-
Notifications
You must be signed in to change notification settings - Fork 25
Secure Encryption Solution
Tim Guenther edited this page Jul 24, 2017
·
1 revision
- Follow the challenge set up guide.
- Decode the apk with
java -jar apktool d <apk>and/orJD-GUI. - Browse to decompiled code and open
.smalifile. This can be done with your favorite editor. - Open
/base/smali/ruhrpott/owasp/com/vuln_app_1/Emcryption.smaliand add the log function:
[...]
.method private secureEncrypt(Ljava/lang/String;Landroid/content/Context;)Ljava/lang/String;
.locals 5
.param p1, "text" # Ljava/lang/String;
.param p2, "context" # Landroid/content/Context;
.prologue
.line 72
sget-object v2, Landroid/os/Build;->ID:Ljava/lang/String;
const-string v0, "Build.ID"
invoke-static {v0, v2}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
[...]
The logging will display the key for the encryption:
07-18 10:35:28.425 25861-25861/ruhrpott.owasp.com.vuln_app_1 1 E/Build.ID> LMY48W
- A closer examination of the encryption shows that the algorithm takes the plaintext and returns
AxoYZ2hsHi1VVSE5MEdbJG0LQVA+PTZATGw/NldTPw(Base64 encoded ciphertext). The function willXORthe plaintext with the Build-ID (hereLMY48W). - To decrypt the given cipher text we have to
XORthe BUILD-ID with the Base64 decoded ciphertext.
- The Build-ID can be found in the Android Settings as well:
Settings -> About tablet -> Build number
Please open an issue in the case you found a mistake in the wiki.