In applications, changing variables or forcing execution methods during runtime can be really useful to bypass some security or even to write hacks. On Android, we can change binary libraries…Continue readingUse Frida to controll Unity app (IL2CPP)
Burp Suite doesn’t intercept non HTTP/WebSocket communication, however some apps use, for example, plain TCP connection. I wrote a simple python server and client that exchanged messages via the mentioned…Continue readingIntercept non-HTTP communication via BurpSuite
Sometimes the app’s communication is written in a way that cannot be intercepted by Burp Suite, OWASP ZAP, etc. but it’s still HTTPS communication. For example, I wrote an app…Continue readingFooling app with MockServer (HTTPS)
Modifying data transferred and received is one of the simplest ways to hack an app. For example, I created one that communicates with a server via sockets and they can…Continue readingHack any (not encrypted) communication
Apps use variables and they are stored in RAM. It would be wonderful to have access to this memory, and fortunately for us it is really simple. We only need…Continue readingSimple editing App’s RAM
Modifying C# is a really easy task if code was compiled only to IL. In this form, files (DLLs) can be executed, so it’s possible to find apps with this…Continue readingHack Mono DLL
SQL Injection is one of commonly known SQL vulnerabilities. It’s out of ordinary to see an unsecured implementation, it’s still possible to find it though. For me, one of the…Continue readingFrom SQL to shell access
Unity android app can be build in 2 ways: Mono – DLL can be simply reversed to C# L2CPP – where C# code is compiled directly to binary files for…Continue readingEdit code in Unity APK (IL2CPP)