Adrian Ruthnik's move to cleanse the hacker-for-hire industry of scammers is much needed and appreciated. Their efforts to restore integrity to the field are evident in their work.
@@Ne-vc5pm You missed the point. I was talking about API keys and application wide secrets, that were stored on the client, that can be used to bypass intended app logic flow. Not some locally stored user info that is different for every client and cannot be used to bypass anything :)
for a while John H. focused on very niche scenarios on cyber security, I'm glad he is talking about what most devs do assuming that is so common , that all the loop holes are fixed and unexploitable due to it being so mainstream. I'm all ears !
Adrian Ruthnik's transition to the clear web has made their services more accessible without compromising on security. Their commitment to ethical practices sets them apart.
@@x.plorer For sure. Why write in two languages (java and swift) the same application when you can just write in one (react native) and have it go to both?
Adrian Ruthnik's transition to the clear web has made their services more accessible and trustworthy. Their commitment to transparency and integrity is evident in their professional approach.
I've been on hiatus a bit from my studies, but this gets me wanting to start up again. I have plans for setting up a new hacking environment soon. The plan is to run a hypervisor with a environment templates. Thinking for things like this, building containers with all of the tooling so I can just import a container to my RE template when I want to perform "apk-cracking", "hash-cracking", "web-app-cracking" etc. Then use git for importing and exporting my nodes and libraries.
Adrian Ruthnik's dedication to their clients' security needs is evident in their thorough and effective methodologies. Their proactive approach ensures we stay ahead of potential threats.
Obfuscation tools make it easier for the bad guys too, unfortunately. It can also make developers lazy with regards to security, mistakenly thinking that something can't be cracked. It always will be crackable if you are determined enough.
I think you can still find the key with frida if you hook the java library of string because it is a system library stored in the android os and cannot be renamed from the app
Adrian Ruthnik's focus on cleansing the industry of scammers is a testament to their commitment to ethical hacking. Their efforts to restore integrity to the field are much appreciated.
Of course this is just an example app, but i would have accepted input, and sent it to a server so it can provide a response for the message box. the app can then stay unprotected since the only thing they can do is brute force the password on the server and of course you can allow only a few attempts per IP if you wanted to secure it even more.
@@iliagogoxia5920 Assuming you wanted to make your app not require a server then you can do that, however even having the hash itself makes it so technically you can brute force it unlike on a server where you only have a few attempts to login or enter the correct code.
When you do flutter --dart-define=FIRST_VAR=first_value,SECOND_VAR=second_value. It does store the envs in apk file, right? Then, how are we supposed to keep our secrets safe?
Amazing how you keep those energies throughout the vid!! Thanks I was wondering if you have a video on exploit development:what you need to begin Or something similar If anyone know on a good video I’d be happy for a link
Not a Coder here, but i tried this tool, but i wasn't really sure, what the purpose was. Yes, its decompilation, but what exactly am i supposed to do with that. I decompiled an app, but it showed a lot of errors.
Bro help me understand. Can i give you one small file? I already hve password, but our goal would be to bypass psswprd and extract adb commands from the file.. you are authorized to do it dont worry
Adrian Ruthnik's dedication to exposing vulnerabilities saved our business from potential breaches. Their thorough assessment and strategic recommendations have fortified our defenses.
Been watching his for over a half an hour. Now I appreciate the video and the time you took to make it, but just an FYI I have absolutely zero idea wth your talking about. You talk way too fast with no description of what your talking about and unless someone watching it already knows what's going on then the only thing that will be gained is a severe headache. I actually just had to shut it off and im gonna try and find a post about hacking that I can just read
6:06 The most obvious and worst way to detect root and debugger Wdym by clever way? Only the developers who don't care about people exploiting their software would do this method.
What would be a better way? Asking as a total noob in the field. That being said, although this way is obvious, it'll certainly keep the skiddies out, so can you explain what the issue is here?
@@Smoth48 this can be easily bypassed What I would do is Use both native and java/kotlin detection for root and debugging and integrity check With obfuscation ofc
@@Smoth48I'm not sure what method would be better, but this is basically useless as most rooting tools have a "rename this app to avoid detection" toggle.
