gnh1201/kakaotalk_analysis
1
0
Fork 0
mirror of https://github.com/stulle123/kakaotalk_analysis.git synced 2025-02-06 15:05:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update SECRET_CHAT.md

Browse Source
This commit is contained in:
stulle123 2023-12-22 14:38:32 +01:00 committed by GitHub
parent 306ff798cd
commit bc80344471
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
SECRET_CHAT.md
View File

@ -14,7 +14,7 @@ This is how one can run the PoC:
- Wipe all entries in the `public_key_info` and `secret_key_info` tables from the `KakaoTalk.db` database - Wipe all entries in the `public_key_info` and `secret_key_info` tables from the `KakaoTalk.db` database
- Start `mitmproxy`: `$ mitmdump -m wireguard -s mitm_secret_chat.py` - Start `mitmproxy`: `$ mitmdump -m wireguard -s mitm_secret_chat.py`
- Start `Frida`: `$ frida -U -l loco-tracer.js -f com.kakao.talk` - Start `Frida`: `$ frida -U -l loco-tracer.js -f com.kakao.talk`
- Create new *Secret Chat* room in the KakaoTalk app and send a message - Create a new *Secret Chat* room in the KakaoTalk app and send a message
- View message in `mitmproxy` terminal window - View message in `mitmproxy` terminal window
How it works: How it works:
@ -43,10 +43,8 @@ Android implementation specifics:
TO-DOS: TO-DOS:
- Reinstall the app and check whether a warning shows up - How are the `msgId` and `chatId` generated? -> they are used to compute the nonce for CTR mode!
- Test CFB bit flipping
- How are the msgId and chatId generated? -> nonce for CTR mode!
Demo: Demo:
![MITM](https://github.com/stulle123/kakaotalk_analysis/tree/main/scripts/mitmproxy/secret_chat_demo.gif?raw=true) ![](https://github.com/stulle123/kakaotalk_analysis/blob/main/scripts/mitmproxy/secret_chat_demo.gif)