Skip to content
/ InjectFakeSecurityProvider Public

A simple script to patch smali file to include a Fake Security Provider at 1 for Android Apps

License

Apache-2.0 license
17 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

darvincisec/InjectFakeSecurityProvider

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
securityprovider/org
securityprovider/org
 
 
LICENSE
LICENSE
 
 
PatchSecurityProvider.sh
PatchSecurityProvider.sh
 
 
README.md
README.md
 
 
demo.gif
demo.gif
 
 

Repository files navigation

InjectFakeSecurityProvider

A simple script to patch smali file to include a Fake Security Provider at 1. This provider is created by patching the SpongyCastle library to print the key, key size, algorithm parameters, keystore password in logcat. With this you can retrieve application cryptographic assets provided applications depend on the default security provider.

If applications just rely on default Security Provider like this

Cipher.getInstance("AES");
KeyStore.getInstance("BKS");

then inserting a security provider

Security.insertProviderAt(new BouncyCastleProvider(), 1);

can divert all the cryptographic operations to be performed through the inserted security provider.

Usage

sh patchcryptoprovider.sh <xyz.apk> <class file to include the security provider>

Ex: sh patchcryptoprovider.sh 123.apk MainActivity

Demo

Aegis OTP authenticator depends on the default Security Provider. By executing this script, this app is tampered with a fake security provider and hence OTP seed used in HMAC operation can be seen easily in the logcat

Demo

About

A simple script to patch smali file to include a Fake Security Provider at 1 for Android Apps

Resources

Readme

License

Apache-2.0 license
Activity

Stars

17 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages