Leaderboard

How to become a Hack... .... greetz

A hacker is someone who is inquisitive about how something works and likes to pull things apart to understand and innovate. How a hacker uses that information is what results in negative (or positive) connotations.

slugsnacks reversing series by c0lo: Link: https://kienmanowar.wordpress.com/slugsnacks-reversing-series-by-c0lo/slugsnacks-reversing-series-5/

You have to reverse engineer how and from what the file checksum is calculated, and then fix the checksum in your exploit-file, yes. If you are lucky and need just the one checksum, you can try to find where it compares the invalid checksum with the one it expects, and just replace the checksum in your file with that.

will just take the key for now i might work on an unpacker tomorrow if i have some time but to get the key simply just put a breakpoint on string compare methods

thought I would post this since it's extremely useful for working on some embedded targets. the basic principle is you use a cheap logic analyzer to intercept read requests to the chip ( usually from the microprocessor of your target ) since some designs they store special information in small chips on PCB, like serial number, password, settings, etc. after the CPU reads all the addresses its interested in over the SPI or I2C bus your logic analyzer sees the waveforms and captures the data. then this utility will convert the logic analyzer file to a binary dump of the chip by reconstructing the flash memory contents so you can see what's inside and load into IDA. very useful source code and intro https://github.com/alainiamburg/sniffROM/wiki/Getting-Started https://github.com/alainiamburg/sniffROM

The Carnal0wnage blog has put up a nice summary of Android hackme/crackme challenges for those interested. http://carnal0wnage.attackresearch.com/2013/08/want-to-break-some-android-apps.html Have fun! -------------------------------------------- Android App testing requires some diverse skills depending on what you're trying to accomplish. Some app testing is like forensics, there's a ton of server side stuff with web services, and there's also times when you need to show failings in programmatic protections or features which requires reversing, debugging, or patching skills.To develop these skills you need some practice targets. Here's a list of all known Android security challenges, both app level vulns and crackme-type (RE/patching):In some cases the write-up and challenge starter info is included, in other cases you might have to Google around as some of these CTF's are old.** Should you need some help with configuring an Android pentest / Crackme environment, cktricky and CG have already written some pieces on that: http://carnal0wnage.attackresearch.com/search?q=android **Android App testing requires some diverse skills depending on what you're trying to accomplish. Some app testing is like forensics, there's a ton of server side stuff with web services, and there's also times when you need to show failings in programmatic protections or features which requires reversing, debugging, or patching skills.To develop these skills you need some practice targets. Here's a list of all known Android security challenges, both app level vulns and crackme-type (RE/patching):In some cases the write-up and challenge starter info is included, in other cases you might have to Google around as some of these CTF's are old.** Should you need some help with configuring an Android pentest / Crackme environment, cktricky and CG have already written some pieces on that: http://carnal0wnage.attackresearch.com/search?q=android **Hacme Bank Android - Foundstone http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspxExploitMe Android - Security Compass http://securitycompass.github.io/AndroidLabs/InSecure Bank - Paladion http://www.paladion.net/downloadapp.htmlGoatDroid - OWASP and Nvisium Security https://github.com/jackMannino/OWASP-GoatDroid-ProjectIG Learner - Intrepidus Group https://play.google.com/store/apps/details?id=com.intrepidusgroup.learnerMoshZuk.apk Description - http://imthezuk.blogspot.com/2011/07/creating-vulnerable-android-application.html File - https://dl.dropboxusercontent.com/u/37776965/Work/MoshZuk.apkCrackme.de’s and deurus's Android Crackmes 1-4 ++ http://crackmes.de/users/deurus/android_crackme01/ http://crackmes.de/users/deurus/android_crackme02/ http://crackmes.de/users/deurus/android_crackme03/ http://crackmes.de/users/deurus/android_crackme04/ http://crackmes.de/users/pnluck/android_signme/Hackplayers.com Crackmes (in Spanish so an extra challenge) http://www.hackplayers.com/2010/12/reto-android-crackme1.html http://www.hackplayers.com/2011/12/reto-14-android-crackme2.htmlNuit du Hack's 2k12 & 2k11 (pre-quals and finals) Android Crackme’s http://blog.w3challs.com/index.php?post/2012/07/02/NDH2k12-wargame-CrackMe-Android http://blog.spiderboy.fr/tag/crackme/Hack.Lu's CTF 2011 Reverse Engineering 300 http://shell-storm.org/repo/CTF/Hacklu-2011/Reversing/Space%20Station%200xB321054A%20(300)/Androidcracking.blogspot.com's Crackme’s http://androidcracking.blogspot.com/2012/01/way-of-android-cracker-0-rewrite.html http://androidcracking.blogspot.com/2010/10/way-of-android-cracker-1.htmlBlueBox Android Challenge http://bluebox.com/labs/android-security-challenge/InsomniDroid Description - http://www.strazzere.com/blog/2012/03/488/ Partial Walkthrough - http://www.fortiguard.com/files/insomnichallenge.pdf (File) http://www.strazzere.com/crackmes/insomnidroid.apkCSAW2011 CTF Android Challenges Android 1 file - http://shell-storm.org/repo/CTF/CSAW-2011/Forensics/Android1%20-%20200%20Points/CSAW2011CTF.apk Android 2 file - http://shell-storm.org/repo/CTF/CSAW-2011/Forensics/Android2%20-%20400%20Points/CSAW2011CTF.apkDefcon 19 Quals b300 dex challenge http://shell-storm.org/repo/CTF/Defcon-19-quals/Binary_L33tness/b300/b300_b258110ad2d6100c4b8GreHack 2012 Reverse Engineering 100 http://repo.shell-storm.org/CTF/GreHack-2012/reverse_engineering/100-GrehAndroidMe.apk/Nullcon HackIM 2012 RE 300 http://www.nullcon.net/challenge/data/Null%20Mobile.apkC0C0N 2011 RE level 100 http://www.nullcon.net/challenge/c0c0n/data/cocon_apk.zipAtast CTF 2012 Bin 300 http://andromedactf.wordpress.com/2013/01/02/atast-ctf-2012-bin300chall5/SecuInside 2011 CTF Level 7 (level 3 is also android but i am unable to find the bin) Witeup - http://codeengn.com/archive/Reverse%20Engineering/Solution%20-%20CTF/2011%20SECUINSIDE%20CTF%20Write-up%20%5BCMU%5D.pdf File - http://big-daddy.fr/repository/CTF2011/SecuInside-CTF/Q7/WonderfulWidget.apk