gnh1201/kakaotalk_analysis
1
0
Fork 0
mirror of https://github.com/stulle123/kakaotalk_analysis.git synced 2024-11-26 07:22:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
49 Commits 1 Branch 0 Tags 8.6 MiB
JavaScript 47.8%
Python 45.7%
Java 6.5%
176602b4f9
Go to file
stulle123 176602b4f9 Fix typos and spelling
2023-12-05 10:18:22 +01:00
recon Update write-up 2023-10-06 15:39:08 +02:00
scripts Update loco_parser.py 2023-10-06 15:02:18 +02:00
.gitignore Add .gitignore 2023-09-06 20:57:54 +02:00
FINDINGS.md Fix typos and spelling 2023-12-05 10:18:22 +01:00
README.md Update write-up 2023-10-06 15:39:08 +02:00
RECON.md Update write-up 2023-10-06 15:39:08 +02:00
SETUP.md Update write-up 2023-10-06 15:39:08 +02:00

README.md

Kakaotalk 10.3.7 Analysis

Setup

See here.

Recon

See here.

Findings

TO-DOs

  • Find a proxy Activity to start MyProfileSettingsActivity -> steal token
  • Find a setResult() call to access content://com.kakao.talk.FileProvider
  • Test Secret Chat interception with mitmproxy script
    • Use value from pt field to compute the nonce
    • Does a warning pop up?
    • What about the master secret?
  • Test CFB bit flipping
  • Create a Plus Friend or Kakao Business page or an Open Chat Room to deliver malicious JS
  • Connect with Sergey Toshin
  • Check out https://github.com/oversecured/ovaa
  • I can load URLs in CommerceShopperWebViewActivity and KGPopupActivity -> check for vulns