,
14 tweets,
6 min read
Read on Twitter
The goal of this thread is to share with you the process and the tool I'm using 2/n
For my recent followers: I worked on this app last year, the result was not good for them... 3/n
The last version of the app displayed by the PlayStore is 1.1.4. As the app is not available on my country, I downloaded the app from apkmonk apkmonk.com/app/in.gov.uid… 4/n 
The 1st step is the static analysis. I launched @jebdec and found the code under the package 'in . gov . uidai . mAadhaarPlus' 5/n
I'm quite stupid. I searched sql and I got only 3 results 6/n
As we can see in the previous screenshot, the developers used this famous lib: an #Android SQLite API based on SQLCipher github.com/sqlcipher/andr… 7/n
According to the documentation, the secret of the database is the parameter of the 'getWritableDatabase' method 8/n
In one of the 3 results we had previously, the class a is extending SQLiteOpenHelper. In the a method they called the method 'getWritableDatabase' with the parameter v0 aka our secret. The v0 parameter is returns by i.c() 9/n
The c method is calling directly another method 🤷♂️ #goodProgramming 10/n
We have our answer: the password used by @uidai for the local database of the mAadhaar app is the IMEI of the device 11/n
Hey @uidai developers, for your info, it's even better if you add randomness to the password of the database... 12/n
The 2nd step is the dynamic analysis. In this case, the static analysis gave us the answer so it will be quick. Thanks to @fridadotre, you can get dynamically the password of the database. I wrote the small Frida script for you 😘 13/n gist.github.com/fs0c131y/a3dbf…
This small challenge is completed! See you next time 👋 14/14
