[4c] PIN bruteforce
The lab kit comes with a pre-written bruteforce and this step of the lab will cover how to run it. If you're more interested in the technical details, check out [4c.1] - PIN bruteforce (in depth)
In the frida REPL, simply type bruteforcePIN() and press enter.
Hey, that was pretty easy and fast right? Sadly, they aren’t all this quick.
In fact, you may have noticed from the static analysis section that the encryptPin function simply computes SHA1 and returns the "hex string" equivalent.
This explains why it is so quick for us to bruteforce all 10,000 possibilities.
More secure apps tend to use much more complex and computationally expensive algorithms called Key Derivation Functions (KDF) to ensure that this type of bruteforce script would be much, much slower.
Last modified 3yr ago