Electron-Based App Security Testing Fundamentals Part 3 (2nd Section) — Extracting and Analyzing .asar Files – Company Blog

Information Disclosure of Hardcoded Keys (in SQLite) and Encryption Algorithm (in AesFormula.js File) Resulting in Compromised the Real Credentials.

In the name of Allah, the Most Gracious, the Most Merciful.


This marks the third part (2nd section) of a series of articles exploring the fundamentals of security testing for Electron-based applications.

In this part, we will explore a unique case study we encountered regarding the extraction result of the .asar file.

If you are just beginning to read this article, in the previous section, we explained the importance of extracting and analyzing .asar files to gather useful information.

Note: This article has been published on the company blog where I am employed. Please visit the post for more details:

https://medium.com/haktrak-cybersecurity-squad/electron-based-app-security-testing-fundamentals-part-3-2nd-section-extract-analyze-asar-9d3e9241bb92

Decryption Process
Share

You may also like...