windoz Posted April 29, 2017 Posted April 29, 2017 Difficulty : ??? ( to be seed ) Language : Java , C++ (shared lib) Platform : Android OS Version : 4.1 or higher Packer / Protector : none VirusTotal : https://www.virustotal.com/it/file/5b8209bda95aae17a54f4c76eca3ae031d06b2ad2c1b3eef419fb71ea637ad94/analysis/1493482420/ Download : app-release.apk 1) What should I not do? This challenge does not require to bypass the password input 2) what should I do? This challenge asks to get the key wherever possible 3) Is the program in question copyright protected? No, you can do what you want 4) The password has hashed? NO 5) Has the password been encrypted? Yes
Solution crystalboy Posted April 30, 2017 Solution Posted April 30, 2017 Solved. Here the step that i made to solve it. Spoiler Apart from the dirty serial chosen the level in my opinion is 3/10. I choose the quick way to solve it: 1) Develop a quick application to sniff the signature of the original apk public String getSignature() { PackageManager pm = this.getPackageManager(); PackageInfo pi = null; try { pi = pm.getPackageInfo("windoz.crackme", PackageManager.GET_SIGNATURES); } catch (PackageManager.NameNotFoundException e1) { e1.printStackTrace(); } Signature[] s = pi.signatures; String sig = ""; try { MessageDigest v0 = MessageDigest.getInstance("SHA"); v0.update(s[0].toByteArray()); String v1 = Base64.encodeToString(v0.digest(), 0); sig = md5(v1); } catch (Exception e) { e.printStackTrace(); } return sig; } This give us the MD5 hash of the app signature: "7c4d08d09b241fcd39f3c76ad6e8a3f6" - Create another application using the same package name "windoz.crackme" - Import native lib in the project and call it. It will give us the key implemented in the native layer encoded in base64: "jiuLEylUcz8Uf9D9WpMooquanxkbMu1B1kcRTJn5C58=" - At this point we have all data to decrypt the correct serial. 2
windoz Posted April 30, 2017 Author Posted April 30, 2017 53 minutes ago, crystalboy said: Solved. Here the step that i made to solve it. Hide contents Apart from the dirty serial chosen the level in my opinion is 3/10. I choose the quick way to solve it: 1) Develop a quick application to sniff the signature of the original apk public String getSignature() { PackageManager pm = this.getPackageManager(); PackageInfo pi = null; try { pi = pm.getPackageInfo("windoz.crackme", PackageManager.GET_SIGNATURES); } catch (PackageManager.NameNotFoundException e1) { e1.printStackTrace(); } Signature[] s = pi.signatures; String sig = ""; try { MessageDigest v0 = MessageDigest.getInstance("SHA"); v0.update(s[0].toByteArray()); String v1 = Base64.encodeToString(v0.digest(), 0); sig = md5(v1); } catch (Exception e) { e.printStackTrace(); } return sig; } This give us the MD5 hash of the app signature: "7c4d08d09b241fcd39f3c76ad6e8a3f6" - Create another application using the same package name "windoz.crackme" - Import native lib in the project and call it. It will give us the key implemented in the native layer encoded in base64: "jiuLEylUcz8Uf9D9WpMooquanxkbMu1B1kcRTJn5C58=" - At this point we have all data to decrypt the correct serial. GG 👍👍
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now