Mobile Application Hacking Diary Ep.2

Android Patching 利用Jadx, dex2jar-jdgui, Bytecode Viewer等工具 decompile App. NIN: 作者推荐 Bytecode Viewer. // APKTool zeq3ul@home:~/Desktop$ java -jar apktool.jar d vulnapp.apk 改 Smali Using apktool to build new app Signing the app using Apk Sign which can automatically sign an apk with the Android test certificate that embed…

Prototyping And Reverse Engineering With Frida by Jay Harris

Watch on YouTube Slide Material Demo 1 // Run within REPL Process.getCurrentThreadId() Process.enumerateModulesSync() Interceptor.attach(ptr(Module.findExportByName(null, "rand")), {onLeave: function(retval){retval.replace(0x00)}}) Demo 2 - frida-trace frida-trace -i "*" my_process frida-trace -i "*rand*" -i "read" exercise Demo…

Bypass OTP validation on Password Reset

核心问题 App 没有在 OTP 验证时 lock account, 导致可以 bruteforcing App 只在 client side 做验证. Exploit 密码重置的流程: 点击'Forget Password' 输入 Mobile No. 输入 OTP 设置新的 password 测试1 - Brute Force OTP 检查服务器有否 lock account. 测试2 - 篡改 response Response for Wrong OTP: HTTP/1.1 200 OK [REDACTED] {"VerifyAndDeleteOTPApplicationResponse"…

iPhone5c Jailbreak

HomeDepot http://wall.supplies/ Jailbreak.me https://jailbreak.me Phoenix IPA Online Troubleshooting Cydia is Showing DPKG_LOCKED dpkg –-configure -a…