Modifying Resource Files Leads to Privilege Escalation
Fire up JADX and open up the
base.apk
fileNow you can see the source code and the apk data like the resources files
After searching for keywords like "admin" in the LoginActivity if ound this
this guy using a boolean value from resources to hide some functionalities
Go to
res/values/stings.xml
and notice "is_admin" is equal to noNow Using code editors like sublime change it to yes and save the project
Now Change the name of directory to
Use APKTOOL to build our updated version and use sign tool to sign the application
And that's it you just remove the old version from phone and install your updated version instead
the signed apk will be
insecurebankv2.s.apk
Notice Now there is a functionality for registration added
Last updated