4/13/2023 0 Comments Ewallet apk crackedWhen selecting programs to participate on, I normally like to choose programs that have higher barrier to entry to avoid duplicates. Combining the use of Frida to automate the re-calculation of the new signatures, it was possible identify a large number of IDOR issues. However by reverse engineering the APK file and identifying the right methods, it was possible to to calculate the new signatures for modified payloads. Each GET and POST request that was delivered to the server was protected with a calculated signature field.Īny attempts to modify the request parameters would result in a error response. The Razer Pay app utilised signatures to prevent tampering of request payloads. In this write-up I will show how I was able to use Frida to compromise the app, ranging from reading other user’s chat messages, deleting user’s bank accounts, gleaning user’s private info, and even stealing money from other user’s accounts. It was an interesting journey worth blogging due to the use of some interesting techniques including Frida, a tool that I only thought was meant for bypassing SSL-pinning or root detection. This write-up is about hacking the Razer Pay Android app - an E-Wallet app used in Singapore and Malaysia.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |