1
00:00:00,270 --> 00:00:02,250
‫Instructor: Hi. Within this lecture,

2
00:00:02,250 --> 00:00:05,427
‫we are going to see how we can get the collection name

3
00:00:05,427 --> 00:00:10,140
‫for our firestore database with the apktool.

4
00:00:10,140 --> 00:00:12,810
‫So I have demonstrated how you can hack

5
00:00:12,810 --> 00:00:16,320
‫into the application, hack into the database

6
00:00:16,320 --> 00:00:19,560
‫using the project ID that we have found.

7
00:00:19,560 --> 00:00:24,560
‫But in fact, you need to find the collection name as well,

8
00:00:24,750 --> 00:00:26,850
‫in order to do that.

9
00:00:26,850 --> 00:00:30,870
‫So if you go to small, if you go to Dalvic bytecodes

10
00:00:30,870 --> 00:00:34,290
‫over here, as you can see the ProGuard is in use

11
00:00:34,290 --> 00:00:36,840
‫so it's a little bit obfuscated over here.

12
00:00:36,840 --> 00:00:39,900
‫But it won't do much in the the Dalvik bytecodes

13
00:00:39,900 --> 00:00:44,550
‫so I'm gonna go directly for the COM and my name

14
00:00:44,550 --> 00:00:47,100
‫and then the app itself.

15
00:00:47,100 --> 00:00:51,120
‫So make sure you find COM, your name, the app name

16
00:00:51,120 --> 00:00:54,390
‫and then the files, like this.

17
00:00:54,390 --> 00:00:58,800
‫So over here we see the feed signup, tweet activities,

18
00:00:58,800 --> 00:01:02,820
‫and if you can see the names then of course,

19
00:01:02,820 --> 00:01:06,060
‫you can't browse all of them but most probably,

20
00:01:06,060 --> 00:01:10,590
‫the tweet activity will be the one

21
00:01:10,590 --> 00:01:14,040
‫that actually sends the tweets to the firestore.

22
00:01:14,040 --> 00:01:18,946
‫If you cannot find it in your first trial, then it's good.

23
00:01:18,946 --> 00:01:21,750
‫Maybe you can just wander around a little bit,

24
00:01:21,750 --> 00:01:26,520
‫just see everything that you have in your case.

25
00:01:26,520 --> 00:01:28,740
‫But I'm gonna go for a tweet activity

26
00:01:28,740 --> 00:01:32,100
‫just to make things not complicated.

27
00:01:32,100 --> 00:01:35,040
‫So open the tweet activity small file

28
00:01:35,040 --> 00:01:37,950
‫and you will get to see the Dalvik bytecode.

29
00:01:37,950 --> 00:01:42,240
‫So we have looked over Dalvik bytecodes before

30
00:01:42,240 --> 00:01:46,140
‫and as you can see, we have the same kind of annotation,

31
00:01:46,140 --> 00:01:49,050
‫same kind of syntax over here as well.

32
00:01:49,050 --> 00:01:50,850
‫There's nothing fancy.

33
00:01:50,850 --> 00:01:54,750
‫So we have the own create methods and let's see

34
00:01:54,750 --> 00:01:57,690
‫if we have something different over here,

35
00:01:57,690 --> 00:02:01,290
‫like a string or a value or some kind of passwords

36
00:02:01,290 --> 00:02:05,670
‫or some leads, some hints, some clue that can lead us

37
00:02:05,670 --> 00:02:07,620
‫to the collection name.

38
00:02:07,620 --> 00:02:09,600
‫Okay. And over here,

39
00:02:09,600 --> 00:02:13,170
‫we see the firebase authentication objects

40
00:02:13,170 --> 00:02:16,770
‫and over here, we see the tweet button clicked.

41
00:02:16,770 --> 00:02:20,400
‫So this is exactly the method that we are looking for.

42
00:02:20,400 --> 00:02:24,810
‫In real life, you will see this kind of clear method names

43
00:02:24,810 --> 00:02:29,810
‫as well because most of the times, developer will choose

44
00:02:30,270 --> 00:02:34,830
‫great names for their buttons or stuff, some of their views

45
00:02:34,830 --> 00:02:38,640
‫in order to be clear, in order to be exact.

46
00:02:38,640 --> 00:02:42,900
‫Okay, so we see the firebase authentication

47
00:02:42,900 --> 00:02:47,280
‫and it clearly has something to do with the user.

48
00:02:47,280 --> 00:02:49,560
‫And over here, we see the tweet button clicked

49
00:02:49,560 --> 00:02:52,530
‫and it's called by a view, so we know that this is

50
00:02:52,530 --> 00:02:55,380
‫what happens when a user clicks on the tweet button.

