[InsecureShop] Hardcoded Credentials

하드코딩된 인증정보

실행 화면

앱을 실행하면 이렇게 로그인창이 열립니다.

jadx를 통해 분석 해보겠습니다.

 

AndroidManifest.xml

<activity android:name="com.insecureshop.ProductListActivity">
    <intent-filter>
        <action android:name="android.intent.action.MAIN"/>
        <category android:name="android.intent.category.LAUNCHER"/>
    </intent-filter>
</activity>

MainActivity가 ProductListActiviity인것을 확인했습니다.

 

ProductListActivity

public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    Prefs prefs = Prefs.INSTANCE;
    Context applicationContext = getApplicationContext();
    Intrinsics.checkExpressionValueIsNotNull(applicationContext, "applicationContext");
    if (TextUtils.isEmpty(prefs.getInstance(applicationContext).getUsername())) {
        Intent intent = new Intent(this, (Class<?>) LoginActivity.class);
        startActivity(intent);
        finish();
        return;
    }

해당 액티비티에서 username이 없으면 loginActivity를 실행한다.

 

LoginActivity

    public final void onLogin(View view) {
        Intrinsics.checkParameterIsNotNull(view, "view");
        ActivityLoginBinding activityLoginBinding = this.mBinding;
        if (activityLoginBinding == null) {
            Intrinsics.throwUninitializedPropertyAccessException("mBinding");
        }
        TextInputEditText textInputEditText = activityLoginBinding.edtUserName;
        Intrinsics.checkExpressionValueIsNotNull(textInputEditText, "mBinding.edtUserName");
        String username = String.valueOf(textInputEditText.getText());
        ActivityLoginBinding activityLoginBinding2 = this.mBinding;
        if (activityLoginBinding2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("mBinding");
        }
        TextInputEditText textInputEditText2 = activityLoginBinding2.edtPassword;
        Intrinsics.checkExpressionValueIsNotNull(textInputEditText2, "mBinding.edtPassword");
        String password = String.valueOf(textInputEditText2.getText());
        Log.d("userName", username);
        Log.d("password", password);
        boolean auth = Util.INSTANCE.verifyUserNamePassword(username, password);
        if (auth) {
            Prefs prefs = Prefs.INSTANCE;
            Context applicationContext = getApplicationContext();
            Intrinsics.checkExpressionValueIsNotNull(applicationContext, "applicationContext");
            prefs.getInstance(applicationContext).setUsername(username);
            Prefs prefs2 = Prefs.INSTANCE;
            Context applicationContext2 = getApplicationContext();
            Intrinsics.checkExpressionValueIsNotNull(applicationContext2, "applicationContext");
            prefs2.getInstance(applicationContext2).setPassword(password);
            Util.saveProductList$default(Util.INSTANCE, this, null, 2, null);
            Intent intent = new Intent(this, (Class<?>) ProductListActivity.class);
            startActivity(intent);
            return;

여기서 auth부분을 보면 verifyUserNamePassword를 통해 인증을한다.

 

    private final HashMap<String, String> getUserCreds() {
        HashMap userCreds = new HashMap();
        userCreds.put("shopuser", "!ns3csh0p");
        return userCreds;
    }

    public final boolean verifyUserNamePassword(String username, String password) {
        Intrinsics.checkParameterIsNotNull(username, "username");
        Intrinsics.checkParameterIsNotNull(password, "password");
        if (!getUserCreds().containsKey(username)) {
            return false;
        }
        String passwordValue = getUserCreds().get(username);
        return StringsKt.equals$default(passwordValue, password, false, 2, null);
    }

따라가보면 GetUsercreds를 통해 username과 password를 가져와서 인증하는 것 을 확인할 수 있다.

userCreds.put("shopuser", "!ns3csh0p");
shopuser
!ns3csh0p

해당 정보를 가지고 로그인하면 된다.