morgan
/
blog
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix

This commit is contained in:
Morgan 2024-04-30 20:03:07 +09:00
parent f9c0c66817
commit 7830a5fa93
No known key found for this signature in database
5 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
content/posts/2021-07-09-cryptography.md → content/archives/2021-07-09-cryptography.md
View File

0
content/posts/2021-08-06-hardware-security.md → content/archives/2021-08-06-hardware-security.md
View File

0
content/posts/2021-08-06-security-of-iot.md → content/archives/2021-08-06-security-of-iot.md
View File

0
content/posts/2023-10-25-toward-an-electronically-mediated-decentralistic-society.md → content/archives/2023-10-25-toward-an-electronically-mediated-decentralistic-society.md
View File

6
content/posts/2024-03-26-playing-with-snu-app.md
View File

@ -5,9 +5,9 @@ slug: playing-with-snu-application
description: "Playing with SNU Application"
---
At the beginning I was going to play with our school's official mobile app. I wanted to make Telegram Bot for Mobile ID QR code, so I needed to know how App retrieves QR information. I disassembled app with JADX and tried to analyze the functions, then I got lazy so it was delayed until now.
At first I was going to play with our school's official mobile app. I wanted to make Telegram Bot for Mobile ID QR code, so I needed to know how App retrieves QR information. I disassembled app with JADX and tried to analyze the functions, then I got lazy...
Spring semester started, and few of my class uses electronic attendance system. It's also called beacon-based attendance. A lot of school uses beacon-based digital attendance system. But thinking about how it will work, it seemed relatively hackable. So I pulled application again and decided to dig deep what's going on there, and fully understand every kind of logic used in attendance system until I can take an attendace without official app.
Spring semester has started, and few of my class uses electronic attendance system. It's also called beacon-based attendance. A lot of school uses beacon-based digital attendance system. But thinking about how it will work, it seemed relatively hackable. So I pulled application again and decided to dig deep what's going on there, and fully understand every kind of logic used in attendance system until I can take an attendace without official app.
### 1. APK JADX analyzing
@ -291,4 +291,4 @@ I dont think there is a way to contain key in blackbox even for end user. User h
Signature verifing is hard. Using Network is dangerous, and using internal logic can be also bypassed. I think only way to prevent this is in operating system, like in iOS it's much more hard to do this kind of job.
Also obviously they need to add some kind of authentication. There was SSO token field on their API, but it wasnt used anyway. A LOT of things were done without authentication, at least I can see on my logs. They should fix this. Since its institute, they dont care at all,, so its possible that they all know but ignored.
Also obviously they need to add some kind of authentication. There was SSO token field on their API, but it wasnt used anyway. A LOT of things were done without authentication, at least I can see on my logs. They should fix this. Since its institute, they dont care at all,, so its possible that they all know but ignored.