update refs to rabin2

techniques/android/MASTG-TECH-0018.md

@@ -70,7 +70,7 @@ $ greadelf -W -s libnative-lib.so | grep Java
      3: 00004e49   112 FUNC    GLOBAL DEFAULT   11 Java_sg_vantagepoint_helloworld_MainActivity_stringFromJNI
 ```
 
-You can also see this using radare2's rabin2:
+You can also see this using radare2's @MASTG-TOOL-0129:
 
 ```bash
 $ rabin2 -s HelloWord-JNI/lib/armeabi-v7a/libnative-lib.so | grep -i Java

techniques/android/MASTG-TECH-0019.md

@@ -27,4 +27,4 @@ It is important to know, the list of strings obtained using the above tools can
 
 ## Native Code
 
-In order to extract strings from native code used in an Android application, you can use GUI tools such as Ghidra or [iaito](https://github.com/radareorg/iaito "iaito") or rely on CLI-based tools such as the _strings_ Unix utility (`strings <path_to_binary>`) or radare2's rabin2 (`rabin2 -zz <path_to_binary>`). When using the CLI-based ones you can take advantage of other tools such as grep (e.g. in conjunction with regular expressions) to further filter and analyze the results.
+In order to extract strings from native code used in an Android application, you can use GUI tools such as Ghidra or [iaito](https://github.com/radareorg/iaito "iaito") or rely on CLI-based tools such as the _strings_ Unix utility (`strings <path_to_binary>`) or radare2's @MASTG-TOOL-0129 (`rabin2 -zz <path_to_binary>`). When using the CLI-based ones you can take advantage of other tools such as grep (e.g. in conjunction with regular expressions) to further filter and analyze the results.

techniques/android/MASTG-TECH-0115.md

@@ -3,7 +3,7 @@ title: Obtaining Compiler-Provided Security Features
 platform: android
 ---
 
-Run @MASTG-TOOL-0028 on the target binary, for example a shared library and grep for the keywords you'd like to check for.
+Run @MASTG-TOOL-0129 on the target binary, for example a shared library and grep for the keywords you'd like to check for.
 
 ```sh
 rabin2 -I lib/x86_64/libnative-lib.so | grep -E "canary|pic"

techniques/ios/MASTG-TECH-0054.md

@@ -47,7 +47,7 @@ Load command 12
       cryptid 1
 ```
 
-Or with radare2:
+Or with @MASTG-TOOL-0129:
 
 ```bash
 rabin2 -I Payload/Telegram X.app/Telegram X | grep crypto
@@ -78,7 +78,7 @@ You can dump the selected app, for example Telegram, by running `python dump.py
 
 After a couple of seconds, the `Telegram.ipa` file will be created in your current directory. You can validate the success of the dump by removing the app and reinstalling it (e.g. using @MASTG-TOOL-0054 `ios-deploy -b Telegram.ipa`). Note that this will only work on jailbroken devices, as otherwise the signature won't be valid.
 
-You can verify that the app binary is now unencrypted:
+You can use @MASTG-TOOL-0129 to verify that the app binary is now unencrypted:
 
 ```bash
 rabin2 -I Payload/Telegram X.app/Telegram X | grep crypto

techniques/ios/MASTG-TECH-0071.md

@@ -5,4 +5,4 @@ platform: ios
 
 Strings are always a good starting point while analyzing a binary, as they provide context to the associated code. For instance, an error log string such as "Cryptogram generation failed" gives us a hint that the adjoining code might be responsible for the generation of a cryptogram.
 
-In order to extract strings from an iOS binary, you can use GUI tools such as Ghidra or [iaito](https://github.com/radareorg/iaito "iaito") or rely on CLI-based tools such as the _strings_ Unix utility (`strings <path_to_binary>`) or radare2's rabin2 (`rabin2 -zz <path_to_binary>`). When using the CLI-based ones you can take advantage of other tools such as grep (e.g. in conjunction with regular expressions) to further filter and analyze the results.
+In order to extract strings from an iOS binary, you can use GUI tools such as Ghidra or [iaito](https://github.com/radareorg/iaito "iaito") or rely on CLI-based tools such as the _strings_ Unix utility (`strings <path_to_binary>`) or radare2's @MASTG-TOOL-0129 (`rabin2 -zz <path_to_binary>`). When using the CLI-based ones you can take advantage of other tools such as grep (e.g. in conjunction with regular expressions) to further filter and analyze the results.

