Tweets

You blocked @fs0c131y

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @fs0c131y

  1. Pinned Tweet
    2 hours ago

    Thread: I'm back from lunch, it's time to show you how to remove the root detection and the anti tampering mechanism from the mAadhaar app, the official app of . 1/n

    Show this thread
    Undo
  2. Retweeted
    1 hour ago

    New: obtained internal Facebook docs that focus on multiple elections that took place in 2018, and how Facebook prepared its content moderators. Zuckerberg says its about protecting democracy; slides show also concerned with putting out "PR fires"

    Show this thread
    Undo
  3. Retweeted
    30 minutes ago
    Replying to
    Undo
  4. 33 minutes ago

    I should write a blog post on this 😄

    Show this thread
    Undo
  5. 42 minutes ago

    It took me 5 minutes to bypass these limitations. if you want to secure your app and so the data of you fellow citizens, hire some real professionals 22/22

    Show this thread
    Undo
  6. 44 minutes ago

    I only change the background image in the splash screen because I'm a nice guy but imagine if I added malicious code inside? A malicious actor can create a malware based on the mAadhaar app without any problems🤦‍♂️ 21/n

    Show this thread
    Undo
  7. 47 minutes ago

    And voila, we have our custom mAadhaar app!

    Show this thread
    Undo
  8. 58 minutes ago

    In the res/drawable folder, I replaced the photo splash_bg.jpg, I recompiled and resigned the app 19/n

    Show this thread
    Undo
  9. 59 minutes ago

    When you open the app, you have the photo of a kid in the splash screen, let's replace that with the photo of my choice 😈 18/n

    Show this thread
    Undo
  10. 1 hour ago

    Open the file SplashScreenActivity.smali and remove the correct lines of code 17/n

    Show this thread
    Undo
  11. 1 hour ago

    Thanks to apktool, we can decompile the app to obtain the smali code 16/n

    Show this thread
    Undo
  12. 1 hour ago

    Now we understood the whole thing, it's time to create our custom mAadhaar app! 15/n

    Show this thread
    Undo
  13. 1 hour ago

    To bypass this check, we will remove this check in the smali code 14/n

    Show this thread
    Undo
  14. 1 hour ago

    According to the doc, you just have to add these 4 lines to use the library. Look similar to something no? Yes, this is our "new b(((Context)this)).a()" 13/n

    Show this thread
    Undo
  15. 1 hour ago

    This method is coming from a package called "com.scottyab.rootbeer". The developers used the rootbeer library to detect if the device is rooted 12/n

    Show this thread
    Undo
  16. 1 hour ago

    Time to understand, what is this "new b(((Context)this)).a()" 11/n

    Show this thread
    Undo
  17. 1 hour ago

    There is 2 ways to remove this anti-tampering mechanism. Updating the hardcoded sha-256 in the in . gov . uidai . mAadhaarPlus . h . a with the sha-256 of your signature or simply remove the check in the onCreate method 10/n

    Show this thread
    Undo
  18. 2 hours ago

    As you can see these 2 methods are coming from the same f class. This class is clearly a homemade anti-tampering mechanism. By comparing the sha-256 signature of the app with a hardcoded sha-256, they want to prevent people from modifying and redistributing the app... 9/n

    Show this thread
    Undo
  19. 2 hours ago

    v4 is equals to 0 when f.a(((Context)this) or f.b(((Context)this) are false 8/n

    Show this thread
    Undo
  20. 2 hours ago

    This means that the "normal execution" of the app is when the code is going in the else if loop. Now, we want to understand when v4 = 0 and new b(((Context)this)).a() is equals to true 7/n

    Show this thread
    Undo
  21. 2 hours ago

    First observation: the finish() method is called at the end of the method. According to the documentation, the finish() is called "when your activity is done and should be closed". So, if you go in the if or the else if conditions your app will close automatically 6/n

    Show this thread
    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.