Solving OWASP MSTG
CrackMe using Frida
Level 01
Chandrapal Badshah

Tools required
1. Genymotion Android Emulator (AVD also works)
2. Android Platform Tools - adb
3. Frida
4. OWASP MSTG CrackMe Level 01 apk file
5. Jadx-GUI
Links given below in the description

Before we jump into solving the challenge, let’s see
what’s the challenge

The Challenge

Why not static analysis ?

Let’s see a demo and dive into the code

Challenge 1.1 - Bypass the root & debug detection
Please pause the video and think of a way to bypass it

Multiple ways to bypass this
● Hook each function c.a() , c.b() , c.c() and b.a() and return false.

Multiple ways to bypass this
● Hook each function c.a() , c.b() , c.c() and b.a() and return false.
● Hook the function a() and change the implementation of it.

Multiple ways to bypass this
● Hook each function c.a() , c.b() , c.c() and b.a() and return false.
● Hook the function a() and change the implementation of it.
● Hook the onClickListener() function of the button and change its
implementation.

Multiple ways to bypass this
● Hook each function c.a() , c.b() , c.c() and b.a() and return false.
● Hook the function a() and change the implementation of it.
● Hook the onClickListener() function of the button and change its
implementation.
● Hook the java.lang.System class and change exit() function’s
implementation.

Multiple ways to bypass this
● Hook each function c.a() , c.b() , c.c() and b.a() and return false.
● Hook the function a() and change the implementation of it.
● Hook the onClickListener() function of the button and change its
implementation.
● Hook the java.lang.System class and change exit() function’s
implementation.

Let’s do it !

Challenge 1.2 - Find the secret

Challenge 1.2 - Find the secret

Challenge 1.2 - Find the secret

Let’s crack the challenge !

Finally, we solved the challenge !

PLEASE DON’T FORGET TO HIT THE LIKE BUTTON.
FOR MORE VIDEOS, PLEASE SUBSCRIBE TO MY CHANNEL.
IF YOU HAVE ANY DOUBTS PLEASE LEAVE IT IN THE COMMENTS SECTION.

THANKS FOR WATCHING