Bypass Mobile PIN Verification

Sourav Sahana
Jan 1 · 2 min read

Hi Hunters! again I’m here with another findings. The bounty of this bug is not enough but I’m still happy with this ¯\_(ツ)_/¯. I’m personally more interested about mobile application testing. I was able to bypass of a application’s PIN verification. Hope you will enjoy this post..

It was 31 Oct, 2019. New program launched on Bugcrowd. Feels like got command from commando for surgical strike. Luckily there was a apk file in scope.

There was a 4 digit PIN protection for opening the application. First I thought this can be bypass using response manipulation. But wait ! not getting any request in the Intercept. may be I did not bypass ssl pining properly. Checked again. All ok! So I’m not getting request for that task it means application is fetching data from internal memory. So opened ADB tool and started finding where the PIN is storing. Finally found a suspicious xml file in shared_prefs directory, Named 6e230139nh78454a8b0abui876b5f4a3.xml . And it contains some hash string. Every time the hash value changes after I change the PIN. So I simply removed the file, and BAAMM… There is no PIN protection when I open the application.

I immediately created a report with a good POC video and waiting for the response. First they marked my report as P as it required physical and root access. Then I argued with them. My replay: “you are right this exploit needs physical access of user’s device. But developer implemented one extra protection for one step better security because of unauthorized users can’t access the application even he has the device on his hand. If attacker can bypass this anyhow then this protection is useless, in that case basic protection will be enough to authenticate users. authentication mechanism is not implemented properly and I believe this is a security issue present in the application”

Finally they accepted my report and I got my bounty. I feel so happy.

Total bounty I got $100. Thank you and happy Hunting.

Sourav Sahana

Bug bounty writeups

Sourav Sahana

Written by

Hey ! My name is Sourav and I’m a security researcher/Hacker from India. Follow me if you are bug hunter to see my findings.

Sourav Sahana

Bug bounty writeups

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade