Jump to content
Tuts 4 You

Decrypt Key [Android APP] [No obfuscator]


windoz
Go to solution Solved by crystalboy,

Recommended Posts

Immagine.png.2df3ab8dee5c51f215b861c11455cd66.png

Difficulty : ??? ( to be seed )

Language : Java , C++ (shared lib)

Platform : Android

OS Version : 4.1 or higher

Packer / Protector : none

VirusTotal https://www.virustotal.com/it/file/5b8209bda95aae17a54f4c76eca3ae031d06b2ad2c1b3eef419fb71ea637ad94/analysis/1493482420/

Download app-release.apk

1) What should I not do?

This challenge does not require to bypass the password input
2) what should I do?

This challenge asks to get the key wherever possible

3) Is the program in question copyright protected?
No, you can do what you want
4) The password has hashed? NO

5) Has the password been encrypted? Yes
Link to comment
Share on other sites

  • Solution

Solved.
Here the step that i made to solve it. ;)

Spoiler

windoz_crackme_04_2017.png

Apart from the dirty serial chosen the level in my opinion is 3/10.

I choose the quick way to solve it:
1) Develop a quick application to sniff the signature of the original apk


public String getSignature()
{
	PackageManager pm = this.getPackageManager();
	PackageInfo pi = null;
	try 
	{
		pi = pm.getPackageInfo("windoz.crackme", PackageManager.GET_SIGNATURES);
	}
	catch (PackageManager.NameNotFoundException e1) 
	{
		e1.printStackTrace();
	}
	Signature[] s = pi.signatures;

	String sig = "";

	try {
		MessageDigest v0 = MessageDigest.getInstance("SHA");
		v0.update(s[0].toByteArray());
		String v1 = Base64.encodeToString(v0.digest(), 0);

		sig = md5(v1);
	} catch (Exception e) {
		e.printStackTrace();
	}

	return sig;
}

This give us the MD5 hash of the app signature: "7c4d08d09b241fcd39f3c76ad6e8a3f6"

- Create another application using the same package name "windoz.crackme"
- Import native lib in the project and call it. It will give us the key implemented in the native layer encoded in base64:  "jiuLEylUcz8Uf9D9WpMooquanxkbMu1B1kcRTJn5C58="

- At this point we have all data to decrypt the correct serial.

 

  • Like 2
Link to comment
Share on other sites

53 minutes ago, crystalboy said:

Solved.
Here the step that i made to solve it. ;)

  Hide contents

windoz_crackme_04_2017.png

Apart from the dirty serial chosen the level in my opinion is 3/10.

I choose the quick way to solve it:
1) Develop a quick application to sniff the signature of the original apk



public String getSignature()
{
	PackageManager pm = this.getPackageManager();
	PackageInfo pi = null;
	try 
	{
		pi = pm.getPackageInfo("windoz.crackme", PackageManager.GET_SIGNATURES);
	}
	catch (PackageManager.NameNotFoundException e1) 
	{
		e1.printStackTrace();
	}
	Signature[] s = pi.signatures;

	String sig = "";

	try {
		MessageDigest v0 = MessageDigest.getInstance("SHA");
		v0.update(s[0].toByteArray());
		String v1 = Base64.encodeToString(v0.digest(), 0);

		sig = md5(v1);
	} catch (Exception e) {
		e.printStackTrace();
	}

	return sig;
}

This give us the MD5 hash of the app signature: "7c4d08d09b241fcd39f3c76ad6e8a3f6"

- Create another application using the same package name "windoz.crackme"
- Import native lib in the project and call it. It will give us the key implemented in the native layer encoded in base64:  "jiuLEylUcz8Uf9D9WpMooquanxkbMu1B1kcRTJn5C58="

- At this point we have all data to decrypt the correct serial.

 

GG 👍👍

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...