SlideShare a Scribd company logo
Solving OWASP MSTG
CrackMe using Frida
Level 01
Chandrapal Badshah
Tools required
1. Genymotion Android Emulator (AVD also works)
2. Android Platform Tools - adb
3. Frida
4. OWASP MSTG CrackMe Level 01 apk file
5. Jadx-GUI
Links given below in the description
Before we jump into solving the challenge, let’s see
what’s the challenge
The Challenge
Why not static analysis ?
Let’s see a demo and dive into the code
Challenge 1.1 - Bypass the root & debug detection
Please pause the video and think of a way to bypass it
Multiple ways to bypass this
● Hook each function c.a() , c.b() , c.c() and b.a() and return false.
Multiple ways to bypass this
● Hook each function c.a() , c.b() , c.c() and b.a() and return false.
● Hook the function a() and change the implementation of it.
Multiple ways to bypass this
● Hook each function c.a() , c.b() , c.c() and b.a() and return false.
● Hook the function a() and change the implementation of it.
● Hook the onClickListener() function of the button and change its
implementation.
Multiple ways to bypass this
● Hook each function c.a() , c.b() , c.c() and b.a() and return false.
● Hook the function a() and change the implementation of it.
● Hook the onClickListener() function of the button and change its
implementation.
● Hook the java.lang.System class and change exit() function’s
implementation.
Multiple ways to bypass this
● Hook each function c.a() , c.b() , c.c() and b.a() and return false.
● Hook the function a() and change the implementation of it.
● Hook the onClickListener() function of the button and change its
implementation.
● Hook the java.lang.System class and change exit() function’s
implementation.
Let’s do it !
Challenge 1.2 - Find the secret
Challenge 1.2 - Find the secret
Challenge 1.2 - Find the secret
Let’s crack the challenge !
Finally, we solved the challenge !
PLEASE DON’T FORGET TO HIT THE LIKE BUTTON.
FOR MORE VIDEOS, PLEASE SUBSCRIBE TO MY CHANNEL.
IF YOU HAVE ANY DOUBTS PLEASE LEAVE IT IN THE COMMENTS SECTION.
THANKS FOR WATCHING

More Related Content

Similar to Solving OWASP MSTG CrackMe using Frida

GDE Lab 1 – Traffic Light Pg. 1 Lab 1 Traffic L.docx
GDE Lab 1 – Traffic Light  Pg. 1     Lab 1 Traffic L.docxGDE Lab 1 – Traffic Light  Pg. 1     Lab 1 Traffic L.docx
GDE Lab 1 – Traffic Light Pg. 1 Lab 1 Traffic L.docx
budbarber38650
 
Basic of Applet
Basic of AppletBasic of Applet
Basic of Applet
suraj pandey
 
6. Compile And Run
6. Compile And Run6. Compile And Run
6. Compile And Run
Alexandre Linhares
 
Qtp interview questions and answers
Qtp interview questions and answersQtp interview questions and answers
Qtp interview questions and answers
ITeLearn
 
Performance: How to build an app instead of slideshow
Performance: How to build an app instead of slideshowPerformance: How to build an app instead of slideshow
Performance: How to build an app instead of slideshow
Artjoker
 
Velocity 2015: Building Self-Healing Systems
Velocity 2015: Building Self-Healing SystemsVelocity 2015: Building Self-Healing Systems
Velocity 2015: Building Self-Healing Systems
SOASTA
 
Velocity 2015 building self healing systems (slide share version)
Velocity 2015 building self healing systems (slide share version)Velocity 2015 building self healing systems (slide share version)
Velocity 2015 building self healing systems (slide share version)
SOASTA
 
Repair dagstuhl jan2017
Repair dagstuhl jan2017Repair dagstuhl jan2017
Repair dagstuhl jan2017
Abhik Roychoudhury
 
State Monad
State MonadState Monad
State Monad
Philip Schwarz
 
Introducing Scratch
Introducing ScratchIntroducing Scratch
Do I need tests when I have the compiler - Andrzej Jóźwiak - TomTom Dev Day 2020
Do I need tests when I have the compiler - Andrzej Jóźwiak - TomTom Dev Day 2020Do I need tests when I have the compiler - Andrzej Jóźwiak - TomTom Dev Day 2020
Do I need tests when I have the compiler - Andrzej Jóźwiak - TomTom Dev Day 2020
Andrzej Jóźwiak
 
