"Super secure" MAGA-themed messaging app leaks everyone’s ph... #1674
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collaborator
Author
🔗 Additional ContextOriginal Blog Post: https://ericdaigle.ca/posts/super-secure-maga-messaging-app-leaks-everyones-phone-number/ Content Categories: Based on the analysis, this content was categorized under "1) "Mobile Pentesting -> Android Applications Pentesting -> Frida Tutorial" for the FLAG_SECURE bypass trick; 2) "Pentesting Web -> Web Vulnerabilities Methodology" (or a new subsection like "Contact Discovery & Membership Enumeration" / "API Logical Data Leaks") for the membership/participants endpoint abuse, phone-number enumeration, identifier correlation, and large-scale enumeration techniques.". Repository Maintenance:
Review Notes:
Bot Version: HackTricks News Bot v1.0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🤖 Automated Content Update
This PR was automatically generated by the HackTricks News Bot based on a technical blog post.
📝 Source Information
🎯 Content Summary
The post analyzes severe design and privacy flaws in the rebranded Converso app, now called Freedom Chat, a MAGA-themed messaging app that heavily markets end-to-end encryption and security. The author focuses on how the backend APIs and client logic leak highly sensitive metadata (phone numbers and account PINs), not on breaking Seald’s cryptography.
Setup and tools
The author:
🔧 Technical Details
1. Disabling Android screenshot protection with Frida
The app sets Android’s
FLAG_SECUREto prevent screenshots and recordings, but this protection is purely client-side. By hooking the app process with Frida and applying the known FLAG_SECURE bypass (as described in Securify’s blog), an attacker can intercept or override window flag calls at runtime to clearFLAG_SECURE, making it possible to capture full UI screenshots while analyzing traffic or documenting vulnerabilities.2. Extracting secrets from channel membership APIs
Many chat apps expose a channel or group membership API that returns a list of members and associated metadata. In Freedom Chat, each
members[i].userobject includes sensitive fields such aspin(a 6‑digit login PIN),sealdKey, and timestamps. The general trick is: whenever you see amembersorparticipants🤖 Agent ActionsSummary:WindowManager.LayoutParams.FLAG_SECURE, including a reusable Frida hook (wrapped in an expandable block), operational guidance, and references to the Freedom Chat case study plus Securify’s original research.Tests: Not run (not applicable for documentation updates).
This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.
📚 Repository Maintenance
All .md files have been checked for proper formatting (headers, includes, etc.).