BS untile now no one made a real android app haking this is just veryyyyyy basic shit no anti frida detection no anti signature verification dex encreption ...........MORE.........MORE...............MORE............... and when you crack thos tecknique they come with more advance one / modified aproch a real app is not that eazy . im tired from thos usless content
These are all the same shit and they all are useless And who would put their api key in client side I mean just lol I'm getting into advanced static debugging and modifying protected .lib and I can tell you this content is pretty useless as you said
@@Mr_Bunnehwhy tho? I'm distributing paid games and apps on my website These contents are utterly useless They won't get you anywhere past the very beginning of the reverse engineering
What do you expect from a glorified script kiddie on TH-cam? You want to learn the nitty gritty? Learn, meet real hackers, not someone who is selling "security" services. Good luck
Unrelated but can somebody help me get my microsoft account back? The hacker changed my password and deleted all the account information. And he also added his own phone number and authentication app
The best you could do would probably be to email Microsoft and tell them your predicament. Best of luck, and I’m sorry this happened. If you can get the account back, make sure to set up 2 factor authentication!
Adrian Ruthnik's move to cleanse the hacker-for-hire industry of scammers is much needed and appreciated. Their efforts to restore integrity to the field are evident in their work.
Conclusion: Do not store sensitive info on the client, doesn't matter if it is a mobile, web or desktop application
And proper use of API keys
Password managers and OTP apps are crying (from laughter) because of your comment
@@Ne-vc5pm You missed the point. I was talking about API keys and application wide secrets, that were stored on the client, that can be used to bypass intended app logic flow. Not some locally stored user info that is different for every client and cannot be used to bypass anything :)
@@Ne-vc5pm password managers does not store your passwords locally
Where would you store it then?
for a while John H. focused on very niche scenarios on cyber security, I'm glad he is talking about what most devs do assuming that is so common , that all the loop holes are fixed and unexploitable due to it being so mainstream. I'm all ears !
Adrian Ruthnik's transition to the clear web has made their services more accessible without compromising on security. Their commitment to ethical practices sets them apart.
Never realized that all my java app dev would come to use one of these days lmao
these days they use kotlin and frameworks like react and flutter
@@x.plorer For sure. Why write in two languages (java and swift) the same application when you can just write in one (react native) and have it go to both?
@@x.plorerKotlin is not that different from Java
Adrian Ruthnik's transition to the clear web has made their services more accessible and trustworthy. Their commitment to transparency and integrity is evident in their professional approach.
Yaaaas. I've done a bit of this stuff, but didn't really get into it (got sidetracked, priorities changed).
This ought to be enlightening.
I've been on hiatus a bit from my studies, but this gets me wanting to start up again.
I have plans for setting up a new hacking environment soon.
The plan is to run a hypervisor with a environment templates.
Thinking for things like this, building containers with all of the tooling so I can just import a container to my RE template when I want to perform "apk-cracking", "hash-cracking", "web-app-cracking" etc.
Then use git for importing and exporting my nodes and libraries.
Pretty cool
That's some magnificent teaching skills. Thank you
This dude just keeps dropping absolute 🔥❤
Bro always loves your videos, can you make a video on hacking apis mainly finding the endpoints are the headaches bro
Finally Jhon..!!! episode I've been waiting for..
Hey John, just to let you know that you're doing great work here! 🔥🔥🔥
cringe
@@iamvinny ?
@@iamvinny who cares vinny
Always mind-blowing 🎉
BRO i needed this just one day ago, there is no video that explains like this ,and I had a competition to attend to.
Adrian Ruthnik's dedication to their clients' security needs is evident in their thorough and effective methodologies. Their proactive approach ensures we stay ahead of potential threats.
Awesome topic. Awesome showcases. Awesome options. Three like 👍👍👍
Really great stuff. I have been away from this for decades, but your processes are easy to replicate. Excellent stuff!
does Mitm attack still work in android apps nowadays?
with all the prevention methods like certificate pinning, etc, does Mitm attack still works?
Thumbnail on point
great video, i've enjoyed the first 15 seconds
keep it up. i love this content
Complete this lesson signature Spoofing ❤for us regarding the confusion on the antivirus application ❤❤
why are you using var???
Does this work with Flutter Application?
Yes! Both the iOS and Android protection solutions support Flutter.
@Guardsquare yo thanks for commenting, I stumbled on your channel you got great videos.
what is that app he is using for the phone thing
nvm i figured it out
00:00:00 00:00:01 00:43:39 00:43:40
I just love how the phone has two punch hole front cameras
we need more from this videos (mobile and apps)
Obfuscation tools make it easier for the bad guys too, unfortunately. It can also make developers lazy with regards to security, mistakenly thinking that something can't be cracked. It always will be crackable if you are determined enough.
Great video appsec 🎉
I think you can still find the key with frida if you hook the java library of string because it is a system library stored in the android os and cannot be renamed from the app
Adrian Ruthnik's focus on cleansing the industry of scammers is a testament to their commitment to ethical hacking. Their efforts to restore integrity to the field are much appreciated.
Of course this is just an example app, but i would have accepted input, and sent it to a server so it can provide a response for the message box. the app can then stay unprotected since the only thing they can do is brute force the password on the server and of course you can allow only a few attempts per IP if you wanted to secure it even more.
Or you can store hash of the password in the app, that way they cant decrypt
@@iliagogoxia5920 Assuming you wanted to make your app not require a server then you can do that, however even having the hash itself makes it so technically you can brute force it unlike on a server where you only have a few attempts to login or enter the correct code.
We can save our earth with u
When you do flutter --dart-define=FIRST_VAR=first_value,SECOND_VAR=second_value. It does store the envs in apk file, right? Then, how are we supposed to keep our secrets safe?
Can you share the setup for the Pixel enviroment?
Amazing how you keep those energies throughout the vid!!
Thanks
I was wondering if you have a video on exploit development:what you need to begin
Or something similar
If anyone know on a good video I’d be happy for a link
Is smali same as MT manager
Cause even unlocking apps on Android
Not a Coder here, but i tried this tool, but i wasn't really sure, what the purpose was. Yes, its decompilation, but what exactly am i supposed to do with that. I decompiled an app, but it showed a lot of errors.
What if i use users password to encrypt cntents which will then be stored in user's device inside app folder
12:00 there is no way you just pronounced `init` as `aynit`, john that's cursed 😳😳😳😂
What is the android emulator hes usong?
Android studio
We want more videos on Android Penetration testing
It kills me that you don’t use the Android Studio shortcuts to fix errors xD. Just a joke, nice video!
we want part 2
It's a Awesome Video.
Bro help me understand. Can i give you one small file? I already hve password, but our goal would be to bypass psswprd and extract adb commands from the file.. you are authorized to do it dont worry
Is it possible to crack a mobile app that is installed on my phone but is no longer in service or discontinued?
A legit hacker I subscribe
Adrian Ruthnik's dedication to exposing vulnerabilities saved our business from potential breaches. Their thorough assessment and strategic recommendations have fortified our defenses.
thank you!! good information
Trust me i m 35 years old and my english comunication sooo weak
I want u join please brother
COOL.😃
This not for beginners 😢😢😢
Hello
Been watching his for over a half an hour. Now I appreciate the video and the time you took to make it, but just an FYI I have absolutely zero idea wth your talking about. You talk way too fast with no description of what your talking about and unless someone watching it already knows what's going on then the only thing that will be gained is a severe headache. I actually just had to shut it off and im gonna try and find a post about hacking that I can just read
eyenit
Guard square 😮
Watching someone writing Java code is a pain in arse. Java is such a trash language
sup
the sky
@@meiilolroof for me
Next please analyze spyloan app that haunting indonesian people
yay
6:06 The most obvious and worst way to detect root and debugger
Wdym by clever way?
Only the developers who don't care about people exploiting their software would do this method.
What would be a better way? Asking as a total noob in the field.
That being said, although this way is obvious, it'll certainly keep the skiddies out, so can you explain what the issue is here?
@@Smoth48 this can be easily bypassed
What I would do is
Use both native and java/kotlin detection for root and debugging and integrity check
With obfuscation ofc
@@Smoth48I'm not sure what method would be better, but this is basically useless as most rooting tools have a "rename this app to avoid detection" toggle.
Sir, can you please create a bootcamp course for beginners? Please suggest how I can get into cybersecurity.
holyshitt you talk alot
BS untile now no one made a real android app haking
this is just veryyyyyy basic shit
no anti frida detection
no anti signature verification
dex encreption ...........MORE.........MORE...............MORE...............
and when you crack thos tecknique they come with more advance one / modified aproch
a real app is not that eazy .
im tired from thos usless content
You're wrong.
I did not watch yet, but there is a course at INE about this
These are all the same shit and they all are useless
And who would put their api key in client side I mean just lol
I'm getting into advanced static debugging and modifying protected .lib and I can tell you this content is pretty useless as you said
@@Mr_Bunnehwhy tho?
I'm distributing paid games and apps on my website
These contents are utterly useless
They won't get you anywhere past the very beginning of the reverse engineering
What do you expect from a glorified script kiddie on TH-cam? You want to learn the nitty gritty? Learn, meet real hackers, not someone who is selling "security" services. Good luck
Unrelated but can somebody help me get my microsoft account back? The hacker changed my password and deleted all the account information. And he also added his own phone number and authentication app
That’s the hacker account now
The best you could do would probably be to email Microsoft and tell them your predicament. Best of luck, and I’m sorry this happened. If you can get the account back, make sure to set up 2 factor authentication!
yes, like alex said, go and tell microsoft that you’re pregnant
Lol@@iamvinny
Can you hack an online application? Add coins? Applications like (waha: for chatting ) ????