gnh1201/kakaotalk_analysis
1
0
Fork 0
mirror of https://github.com/stulle123/kakaotalk_analysis.git synced 2024-11-26 07:22:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
48 Commits 1 Branch 0 Tags 8.6 MiB
JavaScript 47.8%
Python 45.7%
Java 6.5%
0a7d49939c
Go to file
Dawin Schmidt 0a7d49939c Add account takeover write-up
2023-12-04 15:28:37 +01:00
recon Update write-up 2023-10-06 15:39:08 +02:00
scripts Update loco_parser.py 2023-10-06 15:02:18 +02:00
.gitignore Add .gitignore 2023-09-06 20:57:54 +02:00
FINDINGS.md Add account takeover write-up 2023-12-04 15:28:37 +01:00
README.md Update write-up 2023-10-06 15:39:08 +02:00
RECON.md Update write-up 2023-10-06 15:39:08 +02:00
SETUP.md Update write-up 2023-10-06 15:39:08 +02:00

README.md

Kakaotalk 10.3.7 Analysis

Setup

See here.

Recon

See here.

Findings

TO-DOs

  • Find a proxy Activity to start MyProfileSettingsActivity -> steal token
  • Find a setResult() call to access content://com.kakao.talk.FileProvider
  • Test Secret Chat interception with mitmproxy script
    • Use value from pt field to compute the nonce
    • Does a warning pop up?
    • What about the master secret?
  • Test CFB bit flipping
  • Create a Plus Friend or Kakao Business page or an Open Chat Room to deliver malicious JS
  • Connect with Sergey Toshin
  • Check out https://github.com/oversecured/ovaa
  • I can load URLs in CommerceShopperWebViewActivity and KGPopupActivity -> check for vulns