[4c] PIN bruteforce
In the frida REPL, simply type bruteforcePIN() and press enter.
Hey, that was pretty easy and fast right? Sadly, they aren’t all this quick.
In fact, you may have noticed from the static analysis section that the encryptPin function simply computes SHA1 and returns the "hex string" equivalent.
This explains why it is so quick for us to bruteforce all 10,000 possibilities.
More secure apps tend to use much more complex and computationally expensive algorithms called Key Derivation Functions (KDF) to ensure that this type of bruteforce script would be much, much slower.