diff --git a/content/posts/2021-07-09-cryptography.md b/content/archives/2021-07-09-cryptography.md similarity index 100% rename from content/posts/2021-07-09-cryptography.md rename to content/archives/2021-07-09-cryptography.md diff --git a/content/posts/2021-08-06-hardware-security.md b/content/archives/2021-08-06-hardware-security.md similarity index 100% rename from content/posts/2021-08-06-hardware-security.md rename to content/archives/2021-08-06-hardware-security.md diff --git a/content/posts/2021-08-06-security-of-iot.md b/content/archives/2021-08-06-security-of-iot.md similarity index 100% rename from content/posts/2021-08-06-security-of-iot.md rename to content/archives/2021-08-06-security-of-iot.md diff --git a/content/posts/2023-10-25-toward-an-electronically-mediated-decentralistic-society.md b/content/archives/2023-10-25-toward-an-electronically-mediated-decentralistic-society.md similarity index 100% rename from content/posts/2023-10-25-toward-an-electronically-mediated-decentralistic-society.md rename to content/archives/2023-10-25-toward-an-electronically-mediated-decentralistic-society.md diff --git a/content/posts/2024-03-26-playing-with-snu-app.md b/content/posts/2024-03-26-playing-with-snu-app.md index 2002b6b..eb932d8 100644 --- a/content/posts/2024-03-26-playing-with-snu-app.md +++ b/content/posts/2024-03-26-playing-with-snu-app.md @@ -5,9 +5,9 @@ slug: playing-with-snu-application description: "Playing with SNU Application" --- -At the beginning I was going to play with our school's official mobile app. I wanted to make Telegram Bot for Mobile ID QR code, so I needed to know how App retrieves QR information. I disassembled app with JADX and tried to analyze the functions, then I got lazy so it was delayed until now. +At first I was going to play with our school's official mobile app. I wanted to make Telegram Bot for Mobile ID QR code, so I needed to know how App retrieves QR information. I disassembled app with JADX and tried to analyze the functions, then I got lazy... -Spring semester started, and few of my class uses electronic attendance system. It's also called beacon-based attendance. A lot of school uses beacon-based digital attendance system. But thinking about how it will work, it seemed relatively hackable. So I pulled application again and decided to dig deep what's going on there, and fully understand every kind of logic used in attendance system until I can take an attendace without official app. +Spring semester has started, and few of my class uses electronic attendance system. It's also called beacon-based attendance. A lot of school uses beacon-based digital attendance system. But thinking about how it will work, it seemed relatively hackable. So I pulled application again and decided to dig deep what's going on there, and fully understand every kind of logic used in attendance system until I can take an attendace without official app. ### 1. APK JADX analyzing @@ -291,4 +291,4 @@ I dont think there is a way to contain key in blackbox even for end user. User h Signature verifing is hard. Using Network is dangerous, and using internal logic can be also bypassed. I think only way to prevent this is in operating system, like in iOS it's much more hard to do this kind of job. -Also obviously they need to add some kind of authentication. There was SSO token field on their API, but it wasnt used anyway. A LOT of things were done without authentication, at least I can see on my logs. They should fix this. Since its institute, they dont care at all,, so its possible that they all know but ignored. \ No newline at end of file +Also obviously they need to add some kind of authentication. There was SSO token field on their API, but it wasnt used anyway. A LOT of things were done without authentication, at least I can see on my logs. They should fix this. Since its institute, they dont care at all,, so its possible that they all know but ignored.