Modifying Resource Files Leads to Privilege Escalation

  • Fire up JADX and open up the base.apk file

  • Now you can see the source code and the apk data like the resources files

  • After searching for keywords like "admin" in the LoginActivity if ound this

  • this guy using a boolean value from resources to hide some functionalities

  • Go to res/values/stings.xml and notice "is_admin" is equal to no

  • Now Using code editors like sublime change it to yes and save the project

  • Now Change the name of directory to

  • Use APKTOOL to build our updated version and use sign tool to sign the application

  • And that's it you just remove the old version from phone and install your updated version instead

  • the signed apk will be insecurebankv2.s.apk

  • Notice Now there is a functionality for registration added

PreviousDrozer Cheat SheetNextLogin Backdoor

Last updated