Lab
Bonus Labs
Frida-tools Reference
Other Processes Reference
[4b] Cast a wide net with DBI
Back in DBI land, we are ready to 'cast a wider net' by doing a less specific trace.
This time, instead of using
traceMethod, we will instead use traceClass.Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.decrypt [2 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.encrypt [2 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.encryptPin [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.getBucketIdForPin [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.getEncryptedKeysForPin [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.getPinKeyForPin [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.padKeyForDes [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.patternMatches [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.persistPin [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.pinsMatch [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.setEncryptedKeysForPin [1 overload(s)]Perfect - looks like everything got hooked. Let's try entering a bad PIN again.
Frida has turned our app into quite the storyteller! If we peruse the list, it looks like the functions are called in this order:
- getBucketIdForPin - eventually returns null
- pinsMatch - eventually returns false
- encryptPin - returns
"7110eda4d09e062aa5e4a390b0a572ac0d2c0220" - pinsMatch - returns false
​
​
Last modified 2yr ago
Copy link