An Event Apart Boston: Principles of Unobtrusive JavaScript
An Event Apart Boston: Principles of Unobtrusive JavaScriptAn Event Apart Boston: Principles of Unobtrusive JavaScript
An Event Apart Boston: Principles of Unobtrusive JavaScript
Peter-Paul Koch
 
Gdb tutorial-handout
Gdb tutorial-handoutGdb tutorial-handout
Gdb tutorial-handout
Suraj Kumar
 
DotNet unit testing training
DotNet unit testing trainingDotNet unit testing training
DotNet unit testing training
Tom Tang
 
Só Os Imaturos NãO Testam
Só Os Imaturos NãO TestamSó Os Imaturos NãO Testam
Só Os Imaturos NãO Testam
Carlos Brando
 
Java Concurrency and Asynchronous
Java Concurrency and AsynchronousJava Concurrency and Asynchronous
Java Concurrency and Asynchronous
Lifan Yang
 
Concurrency
ConcurrencyConcurrency
Concurrency
Isaac Liao
 
[COSCUP 2020] How to use llvm frontend library-libtooling
[COSCUP 2020] How to use llvm frontend library-libtooling[COSCUP 2020] How to use llvm frontend library-libtooling
[COSCUP 2020] How to use llvm frontend library-libtooling
Douglas Chen
 
Debugging Modern C++ Application with Gdb
Debugging Modern C++ Application with GdbDebugging Modern C++ Application with Gdb
Debugging Modern C++ Application with Gdb
SenthilKumar Selvaraj
 
GWTcon 2015 - Beyond GWT 3.0 Panic
GWTcon 2015 - Beyond GWT 3.0 PanicGWTcon 2015 - Beyond GWT 3.0 Panic
GWTcon 2015 - Beyond GWT 3.0 Panic
Cristiano Costantini
 

Similar to Solving OWASP MSTG CrackMe using Frida (20)

GDE Lab 1 – Traffic Light Pg. 1 Lab 1 Traffic L.docx
GDE Lab 1 – Traffic Light  Pg. 1     Lab 1 Traffic L.docxGDE Lab 1 – Traffic Light  Pg. 1     Lab 1 Traffic L.docx
GDE Lab 1 – Traffic Light Pg. 1 Lab 1 Traffic L.docx
 
Basic of Applet
Basic of AppletBasic of Applet
Basic of Applet
 
6. Compile And Run
6. Compile And Run6. Compile And Run
6. Compile And Run
 
Qtp interview questions and answers
Qtp interview questions and answersQtp interview questions and answers
Qtp interview questions and answers
 
Performance: How to build an app instead of slideshow
Performance: How to build an app instead of slideshowPerformance: How to build an app instead of slideshow
Performance: How to build an app instead of slideshow
 
Velocity 2015: Building Self-Healing Systems
Velocity 2015: Building Self-Healing SystemsVelocity 2015: Building Self-Healing Systems
Velocity 2015: Building Self-Healing Systems
 
Velocity 2015 building self healing systems (slide share version)
Velocity 2015 building self healing systems (slide share version)Velocity 2015 building self healing systems (slide share version)
Velocity 2015 building self healing systems (slide share version)
 
Repair dagstuhl jan2017
Repair dagstuhl jan2017Repair dagstuhl jan2017
Repair dagstuhl jan2017
 
State Monad
State MonadState Monad
State Monad
 
Introducing Scratch
Introducing ScratchIntroducing Scratch
Introducing Scratch
 
Do I need tests when I have the compiler - Andrzej Jóźwiak - TomTom Dev Day 2020
Do I need tests when I have the compiler - Andrzej Jóźwiak - TomTom Dev Day 2020Do I need tests when I have the compiler - Andrzej Jóźwiak - TomTom Dev Day 2020
Do I need tests when I have the compiler - Andrzej Jóźwiak - TomTom Dev Day 2020
 
An Event Apart Boston: Principles of Unobtrusive JavaScript
An Event Apart Boston: Principles of Unobtrusive JavaScriptAn Event Apart Boston: Principles of Unobtrusive JavaScript
An Event Apart Boston: Principles of Unobtrusive JavaScript
 
Gdb tutorial-handout
Gdb tutorial-handoutGdb tutorial-handout
Gdb tutorial-handout
 
DotNet unit testing training
DotNet unit testing trainingDotNet unit testing training
DotNet unit testing training
 
Só Os Imaturos NãO Testam
Só Os Imaturos NãO TestamSó Os Imaturos NãO Testam
Só Os Imaturos NãO Testam
 
Java Concurrency and Asynchronous
Java Concurrency and AsynchronousJava Concurrency and Asynchronous
Java Concurrency and Asynchronous
 
Concurrency
ConcurrencyConcurrency
Concurrency
 
[COSCUP 2020] How to use llvm frontend library-libtooling
[COSCUP 2020] How to use llvm frontend library-libtooling[COSCUP 2020] How to use llvm frontend library-libtooling
[COSCUP 2020] How to use llvm frontend library-libtooling
 
Debugging Modern C++ Application with Gdb
Debugging Modern C++ Application with GdbDebugging Modern C++ Application with Gdb
Debugging Modern C++ Application with Gdb
 
GWTcon 2015 - Beyond GWT 3.0 Panic
GWTcon 2015 - Beyond GWT 3.0 PanicGWTcon 2015 - Beyond GWT 3.0 Panic
GWTcon 2015 - Beyond GWT 3.0 Panic
 

More from Chandrapal Badshah

Dangling DNS records takeover at scale
Dangling DNS records takeover at scaleDangling DNS records takeover at scale
Dangling DNS records takeover at scale
Chandrapal Badshah
 
Detecting secrets in code committed to gitlab (in real time)
Detecting secrets in code committed to gitlab (in real time)Detecting secrets in code committed to gitlab (in real time)
Detecting secrets in code committed to gitlab (in real time)
Chandrapal Badshah
 
How to get started in InfoSec ?
How to get started in InfoSec ?How to get started in InfoSec ?
How to get started in InfoSec ?
Chandrapal Badshah
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
Chandrapal Badshah
 
OSINT Mindset to protect your Organization
OSINT Mindset to protect your OrganizationOSINT Mindset to protect your Organization
OSINT Mindset to protect your Organization
Chandrapal Badshah
 
OWASP Serverless Top 10
OWASP Serverless Top 10OWASP Serverless Top 10
OWASP Serverless Top 10
Chandrapal Badshah
 
Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)
Chandrapal Badshah
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
Chandrapal Badshah
 
pwnd.sh
pwnd.shpwnd.sh
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application Firewall
Chandrapal Badshah
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army Tool
Chandrapal Badshah
 

More from Chandrapal Badshah (11)

Dangling DNS records takeover at scale
Dangling DNS records takeover at scaleDangling DNS records takeover at scale
Dangling DNS records takeover at scale
 
Detecting secrets in code committed to gitlab (in real time)
Detecting secrets in code committed to gitlab (in real time)Detecting secrets in code committed to gitlab (in real time)
Detecting secrets in code committed to gitlab (in real time)
 
How to get started in InfoSec ?
How to get started in InfoSec ?How to get started in InfoSec ?
How to get started in InfoSec ?
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
 
OSINT Mindset to protect your Organization
OSINT Mindset to protect your OrganizationOSINT Mindset to protect your Organization
OSINT Mindset to protect your Organization
 
OWASP Serverless Top 10
OWASP Serverless Top 10OWASP Serverless Top 10
OWASP Serverless Top 10
 
Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
 
pwnd.sh
pwnd.shpwnd.sh
pwnd.sh
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application Firewall
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army Tool
 

Recently uploaded

ppt on the brain chip neuralink.pptx
ppt  on   the brain  chip neuralink.pptxppt  on   the brain  chip neuralink.pptx
ppt on the brain chip neuralink.pptx
Reetu63
 
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSISDECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
Tier1 app
 
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
kgyxske
 
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
The Third Creative Media
 
Penify - Let AI do the Documentation, you write the Code.
Penify - Let AI do the Documentation, you write the Code.Penify - Let AI do the Documentation, you write the Code.
Penify - Let AI do the Documentation, you write the Code.
KrishnaveniMohan1
 
What is Continuous Testing in DevOps - A Definitive Guide.pdf
What is Continuous Testing in DevOps - A Definitive Guide.pdfWhat is Continuous Testing in DevOps - A Definitive Guide.pdf
What is Continuous Testing in DevOps - A Definitive Guide.pdf
kalichargn70th171
 
