You own the hardware but do you feel like having control over it. Isn't it like Apps leading the way and you following them.
Each app there does 10 things in background to provide you 1 feature. Let me blow the lid off, Apps record when you open them, when you tap, where you tap, list continues. Companies spend time in building such analytics as they do for functional requirements.
In this post, let me show that you can be smarter than your smartphone apps. It's your hardware added with apps' code that does the magic. You can actually fool any app's code to work the way you want. Let me walk you through some proofs.
- Android (rooted) 8.1.0 with Xposed module
- Mac - ApkTool, Frida
Save money, make it free
Don't dream of free food in swiggy or free tinder gold.
First app in the list is seasame shortcuts, I was able to get the premium version by simply modifying a file. It used Android SharedPref to store the activation state. Open file->change 0 to 1->Save. This saved 140 INR.
Life won't be that easy always. Next app in the list is CamScanner, after minutes of decompiling and analysing, I found the piece of code corresponding to activation.
It stores the license in SharedPref and each time it checks the license validity by calling
ScannerEngine.verifySN(). Now as I said, we can control each piece of code running on our hardware. Let's make the
verifySN() function return true always.
I used Frida for this job. Frida can hook into the Dalvik VM or ART(newer versions) and can load our
fake_verifySN() instead of the original
verifySN(). Wrote the hooking code and let me show it in action.
Boom, this activated the CamScanner.
Faking game scores
After saving some money, it's time t0 show off. Offline games posts your score to the leaderboard. By hooking into the correct method, you top the leaderboard.
I tried with 2cars. Game engines are mostly written in CPP and this makes the decompilation harder. A step into 2cars, I found it uses cocos2dx engine. But fortunately the method that submits score to the leaderboard is written in Java.
I hooked the
submitScore() to post the score I want. The score is submitted to Google play games leaderboard. I couldn't wait to top the board.
Sadly the max score is 5000 and already 107 people were before me. They did play the game or used my way, who knows :P
Similar to this way, we can control all data sent and received by your apps. Having a proxy in between the app and it's server, we can modify what they communicate. I'll try to write a post on it soon.