techniques/ios/MASTG-TECH-0113.md

@@ -19,7 +19,7 @@ r2 -A MASTestApp
 74  0x000078c4 0x1000078c4 LOCAL  FUNC 0        imp.SecKeyVerifySignature
 ```
 
-Alternatively, you can use [rabin2 to obtain the symbols](https://book.rada.re/tools/rabin2/symbols.html) by running `rabin2 -s MASTestApp`.
+Alternatively, you can use @MASTG-TOOL-0129 to [obtain the symbols](https://book.rada.re/tools/rabin2/symbols.html) by running `rabin2 -s MASTestApp`.
 
 ## objdump
 

tests/android/MASVS-CODE/MASTG-TEST-0044.md

@@ -19,7 +19,7 @@ deprecation_note: New version available in MASTG V2
 
 Test the app native libraries to determine if they have the PIE and stack smashing protections enabled.
 
-You can use @MASTG-TOOL-0028 to get the binary information. We'll use the @MASTG-APP-0015 v1.0 APK as an example.
+You can use @MASTG-TOOL-0129 to get the binary information. We'll use the @MASTG-APP-0015 v1.0 APK as an example.
 
 All native libraries must have `canary` and `pic` both set to `true`.
 

tests/android/MASVS-STORAGE/MASTG-TEST-0011.md

@@ -273,7 +273,7 @@ There are various ways to analyze the memory of a process, e.g. live analysis vi
 
 Whether you are using a rooted or a non-rooted device, you can dump the app's process memory with @MASTG-TOOL-0038 and @MASTG-TOOL-0106. You can find a detailed explanation of this process in @MASTG-TECH-0044, in the chapter "Tampering and Reverse Engineering on Android".
 
-After the memory has been dumped (e.g. to a file called "memory"), depending on the nature of the data you're looking for, you'll need a set of different tools to process and analyze that memory dump. For instance, if you're focusing on strings, it might be sufficient for you to execute the command `strings` or `rabin2 -zz` to extract those strings.
+After the memory has been dumped (e.g. to a file called "memory"), depending on the nature of the data you're looking for, you'll need a set of different tools to process and analyze that memory dump. For instance, if you're focusing on strings, it might be sufficient for you to execute the command `strings` or `rabin2 -zz` from @MASTG-TOOL-0129 to extract those strings.
 
 ```bash
 # using strings

tests/ios/MASVS-PLATFORM/MASTG-TEST-0070.md

@@ -103,7 +103,7 @@ From the note above we can highlight that:
 - The mentioned `NSUserActivity` object comes from the `continueUserActivity` parameter, as seen in the method above.
 - The scheme of the `webpageURL` must be HTTP or HTTPS (any other scheme should throw an exception). The [`scheme` instance property](https://developer.apple.com/documentation/foundation/urlcomponents/1779624-scheme "URLComponents scheme") of `URLComponents` / `NSURLComponents` can be used to verify this.
 
-If you don't have the original source code you can use radare2 or rabin2 to search the binary strings for the link receiver method:
+If you don't have the original source code you can use @MASTG-TOOL-0073 or @MASTG-TOOL-0129 to search the binary strings for the link receiver method:
 
 ```bash
 $ rabin2 -zq Telegram\ X.app/Telegram\ X | grep restorationHan

tests/ios/MASVS-PLATFORM/MASTG-TEST-0071.md

@@ -32,7 +32,7 @@ If having the source code, you should take a look at the `UIActivityViewControll
 - Check if it defines custom activities (also being passed to the previous method).
 - Verify the `excludedActivityTypes`, if any.
 
-If you only have the compiled/installed app, try searching for the previous method and property, for example:
+If you only have the compiled/installed app, try searching for the previous method and property, for example using @MASTG-TOOL-0129:
 
 ```bash
 $ rabin2 -zq Telegram\ X.app/Telegram\ X | grep -i activityItems

tests/ios/MASVS-PLATFORM/MASTG-TEST-0075.md

@@ -246,7 +246,7 @@ Search for deprecated methods like:
 - [`openURL:`](https://developer.apple.com/documentation/uikit/uiapplication/1622961-openurl?language=objc "UIApplication openURL:")
 - [`application:openURL:sourceApplication:annotation:`](https://developer.apple.com/documentation/uikit/uiapplicationdelegate/1623073-application "UIApplicationDelegate application:openURL:sourceApplication:annotation:")
 
-For example, here we find those three:
+For example, using @MASTG-TOOL-0129 we find those three:
 
 ```bash
 $ rabin2 -zzq Telegram\ X.app/Telegram\ X | grep -i "openurl"

tests/ios/MASVS-PLATFORM/MASTG-TEST-0076.md

@@ -25,7 +25,7 @@ For the static analysis we will focus mostly on the following points having `UIW
 
 Look out for usages of the above mentioned WebView classes by searching in Xcode.
 
-In the compiled binary you can search in its symbols or strings like this:
+In the compiled binary you can search in its symbols or strings, for example using @MASTG-TOOL-0129 like this:
 
 #### UIWebView
 
@@ -76,7 +76,7 @@ let webPreferences = WKPreferences()
 webPreferences.javaScriptEnabled = false
 ```
 
