Abusing Google Play Billing for Fun and Unlimited Credits! - G. Lopes - Hack in Paris
Hack in Paris via YouTube
Overview
This course teaches how to abuse the Google Play Billing API to bypass the payment process and gain unlimited credits in Android games. The learning outcomes include understanding the vulnerabilities in the Google Play Billing API, analyzing known vulnerabilities, and identifying techniques to bypass the payment process in vulnerable applications. The course covers topics such as the workflow of Google Play Billing, known vulnerabilities, demonstration of bypassing payment processes in applications like Doodle Jump and Fruit Ninja, and comparison with other billing libraries. The intended audience for this course includes cybersecurity enthusiasts, Android developers, and individuals interested in mobile application security. The teaching method involves a presentation divided into sections focusing on theoretical concepts, practical demonstrations, and real-world examples of vulnerable applications.
Syllabus
Introduction
Overview
Benefits for developers
How it works
Example
ProjectState
Verification
Secure Implementation
Google Documentation
Known Vulnerability
Modify Intent
Verify Process
ClientSide Fix
Steps
Do the Jump
Demo
Snoopy Pop
Proof
Java Native Interface
Shell Library
Conclusion
Google Billing Library
Taught by
Hack in Paris