Faudhzan
Rahman

Hi guys, Today I will share some of the tools used by me when testing Mobile Application for Android. These are the application that you might need when testing Mobile Application. Currently I'm using physical device (Nexus 5x). The apps used and how to use them might differ depending on whether you are using physical device or emulator. Below are the apps used:- Magisk Manager - to root phone or hide root from application Root Checker - to check root status RootCloak - to hide root status from application apk-signer - to sign apk after compile/decompile process SSLUnpinning - to bypass SSL pinning on application APK Editor - to edit the apk to bypass SSL pinning or root detection Xposed Framework - to add modules sqlite (Titanium Backup) - to read local database All-in-one " Frida " - multipurpose superb application that covers most of the above functions Most of the time, we need rooted device to install all of the above application. So, yo

Hi guys. It's been awhile since I post something. Today I will share some insight on dealing with encryption on mobile application. As you all know, these days every mobile application have some sort of encryption in order to " secure " it. In most cases, encryption only been used to divert the main issue. For example, the developer does not practice secure coding that pretty much ends up with a lots of security issue in the application. So, to solve this issue, they simply use encryption to simplify their work instead of fixing the code.   In some cases, the developer might expose the secret key or hard-coded the key in the application. The secret key can be used to decrypt the data. Now, lets see some of the example. *Do note that this can only be done if you have the key 1 ) When dealing with android application ( apk file ), we can use jadx to decompile the apk and search for the key. Below is the example of the key.   2 ) After getting the key, we ca