A quick primer on Frida and Android Instrumentation Aug 13, 2021 Hi everyone! Here is a pretty quick blog post on some Frida/Objection things I've been tinkering with. I had this Android application which had premium features and wanted to understand how that mechanism worked and if it was robust enough. Let's see what was the journey on how I've bypassed it using Frida. After disassembling the application with Jadx, I was able to perform a simple grep -r -i 'premium' . ...
"DevOps" ramblings and observations Feb 17, 2021 “DevOps” movement started “publicly” (first time we heard this term) circa 2007. Based on that, we (you?) might think that in 2021 that thing is utterly oudated but I totally disagree and I thought I would share some thoughts about DevOps in 2021, and what it means in real life. I am quite uncomfortable using the word “DevOps”. I'm serious. I guess it's because we're putting so many things behind it and I feel we might have lost track of the real sense behind that term - “DevOps”. ...
Android Instrumentation with Smali: A survival guide May 22, 2020 Hi everyone! This article aims at providing you survival steps while tinkering around with Smali & Android applications. The name of the original application I did my search on will remain secret but I created a dummy application doing the same so that you can do it on your own. The link of the MainActivity.java and MainActivity.smali is here Create a dummy application with Android Studio and just import this. PLACEHOLDER_* strings will have to be replaced with proper ones if you want to try. ...
Tackling 'Cleartext Not Permitted' error in Ionic v5 May 8, 2020 While developing/maintaining the WHID Mobile Injector app, it turns out that I received messages and issues on Github telling me that users were: Able to access the ESPloit interface through the browser but not through the app and the toggle in the side-menu was staying RED (meaning it is unable to connect to the ESPloit interface). Weird. After some investigations, I was able to reproduce the issue on some phones at home, and while looking at logcat, I saw some strange lines like this: ...
FastAPI + Zeit.co = 🚀 Mar 30, 2020 Hey everyone, I will talk about some experiments I did with FastAPI and deploying on Zeit.co. Context: For one side-project, I needed a simple way to retrieve the information from a specific Android application (eg. io.shodan.app) on the Google Store and a download link from APKPure (if any). I thought that this would have been a great playground to get my hands on FastAPI, a very promising framework that I never had time to play with. ...
Working with Events on Ionic 5 Mar 18, 2020 Hi everyone, Here is a small blog post where I needed to work on an Ionic v5 project where (Angular) events were/are not working anymore. Context: Basically, I was working on the side-menu ‘starter’ where I wanted the side-menu to automatically update with the user's username after logging in. Beforehand, in order to use the Events, it was as simple as: import { Events } from '@ionic/angular'; And finally work on your logic, but this got removed in Ionic 5. ...
Kafka Experiments Feb 5, 2020 Hey everyone, Here is a small blog post regarding Kafka experiments and “foundations” I've started working on. I will also take the opportunity to thank Maxence S. (https://twitter.com/maxenceschmitt) for his precious help on this topic. Instanciating the Jungle! ZooKeeper and Kafka First off, I instanciated a Kafka (and ZooKeeper) instance version: '2' services: zookeeper: image: wurstmeister/zookeeper:3.4.6 expose: - "2181" kafka: image: wurstmeister/kafka:2.11-2.0.0 depends_on: - zookeeper ports: - "9092:9092" environment: KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://localhost:9092 KAFKA_LISTENERS: PLAINTEXT://0. ...
Deploy a Django application through Github Actions Jan 23, 2020 Hi everyone, Here is a small article on how I successfully deployed my Django application through Github actions. Basically, what I needed was pretty simple, as soon as I push a new commit (on master), I want to: connect through SSH on my remote server restart my cfptime service (which will do all the magic) My cfptime.org project is something like ~3 years old and at the beginning, I was deploying by hand and I created a bash script in order to ease this part and this is what it looked like: ...
Throttling policies on specific Django Viewset Jan 14, 2020 Hi everyone! Here is a small article on some experiments I came across with the development of the new cfptime.org version. Goal: I needed to limit (anonymous) visitors on specific API endpoints (especially when creating/posting new Call For Papers to avoid flooding). It turns out someone had similar thoughts and his blog post was pretty interested and helped me a lot. You can find the blog post here: https://www.pedaldrivenprogramming.com/2017/05/throttling-django-rest-framwork-viewsets/. As the author states: ...
Angular 8 Deployment within Github Actions Pipeline Jan 2, 2020 Hello everyone, Here is a small article in order to explain you how I've deployed my Angular front-end to a server with Github actions. Context: You might know that I am the developer behind cfptime.org and I've had the chance during the holidays to start re-developing the front-end using Angular. If you want to check what it looks like: https://beta.cfptime.org. I've longer been a CircleCI user but it seems that the free plan is not enough in order to build my Angular project (and trust me, it's nothing ground-breaking, just couple of API calls and that's it). ...