Mobile Application Security Labs 
Flipcoin Wallet

The challenge is centered around a fictitious crypto currency flipcoin and its wallet Flipcoin Wallet. The Flipcoin wallet is an offline wallet giving users full ownership of their digital assets. The challenge highlights the potential entry points that can lead to further serious vulnerabilities including SQL injection.

Outline:
You will be exploring an iOS application and exploiting an SQL injection in a locally stored SQLite database utilizing deep links.

Objectives:
Your objective is to find your way to the locally stored SQL database and craft an exploit that can access the locally stored recovery keys and send the data to you as attacker via one link.

Skills Required:

  • iOS Deep links: Ability to use iOS deep links to navigate through the application and trigger specific actions or access certain content. Deep understanding of URL schemes and intent filters in iOS for deep linking.
  • SQL Injection Understanding: Familiarity with the concept and implications of SQL injection in web and application security.
  • Basic knowledge of iOS reverse engineering with otool (or similar tools) is helpful but not necessary.

Course Lessons