Read on Twitter
Covid 19 Tracking app thread. Will be looking into the app, might find stuff, might not.
First up, I& #39;ve noticed that the UAT environment end point is accidentally leaked.
First up, I& #39;ve noticed that the UAT environment end point is accidentally leaked.
This is http://au.gov.health"> http://au.gov.health .covidsafe btw - https://play.google.com/store/apps/details?id=au.gov.health.covidsafe">https://play.google.com/store/app...
Tried to run through mitmproxy but I& #39;m getting "Invalid phone number" which I think means connection failed due to certificate pinning...
hmmmm
This might be due to me dicking around. not sure.
I hope they haven& #39;t done that stupid census thing where the disable DNS requests from outside of Australia like twats.
Ok, well I& #39;m going to assume that something is broken on the backend and look at the code instead of poking around in the app. I kind of wanted to get a feel of the user flows.
so these are the interesting endpoints
Looking at the gettempid, it looks like that& #39;s authenticated. The decompiler didn& #39;t like UpdateBroadcastMessageAndPerformScanWithExponentialBackOff so it& #39;s hard to work out what& #39;s going on there. If the IDs transmitted are directly based off the gettempid we could have problems.
Going to check out the upload user flow the best I can without the app and see what happens in there.
Ok, it& #39;s pretty hard reading through the instruction dump. I could probably mock out the backend to get it running but I might wait until the backend is back up so I can just try it for myself.
