Bypass Mobile PIN Verification

Sourav Sahana
Jan 1, 2020 · 2 min read

Hi Hunters! again I’m here with another findings. The bounty of this bug is not enough but I’m still happy with this ¯\_(ツ)_/¯. I’m personally more interested about mobile application testing. I was able to bypass of a application’s PIN verification. Hope you will enjoy this post..

It was 31 Oct, 2019. New program launched on Bugcrowd. Feels like got command from commando for surgical strike. Luckily there was a apk file in scope.

There was a 4 digit PIN protection for opening the application. First I thought this can be bypass using response manipulation. But wait ! not getting any request in the Intercept. may be I did not bypass ssl pining properly. Checked again. All ok! So I’m not getting request for that task it means application is fetching data from internal memory. So opened ADB tool and started finding where the PIN is storing. Finally found a suspicious xml file in shared_prefs directory, Named 6e230139nh78454a8b0abui876b5f4a3.xml . And it contains some hash string. Every time the hash value changes after I change the PIN. So I simply removed the file, and BAAMM… There is no PIN protection when I open the application.

I immediately created a report with a good POC video and waiting for the response. First they marked my report as P as it required physical and root access. Then I argued with them. My replay: “you are right this exploit needs physical access of user’s device. But developer implemented one extra protection for one step better security because of unauthorized users can’t access the application even he has the device on his hand. If attacker can bypass this anyhow then this protection is useless, in that case basic protection will be enough to authenticate users. authentication mechanism is not implemented properly and I believe this is a security issue present in the application”

Finally they accepted my report and I got my bounty. I feel so happy.

Total bounty I got $100. Thank you and happy Hunting.

Sourav Sahana

Bug bounty writeups

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store