Runtime manipulation using JDWP
Recent apps in the market are designed to make their own decisions during runtime. In this section, let's try and see what can be done to our target app during runtime. For this attack demonstration, we will be using an app developed by Open Security Research:
- Download the
runtime.apk
file and install it to Genymotion. - The functionality of the app is that if you enter the correct PIN, it responds with the message Correct PIN entered; if the value does not match, it throws an error message Incorrect PIN please try again later, as shown in this screenshot:
- This technique can be bypassed during runtime. We will now use ...
Get Mobile Application Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.