51
00:02:55,380 --> 00:02:59,010
‫So this is exactly what we are looking for, it calls

52
00:02:59,010 --> 00:03:02,130
‫for some of the firebase functions.

53
00:03:02,130 --> 00:03:06,840
‫Okay. And if you come over here, scroll down a little bit,

54
00:03:06,840 --> 00:03:11,840
‫you can see it takes the user email, it takes the tweet,

55
00:03:11,910 --> 00:03:14,400
‫like it takes something name to it,

56
00:03:14,400 --> 00:03:16,500
‫it takes something name user email,

57
00:03:16,500 --> 00:03:18,450
‫it takes something like date.

58
00:03:18,450 --> 00:03:23,040
‫And you may understand that it's trying to upload all

59
00:03:23,040 --> 00:03:26,430
‫of these values to the firestore.

60
00:03:26,430 --> 00:03:31,430
‫And again, maybe it won't do much, but it's a great hint.

61
00:03:31,740 --> 00:03:35,520
‫You can note it down, and we see something like this.

62
00:03:35,520 --> 00:03:38,370
‫So this is a constant string and it starts

63
00:03:38,370 --> 00:03:39,630
‫with a capital letter.

64
00:03:39,630 --> 00:03:42,090
‫So that's the general convention

65
00:03:42,090 --> 00:03:45,450
‫for the collection names or class names.

66
00:03:45,450 --> 00:03:47,670
‫So it's worth a shot, right?

67
00:03:47,670 --> 00:03:51,840
‫So if you think that yeah, there may be some other strings

68
00:03:51,840 --> 00:03:55,110
‫over here as well, some other values that we may take

69
00:03:55,110 --> 00:03:57,090
‫into consideration.

70
00:03:57,090 --> 00:03:59,640
‫Yep, you are right. You should note it down

71
00:03:59,640 --> 00:04:01,710
‫and you should try all of them.

72
00:04:01,710 --> 00:04:05,010
‫It's not that very easy to do reverse engineering

73
00:04:05,010 --> 00:04:06,720
‫as I explained before.

74
00:04:06,720 --> 00:04:10,560
‫But in this case, if I was looking at this

75
00:04:10,560 --> 00:04:14,190
‫for the first time, I would've suspect this tweets

76
00:04:14,190 --> 00:04:18,510
‫very much to be a collection name and go for that.

77
00:04:18,510 --> 00:04:22,710
‫Okay? Because it has the capital T over here,

78
00:04:22,710 --> 00:04:27,710
‫it's clearly going to do something after getting all

79
00:04:27,750 --> 00:04:30,360
‫of this information that is needed to upload

80
00:04:30,360 --> 00:04:34,534
‫into the firestore, it's for the shot, as I said before.

81
00:04:34,534 --> 00:04:39,240
‫So this is very important because this is what we need

82
00:04:39,240 --> 00:04:42,810
‫in order to just call the command

83
00:04:42,810 --> 00:04:46,020
‫that I have shown you before in order to get the data

84
00:04:46,020 --> 00:04:47,550
‫from the firestore.

85
00:04:47,550 --> 00:04:51,240
‫We may take the project ID from the Android manifest.

86
00:04:51,240 --> 00:04:56,010
‫We may take the firebase URL from the Android manifest

87
00:04:56,010 --> 00:05:00,690
‫as well, but we need to find this collection name as well

88
00:05:00,690 --> 00:05:05,690
‫from the activities or it can be stored in the values XML

89
00:05:08,040 --> 00:05:12,048
‫as we have found the URL and the other things,

90
00:05:12,048 --> 00:05:15,900
‫we may have found this one as well

91
00:05:15,900 --> 00:05:18,720
‫but in this case it's stored over here.

92
00:05:18,720 --> 00:05:22,860
‫So you can find all of this information with apktool.

93
00:05:22,860 --> 00:05:25,380
‫But again, I'm going to show you an alternative way

94
00:05:25,380 --> 00:05:27,570
‫to find all of this information.

95
00:05:27,570 --> 00:05:29,550
‫This is more guaranteed, by the way.

96
00:05:29,550 --> 00:05:32,730
‫This is a better way to find all of this information.

97
00:05:32,730 --> 00:05:35,220
‫But in case you fail, in case you don't have

98
00:05:35,220 --> 00:05:37,350
‫any other choice, then you are gonna go

99
00:05:37,350 --> 00:05:40,140
‫for network sniffing as well, as we are going to do

100
00:05:40,140 --> 00:05:42,243
‫within the next lecture.