Streamlining End-to-End Testing Automation
Streamlining End-to-End Testing AutomationStreamlining End-to-End Testing Automation
Streamlining End-to-End Testing Automation
Anand Bagmar
 
What’s New in VictoriaLogs - Q2 2024 Update
What’s New in VictoriaLogs - Q2 2024 UpdateWhat’s New in VictoriaLogs - Q2 2024 Update
What’s New in VictoriaLogs - Q2 2024 Update
VictoriaMetrics
 
Going AOT: Everything you need to know about GraalVM for Java applications
Going AOT: Everything you need to know about GraalVM for Java applicationsGoing AOT: Everything you need to know about GraalVM for Java applications
Going AOT: Everything you need to know about GraalVM for Java applications
Alina Yurenko
 
Strengthening Web Development with CommandBox 6: Seamless Transition and Scal...
Strengthening Web Development with CommandBox 6: Seamless Transition and Scal...Strengthening Web Development with CommandBox 6: Seamless Transition and Scal...
Strengthening Web Development with CommandBox 6: Seamless Transition and Scal...
Ortus Solutions, Corp
 
Hyperledger Besu 빨리 따라하기 (Private Networks)
Hyperledger Besu 빨리 따라하기 (Private Networks)Hyperledger Besu 빨리 따라하기 (Private Networks)
Hyperledger Besu 빨리 따라하기 (Private Networks)
wonyong hwang
 
Stork Product Overview: An AI-Powered Autonomous Delivery Fleet
Stork Product Overview: An AI-Powered Autonomous Delivery FleetStork Product Overview: An AI-Powered Autonomous Delivery Fleet
Stork Product Overview: An AI-Powered Autonomous Delivery Fleet
Vince Scalabrino
 
The Role of DevOps in Digital Transformation.pdf
The Role of DevOps in Digital Transformation.pdfThe Role of DevOps in Digital Transformation.pdf
The Role of DevOps in Digital Transformation.pdf
mohitd6
 
Microsoft-Power-Platform-Adoption-Planning.pptx
Microsoft-Power-Platform-Adoption-Planning.pptxMicrosoft-Power-Platform-Adoption-Planning.pptx
Microsoft-Power-Platform-Adoption-Planning.pptx
jrodriguezq3110
 
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
kalichargn70th171
 
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Paul Brebner
 
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
campbellclarkson
 
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
Enhanced Screen Flows UI/UX using SLDS with Tom KittEnhanced Screen Flows UI/UX using SLDS with Tom Kitt
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
Peter Caitens
 
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and  Mule 4.6 & Java 17 Upgrade.pptxMigration From CH 1.0 to CH 2.0 and  Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
ervikas4
 
Photoshop Tutorial for Beginners (2024 Edition)
Photoshop Tutorial for Beginners (2024 Edition)Photoshop Tutorial for Beginners (2024 Edition)
Photoshop Tutorial for Beginners (2024 Edition)
alowpalsadig
 

Recently uploaded (20)

ppt on the brain chip neuralink.pptx
ppt  on   the brain  chip neuralink.pptxppt  on   the brain  chip neuralink.pptx
ppt on the brain chip neuralink.pptx
 
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSISDECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
 
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
 
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
 
Penify - Let AI do the Documentation, you write the Code.
Penify - Let AI do the Documentation, you write the Code.Penify - Let AI do the Documentation, you write the Code.
Penify - Let AI do the Documentation, you write the Code.
 
What is Continuous Testing in DevOps - A Definitive Guide.pdf
What is Continuous Testing in DevOps - A Definitive Guide.pdfWhat is Continuous Testing in DevOps - A Definitive Guide.pdf
What is Continuous Testing in DevOps - A Definitive Guide.pdf
 
Streamlining End-to-End Testing Automation
Streamlining End-to-End Testing AutomationStreamlining End-to-End Testing Automation
Streamlining End-to-End Testing Automation
 
What’s New in VictoriaLogs - Q2 2024 Update
What’s New in VictoriaLogs - Q2 2024 UpdateWhat’s New in VictoriaLogs - Q2 2024 Update
What’s New in VictoriaLogs - Q2 2024 Update
 
Going AOT: Everything you need to know about GraalVM for Java applications
Going AOT: Everything you need to know about GraalVM for Java applicationsGoing AOT: Everything you need to know about GraalVM for Java applications
Going AOT: Everything you need to know about GraalVM for Java applications
 
Strengthening Web Development with CommandBox 6: Seamless Transition and Scal...
Strengthening Web Development with CommandBox 6: Seamless Transition and Scal...Strengthening Web Development with CommandBox 6: Seamless Transition and Scal...
Strengthening Web Development with CommandBox 6: Seamless Transition and Scal...
 
