Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Solving OWASP MSTG CrackMe using Frida

186 views

Published on

This is solution to OWASP MSTG Crack Me Level 1 using dynamic binary instrumentation framework - Frida.

Please check my youtube video for detailed walkthrough.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Solving OWASP MSTG CrackMe using Frida

  1. 1. Solving OWASP MSTG CrackMe using Frida Level 01 Chandrapal Badshah
  2. 2. Tools required 1. Genymotion Android Emulator (AVD also works) 2. Android Platform Tools - adb 3. Frida 4. OWASP MSTG CrackMe Level 01 apk file 5. Jadx-GUI Links given below in the description
  3. 3. Before we jump into solving the challenge, let’s see what’s the challenge
  4. 4. The Challenge
  5. 5. Why not static analysis ?
  6. 6. Let’s see a demo and dive into the code
  7. 7. Challenge 1.1 - Bypass the root & debug detection Please pause the video and think of a way to bypass it
  8. 8. Multiple ways to bypass this ● Hook each function c.a() , c.b() , c.c() and b.a() and return false.
  9. 9. Multiple ways to bypass this ● Hook each function c.a() , c.b() , c.c() and b.a() and return false. ● Hook the function a() and change the implementation of it.
  10. 10. Multiple ways to bypass this ● Hook each function c.a() , c.b() , c.c() and b.a() and return false. ● Hook the function a() and change the implementation of it. ● Hook the onClickListener() function of the button and change its implementation.
  11. 11. Multiple ways to bypass this ● Hook each function c.a() , c.b() , c.c() and b.a() and return false. ● Hook the function a() and change the implementation of it. ● Hook the onClickListener() function of the button and change its implementation. ● Hook the java.lang.System class and change exit() function’s implementation.
  12. 12. Multiple ways to bypass this ● Hook each function c.a() , c.b() , c.c() and b.a() and return false. ● Hook the function a() and change the implementation of it. ● Hook the onClickListener() function of the button and change its implementation. ● Hook the java.lang.System class and change exit() function’s implementation.
  13. 13. Let’s do it !
  14. 14. Challenge 1.2 - Find the secret
  15. 15. Challenge 1.2 - Find the secret
  16. 16. Challenge 1.2 - Find the secret
  17. 17. Let’s crack the challenge !
  18. 18. Finally, we solved the challenge !
  19. 19. PLEASE DON’T FORGET TO HIT THE LIKE BUTTON. FOR MORE VIDEOS, PLEASE SUBSCRIBE TO MY CHANNEL. IF YOU HAVE ANY DOUBTS PLEASE LEAVE IT IN THE COMMENTS SECTION.
  20. 20. THANKS FOR WATCHING

×