There are potential possibilities that developers leave behind backdoors within apps. In our case, this happens while we do a deep analysis of the class dump.
The following code snippet displays ApplicationPatchingDetailsVC
, an interesting interface that includes a username and password:
@interface ApplicationPatchingDetailsVC : UIViewController <UITextFieldDelegate> { UITextField* _usernameTextField; UITextField* _passwordTextField; }
Let's now load the app into Hopper, and in the labels, let's type ApplicationPatchingDetailsVC
, as shown in the following screenshot:
In the right pane, if you click on the Pseudo code, we should be able to see the username and the password in plain text.
In this case, let's now try and log in to the app using the username Admin
and the password This!sA5ecret
, as shown in the following figure:
This proves that we are able to log in with the hardcoded username and password without any issues; you should receive a successful...