-If only having the compiled binary you can search for this in it:
+If only having the compiled binary you can search for this in it using @MASTG-TOOL-0129:
 
 ```bash
 $ rabin2 -zz ./WheresMyBrowser | grep -i "javascriptenabled"
@@ -90,7 +90,7 @@ If user scripts were defined, they will continue running as the `javaScriptEnabl
 
 In contrast to `UIWebView`s, when using `WKWebView`s it is possible to detect [mixed content](https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content?hl=en "Preventing Mixed Content") (HTTP content loaded from a HTTPS page). By using the method [`hasOnlySecureContent`](https://developer.apple.com/documentation/webkit/wkwebview/1415002-hasonlysecurecontent "WKWebView hasOnlySecureContent") it can be verified whether all resources on the page have been loaded through securely encrypted connections. This example from [#thiel2] (see page 159 and 160) uses this to ensure that only content loaded via HTTPS is shown to the user, otherwise an alert is displayed telling the user that mixed content was detected.
 
-In the compiled binary:
+In the compiled binary you can use @MASTG-TOOL-0129:
 
 ```bash
 $ rabin2 -zz ./WheresMyBrowser | grep -i "hasonlysecurecontent"

tests/ios/MASVS-PLATFORM/MASTG-TEST-0077.md

@@ -73,7 +73,7 @@ do {
 } catch {}
 ```
 
-If only having the compiled binary, you can also search for these methods, e.g.:
+If only having the compiled binary, you can also search for these methods using @MASTG-TOOL-0129:
 
 ```bash
 $ rabin2 -zz ./WheresMyBrowser | grep -i "loadHTMLString"
@@ -94,7 +94,7 @@ wkWebView.loadFileURL(scenario1Url, allowingReadAccessTo: scenario1Url)
 
 In this case, the parameter `allowingReadAccessToURL` contains a single file "WKWebView/scenario1.html", meaning that the WebView has exclusively access to that file.
 
-In the compiled binary:
+In the compiled binary you can use @MASTG-TOOL-0129:
 
 ```bash
 $ rabin2 -zz ./WheresMyBrowser | grep -i "loadFileURL"

tests/ios/MASVS-STORAGE/MASTG-TEST-0060.md

@@ -32,7 +32,7 @@ There are several approaches and tools available for dynamically testing the mem
 
 Whether you are using a jailbroken or a non-jailbroken device, you can dump the app's process memory with @MASTG-TOOL-0038 and  @MASTG-TOOL-0106. You can find a detailed explanation of this process in @MASTG-TECH-0044.
 
-After the memory has been dumped (e.g. to a file called "memory"), depending on the nature of the data you're looking for, you'll need a set of different tools to process and analyze that memory dump. For instance, if you're focusing on strings, it might be sufficient for you to execute the command `strings` or `rabin2 -zz` to extract those strings.
+After the memory has been dumped (e.g. to a file called "memory"), depending on the nature of the data you're looking for, you'll need a set of different tools to process and analyze that memory dump. For instance, if you're focusing on strings, it might be sufficient for you to execute the command `strings` or `rabin2 -zz` from @MASTG-TOOL-0129 to extract those strings.
 
 ```bash
 # using strings

tools/android/MASTG-TOOL-0028.md

@@ -31,62 +31,7 @@ $ rafind2 -ZS service AndroidManifest.xml
 $ rafind2 -ZS receiver AndroidManifest.xml
 ```
 
-Or use `rabin2` to get information about a binary file:
-
-```bash
-$ rabin2 -I UnCrackable-Level1/classes.dex
-arch     dalvik
-baddr    0x0
-binsz    5528
-bintype  class
-bits     32
-canary   false
-retguard false
-class    035
-crypto   false
-endian   little
-havecode true
-laddr    0x0
-lang     dalvik
-linenum  false
-lsyms    false
-machine  Dalvik VM
-maxopsz  16
-minopsz  1
-nx       false
-os       linux
-pcalign  0
-pic      false
-relocs   false
-sanitiz  false
-static   true
-stripped false
-subsys   java
-va       true
-sha1  12-5508c  b7fafe72cb521450c4470043caa332da61d1bec7
-adler32  12-5528c  00000000
-```
-
-Type `rabin2 -h` to see all options:
-
-```bash
-$ rabin2 -h
-Usage: rabin2 [-AcdeEghHiIjlLMqrRsSUvVxzZ] [-@ at] [-a arch] [-b bits] [-B addr]
-              [-C F:C:D] [-f str] [-m addr] [-n str] [-N m:M] [-P[-P] pdb]
-              [-o str] [-O str] [-k query] [-D lang symname] file
- -@ [addr]       show section, symbol or import at addr
- -A              list sub-binaries and their arch-bits pairs
- -a [arch]       set arch (x86, arm, .. or <arch>_<bits>)
- -b [bits]       set bits (32, 64 ...)
- -B [addr]       override base address (pie bins)
- -c              list classes
- -cc             list classes in header format
- -H              header fields
- -i              imports (symbols imported from libraries)
- -I              binary info
- -j              output in json
- ...
-```
+Or use @MASTG-TOOL-0129 to get information about a binary file.
 
 Use the main `r2` utility to access the **r2 shell**. You can load DEX binaries just like any other binary: