- Видео 38
- Просмотров 136 865
FatalSec
Индия
Добавлен 25 июн 2022
Join us on a journey of exploration and learning, as we delve into the fascinating realm of penetration testing on mobile devices and demonstrate responsible and legal ethical hacking techniques.
Our channel is your ultimate resource for gaining hands-on experience in mobile security. Whether you are a beginner or an experienced cybersecurity professional, we provide insights, tutorials and real world examples to expand your knowledge and skills.
Our channel is your ultimate resource for gaining hands-on experience in mobile security. Whether you are a beginner or an experienced cybersecurity professional, we provide insights, tutorials and real world examples to expand your knowledge and skills.
Hacking games with Frida's New Hardware Watchpoint API
#frida #memoryscan #hardwarewatchpoint #flappybird #hacking #gamehack
Hello everyone and welcome to a new video on Frida’s new `setHardwareWatchpoint` API by FatalSec. In this video we are gonna learn how to find some interesting memory locations by scanning the memory for pattern or bytes and then you will learn how this new `setHardwareWatchpoint` API can be used to identify the target function or instruction from where the memory location is getting modified.
This approach can be helpful and used as a cheat or hacking technique to manipulare game scores.
For demonstration purpose we will be using a very famous game called “Flappy Bird” which you can download from the link below:
github.com...
Hello everyone and welcome to a new video on Frida’s new `setHardwareWatchpoint` API by FatalSec. In this video we are gonna learn how to find some interesting memory locations by scanning the memory for pattern or bytes and then you will learn how this new `setHardwareWatchpoint` API can be used to identify the target function or instruction from where the memory location is getting modified.
This approach can be helpful and used as a cheat or hacking technique to manipulare game scores.
For demonstration purpose we will be using a very famous game called “Flappy Bird” which you can download from the link below:
github.com...
Просмотров: 905
Видео
ARMv8 Assembly: Lesson 5 (Shift & Rotations)
Просмотров 227Месяц назад
#ARMv8 #Assembly #gdb #logicalshift #logicalrotation #immediatemode #registermode #ror #lsl #lsr Welcome to Lesson 4 of the ARMv8 (64-bit) Assembly Series from FatalSec! In this video, we will learn how to perform logical shift operations such as LSL, LSR and also how to perform rotations such as ROR using ARMv8 assembly. We will also see how these logical operators can be used in real world sc...
Tracing Instructions & Intercepting System Calls
Просмотров 1,2 тыс.2 месяца назад
#syscalls #svc #frida #stalker #ghidra #android #pentest Welcome to FatalSec! 🔥 In this deep dive, we’re exploring advanced techniques for Android app pentesting using Frida Stalker. You’ll learn how to trace the runtime instructions of an app, making it possible to see exactly what's being executed step-by-step. We’ll also demonstrate how to parse registers and memory by tracing SVC instructio...
Reverse Engineering Obfuscated Flutter App
Просмотров 3,8 тыс.4 месяца назад
#flutterobfuscatedapp #mobilesecurity #dartdecompilation #dartobjectpool #reverse-engineering Hello everyone and welcome to another video on Flutter by FatalSec. In this video we are gonna learn how to deal with an obfuscated flutter application by resolving Dart Object Pool indirections. You will also learn about some of the internals of DartVM such as Snapshots and Isolates. The most importan...
ARMv8 Assembly: Lesson 4 (Logical Operators)
Просмотров 3504 месяца назад
#ARMv8 #Assembly #gdb #logicaloperators #registerdirect #mvn #orr #eor #and Welcome to Lesson 4 of the ARMv8 (64-bit) Assembly Series from FatalSec! In this video, we will learn how to perform some basic logical operations such as AND, OR, XOR, NOT using ARMv8 assembly. We will also see how these logical operators can be used in real world scenarios. It is recommended to view the previous video...
ARMv8 Assembly: Lesson 3 (ADD, SUB, MUL, set CPSR)
Просмотров 5716 месяцев назад
#ARMv8 #Assembly #gdb #arithmetic #registerdirect #add #sub #mul #cpsr Welcome to Lesson 3 of the ARMv8 (64-bit) Assembly Series from FatalSec! In this video, we will learn how to perform some basic arithmetic operations such as addition, subtraction and multiplication using ARMv8 assembly. We will also see how to set the CPSR register using variations on ADD and SUB instruction. It is recommen...
