WEBVTT 00:00.790 --> 00:06.730 Now, Android provides the clipboard framework for copying and pasting different types of data. 00:07.750 --> 00:14.710 So it's possible to view the contents of this clipboard by instantiating an object of clipboard manager 00:15.070 --> 00:17.740 by calling the get system service method. 00:19.100 --> 00:20.410 So let's see how we can do it. 00:22.200 --> 00:27.660 To demonstrate his vulnerability, we can open the transfer activity and copy the account number to 00:27.660 --> 00:28.320 the clipboard. 00:29.830 --> 00:32.800 Right, a random number and copy it. 00:35.340 --> 00:38.370 Next, we'll need the account number of the application. 00:39.320 --> 00:42.320 So I can use the command and grep for this. 00:46.130 --> 00:51.890 OK, so it looks like it's you zero, a one, two, four. 00:53.330 --> 01:02.120 So now let's run it, shall see you use zero, underscore a one to four service called Clipboard to 01:02.240 --> 01:05.390 ask one six and the package name. 01:08.190 --> 01:13.620 The service, called Clipboard Command, instantiates an object of the clipboard manager by calling 01:13.620 --> 01:15.330 the get system service method. 01:16.140 --> 01:17.430 So the service codes. 01:19.050 --> 01:21.780 Are one, two and three. 01:23.130 --> 01:30.300 Forget clipboard, text, set, clipboard, text, and has clipboard text, respectively. 01:32.060 --> 01:39.560 The F-16 argument writes the UTF 16 string astar into the send parcel. 01:42.110 --> 01:47.990 All right, so after entering this command, the cockpit data should be here, but it has limited access 01:47.990 --> 01:51.980 to clipboard data on Android Android, 10:00 or later. 01:53.620 --> 02:00.340 So why don't we have a look at the official walkthrough for insecure bank and see what this vulnerability 02:00.340 --> 02:01.090 looks like? 02:02.320 --> 02:04.150 Let's go to the GitHub page of the app. 02:06.480 --> 02:09.000 So go ahead and open the walkthrough folder. 02:09.910 --> 02:12.460 And click on the pasteboard vulnerability. 02:13.980 --> 02:17.820 Download the document and open it up with Microsoft Word. 02:20.230 --> 02:21.160 Scroll down a bit. 02:24.990 --> 02:30.840 And as you can see in older versions of Android, after running this command, you can get the clipboard 02:30.840 --> 02:31.500 texts.