, 24 tweets, 7 min read Read on Twitter
<Thread> My sushi was delivered. I have 3 hours free. It's time for me to live tweet the RE of the RSA conference app play.google.com/store/apps/det…
Last year, the awesome @svblxyz analysed the app and found some stuff
The first step is always to use the app as a standard user. This app is not offering a lot of features. The features are coming soon ^^
Next, we have to look at the AndroidManifest.xml, the assets, libs and values folders.
- In the libs folder, we can find libsqlcipher so they are using an encrypted database
- In the manifest, we can see the following package names: com.rsa.rsaconference, com.urbanairship, com.xomodigital.azimov, net.hockeyapp, com .google.firebase, com.eventbase. It gives us the list of the 3rd party used in the app
- In the values folder, check the strings.xml and search "secret" for example. We have a lot of results. Let's keep it on a side note for a later use
This app has been obviously made by @EventbaseTech.
A good thing is to check the word exported="true" in the AndroidManifest.xml. For example, if you send adb shell am start -n "com.rsa.rsaconference/com.facebook.CustomTabActivity", the RSA Conference app will open a blank screen 🤔
This CustomTabActivity is taking the data string and forward it to another app. By sending "adb shell am start -n "com.rsa.rsaconference/com.facebook.CustomTabActivity" -d "google.com"" the app is blinking twice
This is a dead end. The CustomTabMainActivity is checking the action and finish the activity if the action is equals to CustomTabActivity.a which is our case here. Next!
I told you https is secure!
All the available endpoints
I wonder what is a debug Google Maps key 🤷‍♂️
This is the kind of string I like
This key is used to generate the HMAC key. It is used after the download of the attendance db. This is something we should hook this method during the dynamic analysis
-this method
The sharedPreferences files called prefsGlobal.xml contains a lot of juicy info
The rsa2019.sqlite_1 is a sqlite3 database which contains all the useful info regarding the event
The databases folder contains 2 interesting databases: "persistentstorage.db" and "user_data_crypt.db". What do we have in user_data_crypt 🤔?
The password of the user_data_crypt.db is quite long, encoded with Base64. This is the tables available in the database
I created my account today, it seems to be an incremental number 🤔
I am interested to know if this password is the same for everybody 🤔
This is useless but it’s funny. Me, using the RSA conference app to go on Twitter
Their AzimovWebview is able to open a lot of files
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Elliot Alderson
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!