ARMv8 Assembly: Lesson 2 (Addressing modes via ADR, LDR)
Просмотров 7076 месяцев назад
#ARMv8 #Assembly #gdb #addressingmodes #registerindirect #registerdirect Welcome to Lesson 2 of the ARMv8 (64-bit) Assembly Series from FatalSec! In this video, we will cover various ways in which processor access the data from the memory and register. These are called addressing modes. To demonstrate these different modes we will create some simple ASM source code, go over assembly instruction...
ARMv8 Assembly: Lesson 1 (MOV, Exit Syscall)
Просмотров 1,2 тыс.7 месяцев назад
#ARMv8 #Assembly #MOV #GDB #Programming Welcome to Lesson 1 of the ARMv8 (64-bit) Assembly Series from FatalSec! In this video, we will cover how registers work, create some simple ASM source code, go over a few basic assembly instructions, as well as all the prerequisites you will need for future videos in this series. ARM Developer Suite Assembler Guide: developer.arm.com/documentation/dui005...
Bypassing iOS Anti Reversing Defences Using Frida
Просмотров 2,5 тыс.7 месяцев назад
#iospentesting #mobilesecurity #owasp #anti-reversing This video will provide a walkthrough on dynamically bypassing anti-debugging and anti-reversing defences used in iOS applications. For the purpose of this video we are going to use ios-challenge-2 provided by OWASP Foundation as a part of their mobile security testing guide. You can download the challenge application as well as the bypass s...
Reverse Engineering Flutter Based Android Applications
Просмотров 8 тыс.9 месяцев назад
#flutter #dartvm #reverse engineering #blutter #frida In this video, we are diving into the fascinating world of flutter reverse engineering. By the end of this video, you would be able to analyze any flutter based android application. For this tutorial we have used a tool called Blutter which is capable of parsing Dart AOT Snapshots of all the latest dart versions including some old ones. You ...
How to crack serial key for any program using Angr Framework
Просмотров 7 тыс.10 месяцев назад
#cracklicense #angrframework #keygen #arm64 #staticanalysis In this video, we delve into the fascinating world of reverse engineering license key validation algorithms. Using the powerful angr framework, we uncover the secrets behind a sample Android application that prompts users to input two valid license keys for unlocking new features. Our exploration focuses on the ARM64 architecture, wher...
Bypassing advance frida detections using Frida
Просмотров 4,9 тыс.Год назад
Bypassing advance frida detections using Frida
Bypass SSL Pinning for Flutter apps using Frida
Просмотров 14 тыс.Год назад
Bypass SSL Pinning for Flutter apps using Frida
Bypassing Jailbreak Detection in iOS - Beginner Friendly
Просмотров 3,4 тыс.Год назад
Bypassing Jailbreak Detection in iOS - Beginner Friendly
Bypassing advance root detections using Frida
Просмотров 8 тыс.Год назад
Bypassing advance root detections using Frida
Emulating Android library to decrypt strings (Qiling Framework)
Просмотров 2,3 тыс.Год назад
Emulating Android library to decrypt strings (Qiling Framework)
How to Unpack Protected Android APK with Frida
Просмотров 6 тыс.Год назад
How to Unpack Protected Android APK with Frida
How to Bypass Multiple SSL Pinning on Android
Просмотров 10 тыс.Год назад
How to Bypass Multiple SSL Pinning on Android
Secrets of Bypassing Hook Integrity Checks on Android - Make it Yours!
Просмотров 7 тыс.Год назад
Secrets of Bypassing Hook Integrity Checks on Android - Make it Yours!
