Episode 14: In this episode of Critical Thinking we talk about Dynamic Analysis within Mobile Hacking and a bunch of random hacker stuff. It's a good time. Enjoy the pod.
Follow us on Twitter at: https://twitter.com/ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker (https://twitter.com/realytcracker) for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater & Teknogeek on Twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
Joel’s Alternative to UberTooth One: https://www.amazon.com/Bluetooth-UD100-G03-Exchangeable-Bluesoleil-Microsoft/dp/B0161B5ATM
D3monDev’s Burp VPS Plug-in: https://github.com/d3mondev/burp-vps-proxy
FireProx: https://github.com/ustayready/fireprox
Joel’s Universal SSL De-pinning Frida Script: https://gist.github.com/teknogeek/4dc35fb3801bd7f13e5f0da5b784c725
Command-line Fuzzy Finder: https://github.com/junegunn/fzf
Justin’s two article recommendations for using Frida:
- https://tinyurl.com/5n94d6ry
- https://tinyurl.com/yfy3n5f5
Copy screen of physical device: https://tinyurl.com/ymdrscm5
Flipper: https://flipperzero.one/
BetterCap BLE Module: https://www.bettercap.org/modules/ble/
Chapters
0:00 Intro
0:55 Hacker Chats
3:27 Podcast Content Commentary
4:09 SSRF Rebinding Error Confession
6:02 Flipper Zero
7:58 Bettercap BLE
9:36 Sena USB Bluetooth Adapter
12:41 Burp VPS Proxy Plugin
13:55 Fireprox
15:40 Dynamic Mobile Hacking
17:40 Dynamic Analysis Overview
18:18 Emulator Talk
24:29 Joel's APK Analysis Flow
26:30 Cert Pinning
32:17 Joel's SSL Cert Unpinning Script
35:29 Hands-on look at Frida
50:11 Frida on Non-rooted Devices
58:22 Tracing Errors to Overwritable Functions
1:00:39 Native Libraries
1:09:18 GenyMobile Screen Mirroring Tool
1:11:50 Justin's Report of the Day and Custom SSL Pinning
1:18:15 Joel's First Ever Bug, Jailbreak Detection Bypass