Hyperledger Besu 빨리 따라하기 (Private Networks)
Hyperledger Besu 빨리 따라하기 (Private Networks)Hyperledger Besu 빨리 따라하기 (Private Networks)
Hyperledger Besu 빨리 따라하기 (Private Networks)
 
Stork Product Overview: An AI-Powered Autonomous Delivery Fleet
Stork Product Overview: An AI-Powered Autonomous Delivery FleetStork Product Overview: An AI-Powered Autonomous Delivery Fleet
Stork Product Overview: An AI-Powered Autonomous Delivery Fleet
 
The Role of DevOps in Digital Transformation.pdf
The Role of DevOps in Digital Transformation.pdfThe Role of DevOps in Digital Transformation.pdf
The Role of DevOps in Digital Transformation.pdf
 
Microsoft-Power-Platform-Adoption-Planning.pptx
Microsoft-Power-Platform-Adoption-Planning.pptxMicrosoft-Power-Platform-Adoption-Planning.pptx
Microsoft-Power-Platform-Adoption-Planning.pptx
 
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
 
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
 
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
 
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
Enhanced Screen Flows UI/UX using SLDS with Tom KittEnhanced Screen Flows UI/UX using SLDS with Tom Kitt
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
 
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and  Mule 4.6 & Java 17 Upgrade.pptxMigration From CH 1.0 to CH 2.0 and  Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
 
Photoshop Tutorial for Beginners (2024 Edition)
Photoshop Tutorial for Beginners (2024 Edition)Photoshop Tutorial for Beginners (2024 Edition)
Photoshop Tutorial for Beginners (2024 Edition)
 

Solving OWASP MSTG CrackMe using Frida

  • 1. Solving OWASP MSTG CrackMe using Frida Level 01 Chandrapal Badshah
  • 2. Tools required 1. Genymotion Android Emulator (AVD also works) 2. Android Platform Tools - adb 3. Frida 4. OWASP MSTG CrackMe Level 01 apk file 5. Jadx-GUI Links given below in the description
  • 3. Before we jump into solving the challenge, let’s see what’s the challenge
  • 5. Why not static analysis ?
  • 6. Let’s see a demo and dive into the code
  • 7. Challenge 1.1 - Bypass the root & debug detection Please pause the video and think of a way to bypass it
  • 8. Multiple ways to bypass this ● Hook each function c.a() , c.b() , c.c() and b.a() and return false.
  • 9. Multiple ways to bypass this ● Hook each function c.a() , c.b() , c.c() and b.a() and return false. ● Hook the function a() and change the implementation of it.
  • 10. Multiple ways to bypass this ● Hook each function c.a() , c.b() , c.c() and b.a() and return false. ● Hook the function a() and change the implementation of it. ● Hook the onClickListener() function of the button and change its implementation.
  • 11. Multiple ways to bypass this ● Hook each function c.a() , c.b() , c.c() and b.a() and return false. ● Hook the function a() and change the implementation of it. ● Hook the onClickListener() function of the button and change its implementation. ● Hook the java.lang.System class and change exit() function’s implementation.
  • 12. Multiple ways to bypass this ● Hook each function c.a() , c.b() , c.c() and b.a() and return false. ● Hook the function a() and change the implementation of it. ● Hook the onClickListener() function of the button and change its implementation. ● Hook the java.lang.System class and change exit() function’s implementation.
  • 14. Challenge 1.2 - Find the secret
  • 15. Challenge 1.2 - Find the secret
  • 16. Challenge 1.2 - Find the secret
  • 17. Let’s crack the challenge !
  • 18. Finally, we solved the challenge !
  • 19. PLEASE DON’T FORGET TO HIT THE LIKE BUTTON. FOR MORE VIDEOS, PLEASE SUBSCRIBE TO MY CHANNEL. IF YOU HAVE ANY DOUBTS PLEASE LEAVE IT IN THE COMMENTS SECTION.