In this blog post, we will explore how to bypass the pin screen through Frida brute force and how to circumvent the authentication mechanism through Drozer in sieve.apk, a password manager application that contains common Android vulnerabilities, when the developer exports Android activity in an insecure way.
Pin Brute Forcing through Frida
Github repo: https://github.com/sixnative/Frida-Android-Hooks
As a result, we were able to bypass pin protection mechanisms and reach the passwords.
The idea behind the Frida brute force code is that we override the submit method of ShortLoginActivity so that it tries all the possible pin values in a for loop until it finds the correct pin and redirects the applications to the screen where passwords are there for us.
Authentication Bypass via Exported Android Activities
This work has been supported in part by the Energy Transition Fund of the FPS Economy of Belgium through the CYPRESS project, and in part by the VLAIO COOCK program through the IIoT-SBOM project.
Thanks for reading.
Can Özkan
