← Back to list
mobile-security
by kiwamizamurai
CTF (Capture The Flag) learning workspace with writeups and solution scripts
⭐ 1🍴 0📅 Jan 22, 2026
Run in ManusSKILL.md
name: mobile-security description: Reverses and exploits mobile applications. Use when working with Android APK files, iOS IPA files, mobile app reversing, Frida hooking, or app security analysis challenges. allowed-tools: Bash, Read, Write, Grep, Glob
Mobile Security Skill
Quick Workflow
Progress:
- [ ] Extract APK/IPA
- [ ] Decompile (jadx for Android)
- [ ] Search for hardcoded secrets
- [ ] Check native libraries
- [ ] Dynamic analysis with Frida if needed
- [ ] Extract flag
Quick Analysis Pipeline
# Android APK
file app.apk
apktool d app.apk -o extracted/
jadx app.apk -d output/
grep -r "flag\|secret" output/
# iOS IPA
unzip app.ipa -d extracted/
strings Payload/App.app/App | grep -i flag
Reference Files
| Topic | Reference |
|---|---|
| Android APK Analysis | reference/android.md |
| iOS IPA Analysis | reference/ios.md |
| Frida & objection | reference/frida.md |
Tools Summary
| Tool | Purpose | Install |
|---|---|---|
| jadx | Java decompiler | github.com/skylot/jadx |
| apktool | APK decode/rebuild | apktool.org |
| Frida | Dynamic instrumentation | pip install frida-tools |
| objection | Runtime exploration | pip install objection |
| Ghidra | Native lib reversing | ghidra-sre.org |
| dex2jar | DEX to JAR | github.com/pxb1988/dex2jar |
CTF Quick Patterns
# Flag in resources
grep -r "flag\|ctf\|secret" extracted/res/
# Flag in native library
strings extracted/lib/*/*.so | grep -i flag
# Hardcoded secrets
grep -r "api_key\|secret\|password" output/
Score
Total Score
55/100
Based on repository quality metrics
✓SKILL.md
SKILL.mdファイルが含まれている
+20
○LICENSE
ライセンスが設定されている
0/10
○説明文
100文字以上の説明がある
0/10
○人気
GitHub Stars 100以上
0/15
✓最近の活動
1ヶ月以内に更新
+10
○フォーク
10回以上フォークされている
0/5
✓Issue管理
オープンIssueが50未満
+5
✓言語
プログラミング言語が設定されている
+5
✓タグ
1つ以上のタグが設定されている
+5
Reviews
💬
Reviews coming soon
