[4b] Cast a wide net with DBI
Back in DBI land, we are ready to 'cast a wider net' by doing a less specific trace.
This time, instead of using traceMethod, we will instead use traceClass.
Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.decrypt [2 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.encrypt [2 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.encryptPin [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.getBucketIdForPin [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.getEncryptedKeysForPin [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.getPinKeyForPin [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.padKeyForDes [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.patternMatches [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.persistPin [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.pinsMatch [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.setEncryptedKeysForPin [1 overload(s)]
Perfect - looks like everything got hooked. Let's try entering a bad PIN again.
Frida has turned our app into quite the storyteller! If we peruse the list, it looks like the functions are called in this order:
  • getBucketIdForPin - eventually returns null
  • pinsMatch - eventually returns false
  • encryptPin - returns "7110eda4d09e062aa5e4a390b0a572ac0d2c0220"
  • pinsMatch - returns false
Last modified 1yr ago
Copy link