Jump to content
Tuts 4 You
  • 0
Sign in to follow this  
windoz

Decrypt Key [Android APP] [No obfuscator]

Question

windoz

Immagine.png.2df3ab8dee5c51f215b861c11455cd66.png

Difficulty : ??? ( to be seed )

Language : Java , C++ (shared lib)

Platform : Android

OS Version : 4.1 or higher

Packer / Protector : none

VirusTotal https://www.virustotal.com/it/file/5b8209bda95aae17a54f4c76eca3ae031d06b2ad2c1b3eef419fb71ea637ad94/analysis/1493482420/

Download app-release.apk

1) What should I not do?

This challenge does not require to bypass the password input
2) what should I do?

This challenge asks to get the key wherever possible

3) Is the program in question copyright protected?
No, you can do what you want
4) The password has hashed? NO

5) Has the password been encrypted? Yes

Share this post


Link to post

2 answers to this question

Recommended Posts

  • 2
crystalboy

Solved.
Here the step that i made to solve it. ;)

Spoiler

windoz_crackme_04_2017.png

Apart from the dirty serial chosen the level in my opinion is 3/10.

I choose the quick way to solve it:
1) Develop a quick application to sniff the signature of the original apk


public String getSignature()
{
	PackageManager pm = this.getPackageManager();
	PackageInfo pi = null;
	try 
	{
		pi = pm.getPackageInfo("windoz.crackme", PackageManager.GET_SIGNATURES);
	}
	catch (PackageManager.NameNotFoundException e1) 
	{
		e1.printStackTrace();
	}
	Signature[] s = pi.signatures;

	String sig = "";

	try {
		MessageDigest v0 = MessageDigest.getInstance("SHA");
		v0.update(s[0].toByteArray());
		String v1 = Base64.encodeToString(v0.digest(), 0);

		sig = md5(v1);
	} catch (Exception e) {
		e.printStackTrace();
	}

	return sig;
}

This give us the MD5 hash of the app signature: "7c4d08d09b241fcd39f3c76ad6e8a3f6"

- Create another application using the same package name "windoz.crackme"
- Import native lib in the project and call it. It will give us the key implemented in the native layer encoded in base64:  "jiuLEylUcz8Uf9D9WpMooquanxkbMu1B1kcRTJn5C58="

- At this point we have all data to decrypt the correct serial.

 

  • Like 2

Share this post


Link to post
  • 0
windoz
53 minutes ago, crystalboy said:

Solved.
Here the step that i made to solve it. ;)

  Hide contents

windoz_crackme_04_2017.png

Apart from the dirty serial chosen the level in my opinion is 3/10.

I choose the quick way to solve it:
1) Develop a quick application to sniff the signature of the original apk



public String getSignature()
{
	PackageManager pm = this.getPackageManager();
	PackageInfo pi = null;
	try 
	{
		pi = pm.getPackageInfo("windoz.crackme", PackageManager.GET_SIGNATURES);
	}
	catch (PackageManager.NameNotFoundException e1) 
	{
		e1.printStackTrace();
	}
	Signature[] s = pi.signatures;

	String sig = "";

	try {
		MessageDigest v0 = MessageDigest.getInstance("SHA");
		v0.update(s[0].toByteArray());
		String v1 = Base64.encodeToString(v0.digest(), 0);

		sig = md5(v1);
	} catch (Exception e) {
		e.printStackTrace();
	}

	return sig;
}

This give us the MD5 hash of the app signature: "7c4d08d09b241fcd39f3c76ad6e8a3f6"

- Create another application using the same package name "windoz.crackme"
- Import native lib in the project and call it. It will give us the key implemented in the native layer encoded in base64:  "jiuLEylUcz8Uf9D9WpMooquanxkbMu1B1kcRTJn5C58="

- At this point we have all data to decrypt the correct serial.

 

GG 👍👍

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...