I have entered 4 As in the input field as shown below.Īs you can see, the application has shown an error message.Īfter entering multiple inputs as such, the application responded with the same error message as long as the input length is not greater than 20. Let’s first see how the application is responding when we enter some input. The goal is to crash the application some how. INPUT VALIDATION ISSUES – PART 3” in your application. INPUT VALIDATION ISSUES – PART 3” Steps to solve:Ĭlick on “13. We can also find this hardcoded key in the source, which is available at the following link.įollowing is the hardcoded constant from the source code.Ĭhallenge 13: “13. After trying both of them in the application, I ended up finding the right vendor key Looking at the above output, we can notice various strings coming out among which two strings that are highlighted in the above output caught my attention. Java_jakhar_aseem_diva_DivaJni_initiateLaunchSequence Lets pull one of them and run strings command on that to see if we can find anything interesting. This is shown below.Īs we can see in the above excerpt, there are multiple instances of “libdivajni.so” files for various architectures. To “lib” folder and run “ls *” to list out all the files within each directory. Unpacking the application using the command $ unzip diva-beta.apk will result in all the files and folders extracted as shown below. Libraries will come with the APK file, and they are usually located within the”lib” directory.
Exploring other files reveal that there is a file called DivaJni.class as shown below.įrom above code, it is clear that a native library called “divajni” is loaded. Looking at the above code at Hardcode2Activity.class, it appears that this activity is creating an object of DivaJni class when it is loaded. The goal of this challenge is to find out the vendor key and submit it to the application.įollowing is the decompiled code that is associated with the activity. HARDCODING ISSUES – PART 2” in your application.
HARDCODING ISSUES – PART 2.” Steps to solve:Ĭlick on “ 12.
0 kommentar(er)
