Hello dear friends, and welcome back for another mobile application security blog, today I’ll show you how to bypass a login form with Frida. For this exercise, I did prepare an easy android Application that you can download from this link. After the download run the app on gennymotion emulator.
The next step is to attach frida to app process
- frida-ps -U
- frida -U -f com.example.fridademo –no-pause
Now our goal is to change the return value of this function
For to do that we will use the following code:
setImmediate(function(){
Java.perform(function(){
var activity = Java.use(“com.example.fridademo.MainActivity”);
activity.isThePasswordCorrect.implementation = function () {
return true;
}
});
});
At this point dosen’t matter what password we will insert, the function will return always true
Fantastic we hacked the android app.
If did you enjoy this blog let me know