Successfully reported this slideshow.

Solving OWASP MSTG CrackMe using Frida

0

Share

Feb. 09, 2019
0 likes 532 views
Upcoming SlideShare
RxJava Applied
RxJava Applied
Loading in …3
×
1 of 20
1 of 20

Solving OWASP MSTG CrackMe using Frida

Feb. 09, 2019
0 likes 532 views

0

Share

Download to read offline

Software

This is solution to OWASP MSTG Crack Me Level 1 using dynamic binary instrumentation framework - Frida.

Please check my youtube video for detailed walkthrough.

This is solution to OWASP MSTG Crack Me Level 1 using dynamic binary instrumentation framework - Frida.

Please check my youtube video for detailed walkthrough.

Software

Recommended

More Related Content

More from Chandrapal Badshah

Dangling DNS records takeover at scale
Chandrapal Badshah
Detecting secrets in code committed to gitlab (in real time)
Chandrapal Badshah
How to get started in InfoSec ?
Chandrapal Badshah
OSINT mindset to protect your organization - Null monthly meet version
Chandrapal Badshah
OSINT Mindset to protect your Organization
Chandrapal Badshah
OWASP Serverless Top 10
Chandrapal Badshah
Pentesting Android Apps using Frida (Beginners)
Chandrapal Badshah
Let’s hunt the target using OSINT
Chandrapal Badshah
pwnd.sh
Chandrapal Badshah
Web Application Firewall
Chandrapal Badshah
Netcat - A Swiss Army Tool
Chandrapal Badshah

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 14 day trial from Scribd

See all
World Wide Mind: The Coming Integration of Humanity, Machines, and the Internet Michael Chorost
(4/5)
Free
An Army of Davids: How Markets and Technology Empower Ordinary People to Beat Big Media, Big Government, and Other Goliaths Glenn Reynolds
(4/5)
Free
The Impulse Economy: Understanding Mobile Shoppers and What Makes Them Buy Gary Schwartz
(4.5/5)
Free
Emergence: The Connected Lives of Ants, Brains, Cities, and Software Steven Johnson
(4.5/5)
Free
Tubes: A Journey to the Center of the Internet Andrew Blum
(4/5)
Free
Hamlet's BlackBerry: A Practical Philosophy for Building a Good Life in the Digital Age William Powers
(4/5)
Free
In the Plex: How Google Thinks, Works, and Shapes Our Lives Steven Levy
(4.5/5)
Free
Public Parts: How Sharing in the Digital Age Improves the Way We Work and Live Jeff Jarvis
(3.5/5)
Free
The Nature of the Future: Dispatches from the Socialstructed World Marina Gorbis
(4/5)
Free
Socialnomics: How Social Media Transforms the Way We Live and Do Business Erik Qualman
(4/5)
Free
The Thank You Economy Gary Vaynerchuk
(4/5)
Free
Talking Back to Facebook: The Common Sense Guide to Raising Kids in the Digital Age James P. Steyer
(4.5/5)
Free
The End of Business As Usual: Rewire the Way You Work to Succeed in the Consumer Revolution Brian Solis
(5/5)
Free
Blog Schmog: The Truth About What Blogs Can (and Can't) Do for Your Business Robert W. Bly
(4/5)
Free
How We Became Posthuman: Virtual Bodies in Cybernetics, Literature, and Informatics N. Katherine Hayles
(4.5/5)
Free
Our Final Invention: Artificial Intelligence and the End of the Human Era James Barrat
(4.5/5)
Free

Related Audiobooks

Free with a 14 day trial from Scribd

See all
The Dark Net: Inside the Digital Underworld Jamie Bartlett
(4/5)
Free
Who Owns the Future? Jaron Lanier
(4/5)
Free
An Introduction to Information Theory: Symbols, Signals and Noise John R. Pierce
(4.5/5)
Free
The Social Life of Information: Updated, with a New Preface-Revised John Seely Brown
(0/5)
Free
The History of the Future: Oculus, Facebook, and the Revolution That Swept Virtual Reality Blake J. Harris
(4.5/5)
Free
Ten Arguments for Deleting Your Social Media Accounts Right Now Jaron Lanier
(4/5)
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4.5/5)
Free
The New New Thing: A Silicon Valley Story Michael Lewis
(4.5/5)
Free
Cognitive Surplus: Creativity and Generosity in a Connected Age Clay Shirky
(4/5)
Free
Blockchain Revolution: How the Technology Behind Bitcoin Is Changing Money, Business, and the World Don Tapscott
(4/5)
Free
The Emperor's New Mind: Concerning Computers, Minds, and the Laws of Physics Roger Penrose
(3.5/5)
Free
New Dark Age: Technology and the End of the Future James Bridle
(4.5/5)
Free
Algorithms to Live By: The Computer Science of Human Decisions Brian Christian
(4.5/5)
Free
The Death of Expertise: The Campaign Against Established Knowledge and Why it Matters Tom Nichols
(4.5/5)
Free
Alone Together: Why We Expect More from Technology and Less from Each Other Sherry Turkle
(4.5/5)
Free
Artificial Unintelligence: How Computers Misunderstand the World Meredith Broussard
(4/5)
Free

Solving OWASP MSTG CrackMe using Frida

  1. 1. Solving OWASP MSTG CrackMe using Frida Level 01 Chandrapal Badshah
  2. 2. Tools required 1. Genymotion Android Emulator (AVD also works) 2. Android Platform Tools - adb 3. Frida 4. OWASP MSTG CrackMe Level 01 apk file 5. Jadx-GUI Links given below in the description
  3. 3. Before we jump into solving the challenge, let’s see what’s the challenge
  4. 4. The Challenge
  5. 5. Why not static analysis ?
  6. 6. Let’s see a demo and dive into the code
  7. 7. Challenge 1.1 - Bypass the root & debug detection Please pause the video and think of a way to bypass it
  8. 8. Multiple ways to bypass this ● Hook each function c.a() , c.b() , c.c() and b.a() and return false.
  9. 9. Multiple ways to bypass this ● Hook each function c.a() , c.b() , c.c() and b.a() and return false. ● Hook the function a() and change the implementation of it.
  10. 10. Multiple ways to bypass this ● Hook each function c.a() , c.b() , c.c() and b.a() and return false. ● Hook the function a() and change the implementation of it. ● Hook the onClickListener() function of the button and change its implementation.
  11. 11. Multiple ways to bypass this ● Hook each function c.a() , c.b() , c.c() and b.a() and return false. ● Hook the function a() and change the implementation of it. ● Hook the onClickListener() function of the button and change its implementation. ● Hook the java.lang.System class and change exit() function’s implementation.
  12. 12. Multiple ways to bypass this ● Hook each function c.a() , c.b() , c.c() and b.a() and return false. ● Hook the function a() and change the implementation of it. ● Hook the onClickListener() function of the button and change its implementation. ● Hook the java.lang.System class and change exit() function’s implementation.
  13. 13. Let’s do it !
  14. 14. Challenge 1.2 - Find the secret
  15. 15. Challenge 1.2 - Find the secret
  16. 16. Challenge 1.2 - Find the secret
  17. 17. Let’s crack the challenge !
  18. 18. Finally, we solved the challenge !
  19. 19. PLEASE DON’T FORGET TO HIT THE LIKE BUTTON. FOR MORE VIDEOS, PLEASE SUBSCRIBE TO MY CHANNEL. IF YOU HAVE ANY DOUBTS PLEASE LEAVE IT IN THE COMMENTS SECTION.
  20. 20. THANKS FOR WATCHING

×