https://github.com/darvincisec/InjectFakeSecurityProvider

A simple script to patch smali file to include a Fake Security Provider at 1 for Android Apps
https://github.com/darvincisec/InjectFakeSecurityProvider

Last synced: 3 months ago
JSON representation

A simple script to patch smali file to include a Fake Security Provider at 1 for Android Apps

• Host: GitHub
• URL: https://github.com/darvincisec/InjectFakeSecurityProvider
• Owner: darvincisec
• License: apache-2.0
• Created: 2020-07-25T08:03:40.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2021-01-19T06:51:06.000Z (almost 4 years ago)
• Last Synced: 2024-04-30T13:35:03.949Z (7 months ago)
• Language: Smali
• Homepage:
• Size: 3.52 MB
• Stars: 17
• Watchers: 1
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Security: securityprovider/org/slf4j/ILoggerFactory.smali

Awesome Lists containing this project

README

        
# InjectFakeSecurityProvider

A simple script to patch smali file to include a Fake Security Provider at 1. This provider is created by patching the SpongyCastle library to print the key, key size, algorithm parameters, keystore password in logcat. With this you can retrieve application cryptographic assets provided applications depend on the default security provider.

If applications just rely on default Security Provider like this

```Java

Cipher.getInstance("AES");

KeyStore.getInstance("BKS");

```

then inserting a security provider 

```Java

Security.insertProviderAt(new BouncyCastleProvider(), 1);

```

can divert all the cryptographic operations to be performed through the inserted security provider.

# Usage

```Shell

sh patchcryptoprovider.sh  

```

Ex: sh patchcryptoprovider.sh 123.apk MainActivity

# Demo

Aegis OTP authenticator depends on the default Security Provider. By executing this script, this app is tampered with a fake security provider and hence OTP seed used in HMAC operation can be seen easily in the logcat

![Demo](demo.gif)