11/21/2021

Solution - UnCrackable App for Android Level 1

See challenge here

Use dex2jar tool to extract source code.

$~/Downloads/dex-tools-2.1-SNAPSHOT/d2j-dex2jar.sh UnCrackable-Level1.apk

Use JD-GUI to review the source code

$java -jar ~/Downloads/jd-gui-1.6.6.jar


Now we know the check is to check your input String is equal to the hardcoded ciphertext (encrypted by AES).

Write a similar java program copy & paste the function to decrypt the ciphertext without input anything

import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.util.Base64;

public class UnCrackableLevel1 {

public static void main(String[] args) throws Exception {

System.out.println(a("any"));

}

public static String a(String paramString) {
byte[] arrayOfByte = Base64.getDecoder().decode("5UJiFctbmgbDoLXmpL12mkno8HT4Lv8dlat8FxR2GOc=");
try {
arrayOfByte = decrypt(b("8d127684cbc37c17616d806cf50473cc"), arrayOfByte);
} catch (Exception exception) {
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.append("AES error:");
stringBuilder.append(exception.getMessage());
System.out.println("CodeCheck" + stringBuilder.toString());
arrayOfByte = new byte[0];
}
return new String(arrayOfByte);
}

public static byte[] decrypt(byte[] paramArrayOfbyte1, byte[] paramArrayOfbyte2) throws Exception {
// SecretKeySpec secretKeySpec = new SecretKeySpec(paramArrayOfbyte1,
// "AES/ECB/PKCS7Padding");
SecretKeySpec secretKeySpec = new SecretKeySpec(paramArrayOfbyte1, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(2, secretKeySpec);
return cipher.doFinal(paramArrayOfbyte2);
}

public static byte[] b(String paramString) {
int i = paramString.length();
byte[] arrayOfByte = new byte[i / 2];
for (byte b = 0; b < i; b += 2)
arrayOfByte[b / 2] = (byte) (byte) ((Character.digit(paramString.charAt(b), 16) << 4)
+ Character.digit(paramString.charAt(b + 1), 16));
return arrayOfByte;
}

}

$javac UnCrackableLevel1

$java UnCrackableLevel1

The secret is "I want to believe"

*** Note the source code use AES/ECB/PKCS7Padding

but actually using AES

張貼者:

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)