My Java skills are really rusty, I’ve even got bitten by the classic == vs. String,equals() mistake. But slowly I’m getting somewhere, using framework to rewrite APKs and get debugging output from them.


For reference, I succeeded adding instrumentation to an existing release APK. So I’m no longer flying blind. Will document things in a blog post soon.

Now I’m back to figuring out how to exploit the vulnerabilities, it’s less straightforward than I thought.

· · Web · 0 · 0 · 0
Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.