-
Notifications
You must be signed in to change notification settings - Fork 25
Secure Encryption
This challenge will teach you a way to attack home made encryptions and analyse smali-code.
This challenge does not need any special setup.
OPTIONAL:
Either: Download the application from the latest release on github / Use the one provided on the Ubuntu VM.
Or: Pull the application from the phone/emulator.
adb pull /data/app/ruhrpott.owasp.cpm.vuln_app_1-2/base.apk /tmp/
(The app installed might have Proguard activated. This will obfuscate the the code before compiling and make it harder to reverse engineer. An apk compiled without Proguard is in the OWASP folder on the Ubuntu VM and in the release of this repository.)
The application will check if the devices (android VM) is rooted. Your task is:
- Add your own log massages to the application.
- Understand the encryption/decryption process.
- Break it!
- Smali-Code to create a log massage with the tag
"owasplog"and the message"Hello":
const-string v0, "owasplog"
const-string v1, "Hello"
invoke-static {v0, v1}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
- Use the Java2Smali plugin for Android Studio (pre installed on the Ubuntu VM) to covert your Java code into smali-code.
Please open an issue in the case you found a mistake in the wiki.