https://github.com/fkie-cad/eeva

E²VA short for Exploitation Experience with Vulnerable App is a vulnerable app to learn userspace exploitation on Android
https://github.com/fkie-cad/eeva

android binary-exploitation damn-vulnerable-app exploitation

Last synced: 11 days ago
JSON representation

E²VA short for Exploitation Experience with Vulnerable App is a vulnerable app to learn userspace exploitation on Android

• Host: GitHub
• URL: https://github.com/fkie-cad/eeva
• Owner: fkie-cad
• License: gpl-3.0
• Created: 2022-11-21T12:24:05.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2023-09-18T13:45:19.000Z (almost 2 years ago)
• Last Synced: 2025-05-06T06:47:25.222Z (about 2 months ago)
• Topics: android, binary-exploitation, damn-vulnerable-app, exploitation
• Language: Java
• Homepage:
• Size: 3.03 MB
• Stars: 14
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# E2VA, the *Damn Vulnerable App*

E2VA is an app allowing for binary exploitation on Android OS. It allows an external user to select and communicate with modules that contain severe vulnerabilities. Therefore, E2VA enables research on the applicability of *standard* binary exploitation techniques to Android apps, which call native functions.

E2VA stands for *Exploitation Experience (with) Vulnerable App*. It is the foundation of a series of [blog posts](https://lolcads.github.io/posts/2022/11/diving_into_the_art_of_userspace_exploitation_under_android/) that describe exploitation of some already existing vulnerable modules. 

![E2VA Architecture](https://raw.githubusercontent.com/fkie-cad/eeva/main/assets/eeva.svg)

The app runs on a Pixel 3 emulator (without Google Play for root access), running Android 12 (API level 31), and an x86 - 64 architecture. Other setups have not yet been tested!

## Installation

**Warning**: This app requests a [runtime - permission](https://developer.android.com/reference/android/provider/Settings.html#ACTION_MANAGE_OVERLAY_PERMISSION) that it needs to stay active for e.g. long debugging sessions. As this app contains **actual vulnerabilities**, there is always a risk of some third party attacking the app, getting code execution and rampaging through your system. Therefore, launch E2VA in a controlled environment, which does not contain any important and/or personal information that must not be lost and/or leaked. (or accept the risk)

Currently, there are two ways of installing E2VA.

### APK

Use the `.apk` file, which is (hopefully kept) up to date with the current version of E2VA. This is the *intended* route, i.e. taking perspective of an attacker, it is more likely to have access to an `.apk` - file than the app's original source code.

### Build via *Android Studio*

As this is just the pushed [*Android Studio*](https://developer.android.com/studio) project of E2VA, one can just build the app, create own modules, optimize communication between external client and E2VA etc.

## Emulator Hardware Profile

Up to this point, an AVD (Android Virtual Device) to run E2VA can be created by either using a predefined hardware profile in Android Studio (called *Pixel 3*), or by importing the hardware profile in this repository.