This is just a short post about toying with the Badoo app for iOS, but also touches on something ever-so-slightly useful about testing the app-upgrade mechanisms of mobile apps. “Urghh more dating app hacking” I hear you say. I know, I know, this is getting old. At some point i’ll get a real hobby, I promise.
As of version 5 of Badoo, which has been out for a while now, two things happened. Firstly, they added a forceful crash upon jailbreak detection that I couldn’t be bothered to circumvent… because, secondly, they remade the UI from scratch and I don’t like unnecessary changes in my life. Na Uh.
Jailbreak detection routines for older Badoo versions have been a bit laughable. You have had:
– (bool) jailbroken in class GADDevice,
+(bool) deviceIsJailbroken in class FlurryUtil and finally…
+(bool) appIsCracked also in class FlurryUtil.
These are such common methods/classes that xCon will automatically patch them out and you might never have even known they existed. But they did.
So, I already HAD a solid app which I liked and worked… why can’t I just keep using it? Using App-Admin from Cydia or AppCake, lets downgrade to the latest release of the 4.x branch. App-Admin thinks this is 4.57.4 and AppCake thinks this is 4.9.
4.9 seems suspiciously high. I’m always weary of AppCake, I wouldn’t be surprised if this is a maliciously-modified binary… but oh well, lets install it anyway! (Mr Optimistic).
Well we are back to the glory-days of the orange Badoo icon, but this happens when you open < v5.0 of the app today:
Oh no! A version check and a view which tells us to go away and upgrade. Daniel is sad 😪
Ok well… I very much doubt the devs at Badoo are doing per-app-version API keys and burning those keys used for older, now unsupported, app versions. And I doubt the app’s API calls or endpoints have changed since the V4 days either. Sooooooo… we just need to force the V4 app to work again, right?
OK guys. This is going to be some very technical, next-level shit that this is about to go down in Cycript. I’m not sure your eyes can withstand the eliteness of what they are about to see…
root# cycript -p $(ps -A | grep "Application" | grep "Badoo" | cut -d' ' -f2)
cy# [UIApp.keyWindow setHidden:YES]
*wipes sweat away from face with forearm and presses enter*
The upgrade view has been hidden and we’re at the default “Sign in with Facebook” login – Looks good so far.
Let’s see if it works…
Victory! ( Ginger Morticia aside).
Yup. That’s really it. Underneath the top-level “please upgrade” view (think webpage z-indexes) the app is just chilling there, perfectly functional.
I suppose for a dating app the ramifications here are pretty “meh”, but I have seen the same “throw an upgrade page over it” technique used to prevent use of an outdated (and vulnerable) MDM application on iOS… which is totally uncool. When you are testing iOS apps, try and download a few older versions, time permitting, and see exactly what prevents them from functioning. If you can get these working you might have an easier time trying to introspect these, VS more modern versions with all the security bells and whistles (such as cert pinning, jailbreak detection).