[4b] Cast a wide net with DBI

Search…
Back in DBI land, we are ready to 'cast a wider net' by doing a less specific trace.
This time, instead of using traceMethod, we will instead use traceClass.
Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.decrypt [2 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.encrypt [2 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.encryptPin [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.getBucketIdForPin [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.getEncryptedKeysForPin [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.getPinKeyForPin [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.padKeyForDes [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.patternMatches [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.persistPin [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.pinsMatch [1 overload(s)] Tracing com.github.browep.privatephotovault.crypto.CryptoUtils.setEncryptedKeysForPin [1 overload(s)]
Perfect - looks like everything got hooked. Let's try entering a bad PIN again.
Frida has turned our app into quite the storyteller! If we peruse the list, it looks like the functions are called in this order:
getBucketIdForPin - eventually returns null
pinsMatch - eventually returns false
encryptPin - returns "7110eda4d09e062aa5e4a390b0a572ac0d2c0220"
pinsMatch - returns false
​
​
Lab - Previous
[4a] Moar Static Analysis
Next - Lab
[4c] PIN bruteforce
Last modified 2yr ago
Copy link