1. Hi @UIDAI and @KhoslaLabs
! Let me show you how to bypass the protection mechanism you set up and run the #Aadhaar #Android app on a rooted phone.
-
-
6. You just have to: - unpack the
#Aadhaar#Android app with#apktool - change v1 to v0 in one line - repack the app with apktool - resign the app You can run the app on a rooted phone!pic.twitter.com/Hay77rX3EA
Show this thread -
7. A basic protection against this unpack/repack is to check if the apk certificate had been modified. If this mechanism detect that your app had been modified, it will not start the app. They have a getApkCertificateDigestSha256 method in their app but it's not used...
pic.twitter.com/bTecaOtm2z
Show this thread - End of conversation
New conversation -
-
-
Yeah but that requires changing the code. And if you can change the boolean you might as well just change the function?
-
His point was that the devs are using just an emulator more rather than a real device to test.
-
That's bad?
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.