Solving OWASP MSTG Android crackme level 2 using Frida
Просмотров 2,4 тыс.2 года назад
Solving OWASP MSTG Android crackme level 2 using Frida
How to bypass root detection using Frida in Android
Просмотров 13 тыс.2 года назад
How to bypass root detection using Frida in Android
Qiling Lab's ARM64 Emulation Challenges (6 to 9)
Просмотров 3542 года назад
Qiling Lab's ARM64 Emulation Challenges (6 to 9)
Arm64 binary emulation using Qiling Framework (Challenges 3 to 5)
Просмотров 6392 года назад
Arm64 binary emulation using Qiling Framework (Challenges 3 to 5)
Arm64 binary emulation using Qiling Framework
Просмотров 2,9 тыс.2 года назад
Arm64 binary emulation using Qiling Framework
How to install Kali Linux on Android without rooting
Просмотров 4622 года назад
How to install Kali Linux on Android without rooting
Frida Stalker - Tracing binary instructions
Просмотров 4,8 тыс.2 года назад
Frida Stalker - Tracing binary instructions
Unicorn Emulation - Emulating ARM64 binary using Unicorn Emulation (Part 2)
Просмотров 9202 года назад
Unicorn Emulation - Emulating ARM64 binary using Unicorn Emulation (Part 2)
Unicorn Emulation - Emulating arm64 binary using Unicorn Emulation (Part 1)
Просмотров 3,1 тыс.2 года назад
Unicorn Emulation - Emulating arm64 binary using Unicorn Emulation (Part 1)
Unicorn Emulation - Cross Compiling C Code for ARM64
Просмотров 1,3 тыс.2 года назад
Unicorn Emulation - Cross Compiling C Code for ARM64
hey bro, could you make a video for how to bypass 360 signatures or how to hook app with 360 jiagu by frida?
hey bro, could you make a video for how to bypass 360 signatures or how to hook app with 360 jiagu by frida?
Woow this is so cool man i was looking for this for so long u did an amazing job explaining everything ❤
Excellent content! Thank you.
Great video keep it up 👍
Thanks
Thank you so much! You're a legend
This is hands down the best channel there is for reverse engineering content of mobile applications. I am very grateful for the content! Thanks and please keep posting. I actually learn quite a lot from all your Android and iOS related videos. Thanks once again.
How to bypass emulator detection
You can use the same approach to bypass emulator detection. Search for file access APIs and identify the paths it is looking for.
Hey man, what method did you use to install the challenge application in a way that wouldn't require signature signing? I'm trying to follow along with you but unfortunately I'm unable to intercept the NSLogs. Basically, Frida launches the app and the app quits but terminal still shows "spawning `re.murphy.ios-challenge-2`... " for a while before timing out. Could you please help?
You have a jailbroken device?
@@fatalsec Yes, I have an iPhone 7 running iOS 15.8.3 with a rootful jailbreak using Palera1n. I followed every single step in the video, but I don't know how you installed the "iOS-Challenge-app-2," since it crashes on launch for you. I think that is the only missing piece here. I have installed the app with Apple ID signing using Sideloadly and TrollStore, and it launches without crashing, so I cannot get the exit function to be called. Am I doing something wrong? I really want to replicate what is shown in the video in my environment so I can intercept the NSLogs.
Very informative 😅 am learning cpp this comes recommendation
Thanks for watching and glad to hear that you're learning C++!
Nice video ❤
Thanks!
This is like using CheatEngine except we are doing it manually! Nice!
can you make a tutorial on how to access React Native Hermes function call
what's the difference between this and old MemoryAccessMonitor api?
Use MemoryAccessMonitor for wide-range tracking and setHardwareWatchpoint() for high-precision, low-overhead monitoring of specific addresses.
You're a Gem bro
Thanks
♥️♥️♥️♥️
I think the linker64 will not work with emulator has x86_64 arch? in this case, what should i do?
Bro like you ❤❤❤
why i cannot find base.apk.classes.zip or other in memory dump ?only found /data/app/org.autojs.autojspro-4l5J_GccndJGQKDq2QMTmA==/oat/x86/base.odex
Thank you so much. This video really helped break down everything. Super easy to grasp. Good explanation, great diagrams. I've been struggling for a while to really understand how flutter apps worked
Glad that it helped you
thank you. on point and nicely explained. worked
Nice video. How would we change the return value of a function?
How would we change the return value of a function?
Very good video. Nice explanation.
Thanks
When I get to 7:13 after installing the cert, I can't load Google or any page - the HTTO hits appear in Burp Suite but never actually load on the device. What am I doing wrong? Also my device is not rooted, not sure if that makes a difference?
Had to put this at -05 playback lol
Was it too fast?
I have one question, if the binary is "splitted" the /lib folder not appears at JADX. How can i get the full apk like that ?
There are couple of options to merge splitted files into one single apk. You can try this: github.com/AbdurazaaqMohammed/AntiSplit-M You can find other similar tools as well.
