📲
Android Reversing with Frida for Examiners
Authors:M. WilliamsonC. Atha
  • Android Reversing for Examiners
  • Setting Up
    • Prerequisites
    • Our Target: Private Photo Vault
  • Lab
    • [1] Lab setup and initial app exploration
      • [1.1] Upload frida-server to the emulator or device and run using nohup
      • [1.2] Review files in the app data directory
    • [2] Perform static analysis to locate some functions of interest
    • [3] Deploy method hooks using frida REPL
    • [4a] Moar Static Analysis
    • [4b] Cast a wide net with DBI
    • [4c] PIN bruteforce
      • [4c.1] PIN bruteforce (in depth)
  • Bonus Labs
  • Ready for more?
  • Frida-tools Reference
    • Installation & Common Flags
    • frida
    • frida-ps
    • frida-trace
  • Other Processes Reference
    • Extracting an APK specimen from the device
    • Troubleshooting frida connectivity
  • What's Next
    • Recommended Toolkits and Scripts
    • Additional Resources / Questions
  • Contact Us
Powered by GitBook
On this page

Was this helpful?

  1. Lab

[4c] PIN bruteforce

Previous[4b] Cast a wide net with DBINext[4c.1] PIN bruteforce (in depth)

Last updated 5 years ago

Was this helpful?

The lab kit comes with a pre-written bruteforce and this step of the lab will cover how to run it. If you're more interested in the technical details, check out

In the frida REPL, simply type bruteforcePIN() and press enter.

Hey, that was pretty easy and fast right? Sadly, they aren’t all this quick.

In fact, you may have noticed from the static analysis section that the encryptPin function simply computes SHA1 and returns the "hex string" equivalent.

This explains why it is so quick for us to bruteforce all 10,000 possibilities.

More secure apps tend to use much more complex and computationally expensive algorithms called Key Derivation Functions (KDF) to ensure that this type of bruteforce script would be much, much slower.

[4c.1] - PIN bruteforce (in depth)