Tweets

You blocked @fs0c131y

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @fs0c131y

  1. Pinned Tweet
    2 hours ago

    Thread: I'm back from lunch, it's time to show you how to remove the root detection and the anti tampering mechanism from the mAadhaar app, the official app of . 1/n

    Show this thread
    Undo
  2. Retweeted
    1 hour ago

    New: obtained internal Facebook docs that focus on multiple elections that took place in 2018, and how Facebook prepared its content moderators. Zuckerberg says its about protecting democracy; slides show also concerned with putting out "PR fires"

    Show this thread
    Undo
  3. Retweeted
    30 minutes ago
    Replying to
    Undo
  4. 33 minutes ago

    I should write a blog post on this 😄

    Show this thread
    Undo
  5. 42 minutes ago

    It took me 5 minutes to bypass these limitations. if you want to secure your app and so the data of you fellow citizens, hire some real professionals 22/22

    Show this thread
    Undo
  6. 44 minutes ago

    I only change the background image in the splash screen because I'm a nice guy but imagine if I added malicious code inside? A malicious actor can create a malware based on the mAadhaar app without any problems🤦‍♂️ 21/n

    Show this thread
    Undo
  7. 47 minutes ago

    And voila, we have our custom mAadhaar app!

    Show this thread
    Undo
  8. 58 minutes ago

    In the res/drawable folder, I replaced the photo splash_bg.jpg, I recompiled and resigned the app 19/n

    Show this thread
    Undo
  9. 59 minutes ago

    When you open the app, you have the photo of a kid in the splash screen, let's replace that with the photo of my choice 😈 18/n

    Show this thread
    Undo
  10. 1 hour ago

    Open the file SplashScreenActivity.smali and remove the correct lines of code 17/n

    Show this thread
    Undo
  11. 1 hour ago

    Thanks to apktool, we can decompile the app to obtain the smali code 16/n

    Show this thread
    Undo
  12. 1 hour ago

    Now we understood the whole thing, it's time to create our custom mAadhaar app! 15/n

    Show this thread
    Undo
  13. 1 hour ago

    To bypass this check, we will remove this check in the smali code 14/n

    Show this thread
    Undo
  14. 1 hour ago

    According to the doc, you just have to add these 4 lines to use the library. Look similar to something no? Yes, this is our "new b(((Context)this)).a()" 13/n

    Show this thread
    Undo
  15. 1 hour ago

    This method is coming from a package called "com.scottyab.rootbeer". The developers used the rootbeer library to detect if the device is rooted 12/n

    Show this thread
    Undo
  16. 1 hour ago

    Time to understand, what is this "new b(((Context)this)).a()" 11/n

    Show this thread
    Undo
  17. 1 hour ago

    There is 2 ways to remove this anti-tampering mechanism. Updating the hardcoded sha-256 in the in . gov . uidai . mAadhaarPlus . h . a with the sha-256 of your signature or simply remove the check in the onCreate method 10/n

    Show this thread
    Undo
  18. 2 hours ago

    As you can see these 2 methods are coming from the same f class. This class is clearly a homemade anti-tampering mechanism. By comparing the sha-256 signature of the app with a hardcoded sha-256, they want to prevent people from modifying and redistributing the app... 9/n