python","funding_links":["https://ko-fi.com/JamesStevenson"],"categories":["Misc"],"sub_categories":["Case Studies"],"readme":"\u003cp align=\"center\"\u003e\n    \u003cimg width=100% src=\"cover.png\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e 🤖 Create vulnerable Android apps for testing \u0026 training in seconds. 📱 \u003c/p\u003e\n\n\u003cbr\u003e\n\nBDF is a Python tool designed to spin-up pseudo random vulnerable Android applications for vulnerability research, ethical hacking, and pen testing Android app practice. \n- To get started, download the dependancies and run ```BrokenDroidFactory.py```, it's as simple as that! ✔️\n- Create a pseudo random Android APK that contains an assortment of vulnerable and issue prone code. 💀\n- After run, a ```README.md``` file is created detailing the app's issues and vulnerabilities. 📝 \n\n# ➡️ Getting Started \n## Installation \nAfter cloning the repository all BDF dependencies can be installed manually or via the requirements file, with:\n\n``` bash\npip install -r REQUIREMENTS.txt\n```\n\nIn addition to the above, you will also need a copy of the Android SDK. If you do not have this already [it can be downloaded here](https://developer.android.com/studio) by either downloading it via Android Studio or downloading it via the command line tools. To ensure that BDF picks up your SDK path perform **one of the following**:\n- Save your SDK path to ```C:\\Users\\\u003cusername\u003e\\AppData\\Local\\Android\\Sdk``` on Windows.\n- Provide the path to your SDK to BDF with the ```-s``` paramiter. \n- Provide the path to your SDK when prompted by the command line.\n- Create a file at ```Broken-Droid-Factory/demoapp/local.properties``` with the contents ```sdk.dir=\u003cpath to your SDK\u003e```\n- Open the Android project ```demoapp``` in AndroidStudio, it will then create a local file called ```local.properties``` detailing your SDK path. \n\nBDF has only been tested on **Windows 10**.\n\n## Usage\nRun BDF with Python:\n```bash\npython BrokenDroidFactory.py\n```\n\nSeveral optional pramiters can be provided to BDF, use ```-h``` to see a full list:\n\n```\noptional arguments:\n  -h, --help            Show this help message and exit.\n  -o OUTPUT, --output OUTPUT\n                        The output directory for the compiled APK to be saved\n                        to.\n  -t TEMPLATE, --template TEMPLATE\n                        The path to the template app. Do not alter unless you\n                        know what you're doing.\n  -s SDK, --sdk SDK     The path to your local Android SDK.\n  -c CHALLENGE, --challenge CHALLENGE\n                        The desired challenge level for the created APK.\n  -v, --verbose         Increase output verbosity.\n```\n\nAfter running BDF to completion you will be left with 2 files in the output directory (```out``` if not provided). A ```README.md``` file detailing the workings and the types of challenges in the app, and an ```.apk``` file.\n\n# 🏅 Types Of Challenges\nUse BDF to create vulnerable and issue prone Android applications in the below categories:\n- Broken Crypto: Insecure Algorithm Usage ✅\n- Broken Crypto: Predictable Key Material ✅\n- Exploitable Exported Activities ✅\n- Insecure Data Storage ❌\n- Sensitive Data In Memory ✅\n- Tapjacking ❌\n- Task hijacking ❌\n\n# ⚗️ Creating Your Own Patchers\nPatchers are used by BDF to modify a template application source and add vulnerable and issue prone code to it. A patcher must have several key aspects and have this purpose in mind. However, outside of this how patchers are implemented is quite flexible and modular.\n- A patcher should be saved to the ```patchers``` directory.\n- A patcher should inherit ```patcher_interface.patcher```\n- A patcher should have a member variable of ```difficulty``` set to an int value between 0 and 10 - where 0 means it provides no challenge and is used to add variability to the app, and a number higher than 0 denotes it's difficulty score to complete (with the higher the score the more difficult it is).\n- A patcher should have a ```patch``` function (of which is automatically run when the patcher is called by BDF) and should return a string based on what the patcher has done.\n- A reference to your created patcher class should be added to the ```patcher_list``` list variable in ```BrokenDroidFactory.py```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fuser1342%2FBroken-Droid-Factory","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fuser1342%2FBroken-Droid-Factory","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fuser1342%2FBroken-Droid-Factory/lists"}