👏👏👏👏👏
I have an app (built with obfuscation flags) and just want to deter freeloaders who may try to use the API's for free. If the app is non-financial and not a "big name" brand, what are the chances someone goes to all this trouble, say, to get a free subscription version of the app or free API usage? Is the obfuscate flag good enough for most apps? And I cannot imagine anyone NOT building with that flag, are non-obfuscated apps common?
Without obfuscation it’s easy to break the app protections to get free subscriptions and hence it is always recommended to apply obfuscation. But yes it is very common that developers don’t use this flag because they are not aware about it and what security protection this flag provides!
@@fatalsec Thank you very much, great content! I tried to decompile my apk with jadx and search for portions of strings and I failed to find any. I also assemble the keys from many parts and then decrypt them "on the fly" so nothing is stored that even looks like a key. Beyond that i have some very basic jailbreak, debug and frida checks, but honestly I feel like there is no point because if someone can get past step 1, they probably already sidestep these other detections with ease. So maybe I should just remove those to speed up the app startup. IDK.
Dear Sir, if we want to multiply the number by 5, what is the displacement value? Note that my question is stupid, but I am curious to learn.
Oh this would be a bit complex! There is no straight forward way to do this. You have to utilise the fact that x * 5 = x(4+1) = (x*4) + 1 and multiplication by 4 can be achieved by left-shifting x by 2 bits.
Can you do a tutorial on compiling frida-server with frida patches? Or at least upload a patched frida-server (strongr frida).
Hmm, yeah maybe I can!
cant the unicorn execute static linked binaries and all the function that you implemented in the python script are already implemented
Yes for the static linked libraries it should be able to execute!
What about syscalls? Does the Unicorn support syscalls
Is there ARM64 assembler & emulator for Windows for learning ARM64
Yes I think you can use GCC cross compiler using either Cygwin or by enabling WSL and installing Linux as a command line tool.
Thanks for your effort. I really want to learn more about Assembly, but it is a nightmare. I turned on the notification bell on your channel so I would not forget about your videos (I have been impressed with your videos about reverse engine Android application).
Thanks. Glad to hear that the videos are helping you in your learning journey.
Actually I watched this tutorial twice it is really hard, the hardest thing is that you are not using Radar2 I found it difficult to understand I hope you will repeat this tutorial using Radar2 I also think that the source code has been updated 😅
Hi bro, can you make a video on finding all manual static analysis issues on an apk file?
For that you can use tools like MobSF which will generate a report for you showing all the vulnerabilities and potential issues.
You are great, bro
Oh no I am just sharing knowledge!
@fatalsec This is where the brilliance lies. You are a good professor. More knowledge for you and for us. Thank you for all your efforts.
Really amazing thanks brother ❤, more videos
This app is not working right now
Thanks for letting me know. I will check and update it if required.
Keep going deep into this kind of lessons sir.
18: 37 @fatalsec How can you run the arm-arch-64 binary in x86 machine?
Using a cross compiler. You will find GCC cross compilers for different target architectures.
@@fatalsec I built using gcc cross compiler as you explained, but I was confused how come you can run aarch 64 binary in x86 machine. then i found that you are running in qemu kind of emulation for aarch64 architecture. ami i right?
13.35 Can you please make another video on ELF File Format Detail? Thank you.
Okay noted
You want it to be more specific for emulation purposes?
@@fatalsec yes, armv8-a emulation, in specific for embedded developers
@@fatalsec thank you 🙂
Awesome content 👏
Hi @fatalsec, Where can get the latest ARMv8-A Developer guide? Any ideas? Thanks.
I see the Version 1.0 dated 2015. Is this the latest? thank you.
Yes sir, the video is very useful. I hope we watch the sequel.
Hello, how to find API in flutter app. Please make a detailed video
You mean web apis?
@fatalsec yes. I want which api used by app.
Will you be creating more ARM64 / AARCH64 V8 Assembly tutorials?
Yes next video is going to be arm assembly
I was struggling for month while trying to work on an Flutter app, until I saw this video! Great job <3
Amazing video. That's exactly the topic i was thinking about this week. I have a question: Can we edit the syscall arguments with such approach? For example: replace the name of the file which app is trying to open with openat() syscall?
Yes you can manipulate the arguments using this approach. Just modify the register value before SVC instruction.
@@fatalsec thank you very much, I really needed that. I appreciate your content btw. Subscribed now