I was recently invited to present at BountyCon 2020. This was supposed to early March in Singapore where flights and accomodations were all provided for. I even bought flights for my wife and son so we could take it as an opportunity for a holiday while we were there.

Introduction This write-up is about hacking the Razer Pay Android app - an E-Wallet app used in Singapore and Malaysia. It was an interesting journey worth blogging due to the use of some interesting techniques including Frida, a tool that I only thought was meant for bypassing SSL-pinning or root detection.

I quite enjoy external Pentest, especially when the scope is large. There has been some really interesting stuff I have found in the past but in this post I wanted to share a little event that I came across…

“If you are doing a task more than twice? Then, automate it!” I hear that phrase all the time, but don’t often spend time doing it. Well today’s a good opportunity…

Background An Activity is one of the Android’s component in an app. It is the screen that the user sees on a mobile app. (For example, the setting’s “screen”, home “screen, etc). A simple app could have one while more complicated ones could have dozens.