Update description of idea involving Paytm Spoof #10
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I decompiled the spoofPaytm APK and updated the screen layouts and added a QR code scanner that pulled the number from Paytm's API. I tried to use this around my college, most merchants in our area wait for the payment SMS to arrive before final transaction. That was Jan 18. Last month I checked QR code API has been shut down. A friend of mine suggested to make a modified client, but it does not seem to work as such as a second refresh potentially removes the false transaction. Any more delay to server sync shows 'No Internet Error'. Since I'm feel bad, if someone defrauds unsuspecting merchants or is himself caught in a jeopardy, I'm against uploading such apps to websites where it could be generally accessed. Though if you would like I could provide a POC video.
|
Thanks! Very stupid of me to miss checking Play Store 🤦♂️ I've changed the wording slightly, hope that's fine. Instead of the PoC Video, I'd be very interested in a writeup on the QR Code, and the corresponding API that it uses. |
|
Thank you! The rewording was essential as it was in first person form. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I decompiled the spoofPaytm APK and updated the screen layouts and added a QR code scanner that pulled the number from Paytm's API. I tried to use this around my college, most merchants in our area wait for the payment SMS to arrive before final transaction. That was Jan 18.
Last month I checked QR code API has been shut down. A friend of mine suggested to make a modified client, but it does not seem to work as such as a second refresh potentially removes the false transaction. Any more delay to server sync shows 'No Internet Error'.
Since I'm feel bad, if someone defrauds unsuspecting merchants or is himself caught in a jeopardy, I'm against uploading such apps to websites where it could be generally accessed. Though if you would like I could provide a POC video.