Hey guys,
I have tried bypassing this application for a week now. I was too proud to ask for help, but seeing that I am not going to be able to bypass this, I am asking for help on this great forum.
The reason I did not ask for help is mainly because I wanted to learn how to do it myself, but I am stuck and I have tried following a million different tutorials and books and I have not managed to bypass anything.
Here is my problem:
I have an application which requires a login before I can use the application. The login requires a phone number (username) and a 4 digit password (numbers only).
The thing here is that the first time you login it requires authentication using the internet. After you have authenticated your username and password, it will give you a "ValidUntil" parameter. This will be saved locally. After the frist login, it does not require internet connection. In fact it doesn't even require right password.
Let's say my username is: 12345678 and my password is 1234
The first time I login, it will check if this username and password is correct. Once that is done, it will save some information on the phone locally and after that is done, I can turn of internet access and login to the account easily.
And as mentioned it will save how long you have access to the application somewhere locally and if I turn of the internet and set back the time, I will still have access to the app even if the time has run out. In fact even if my password is 1234, I can enter any 4 digit password and I will still be able to login (even if it's not correct).
I have tried using IDA (but I don't know assembly), I tried Flex (but unsuccessfully), I tried Cycript and also Charles (to fake the authentication). I have not managed to bypass the login. I have probably tested a bunch of other stuff I can't remember right now.
The problem is that I deleted the app and I lost the data which allows me to have access to the application even if my time has run out. So now I have zero access to the application.
And there is also one other thing I need to say, the application has everything of it's content offline, so the first authentication is not download any content files.
Please check this Dropbox folder for decrypted IPA file, decrypted executable, dump of all classes and the View Controller information when you launch the app and you are on the login page:
https://www.dropbox.com/sh/n87lwbximip5hec/AABrWbWjimU7PifxHDacW1iZa?dl=0
If you have any questions, please ask Thanks in advance.
I am looking to learn and not just bypass this application. Thank you.