gnh1201/kakaotalk_analysis
1
0
Fork 0
mirror of https://github.com/stulle123/kakaotalk_analysis.git synced 2025-02-06 15:05:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
b3b3537340
kakaotalk_analysis/README.md
stulle123 929677876e Update write-up
2023-10-06 15:39:08 +02:00

795 B
Raw Blame History

Kakaotalk 10.3.7 Analysis

Setup

See here.

Recon

See here.

Findings

TO-DOs

  • Find a proxy Activity to start MyProfileSettingsActivity -> steal token
  • Find a setResult() call to access content://com.kakao.talk.FileProvider
  • Test Secret Chat interception with mitmproxy script
    • Use value from pt field to compute the nonce
    • Does a warning pop up?
    • What about the master secret?
  • Test CFB bit flipping
  • Create a Plus Friend or Kakao Business page or an Open Chat Room to deliver malicious JS
  • Connect with Sergey Toshin
  • Check out https://github.com/oversecured/ovaa
  • I can load URLs in CommerceShopperWebViewActivity and KGPopupActivity -> check for vulns