Scribd
Upload
54 views11 pages

APKrypt

The document outlines a challenge called APKrypt, where the objective is to reverse engineer an APK file to decrypt a flag. It provides step-by-step instructions for setting up an Android emulator, installing the APK, and using tools like dex2jar and JD-GUI to analyze the source code. Ultimately, the flag is decrypted using AES encryption with a specified secret key, resulting in the flag HTB{3nj0y_y0ur_v1p_subscr1pt1on}.

Uploaded by

Ye Zeiya Shein
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
54 views11 pages

APKrypt

The document outlines a challenge called APKrypt, where the objective is to reverse engineer an APK file to decrypt a flag. It provides step-by-step instructions for setting up an Android emulator, installing the APK, and using tools like dex2jar and JD-GUI to analyze the source code. Ultimately, the flag is decrypted using AES encryption with a specified secret key, resulting in the flag HTB{3nj0y_y0ur_v1p_subscr1pt1on}.

Uploaded by

Ye Zeiya Shein
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

APKrypt

Description

Can you become a VIP.

Objective

Reverse engineer the APK file and decrypt the flag.

Difficulty

Easy

Flag

HTB{3nj0y_y0ur_v1p_subscr1pt1on}

Release:

/release/APKrypt.zip
( b9913b674cb4a4977fa20398ce55aa64435b41cf7b1f306cc8b2df27a376c213 )

Notes

Android Emulator will perform much better on a native operating system (not a virtual
machine).

Challenge

Unzipping the APKrypt.zip file reveals the file APKrypt.apk . In order to run the
APKey.apk file, we have to set up an Android emulator. To achieve this, we are going to
use Android Studio IDE.
wget https://redirector.gvt1.com/edgedl/android/studio/ide-
zips/4.2.1.0/android-studio-ide-202.7351085-linux.tar.gz
tar xvzf android-studio-ide-202.7351085-linux.tar.gz
sh android-studio/bin/studio.sh

On the setup wizard we click OK , then we click on Next , and finally click on Finish .
Next, we wait for the Android Studio to download the components.

Once it's done, we click Finish once again.


Then we click Next and finally we click on Finish . Now that we have create a new
project, we wait for some more files to get downloaded automatically from the IDE. When
that's done, click on the top centre of the IDE and select AVD Manager .

On the AVD Manager menu, click on the green "play" button to start the emulator.
Once the device is started, It should be looking like this.
Then, we install adb so we can communicate with it.

sudo apt-get install adb

While the device is running, we can execute the following command to install the
application on the device.

adb install APKrypt.apk

Finally, from the device, we can locate and start application we just installed.
This is an application featuring a system that issues VIP tickets. Let's put a random code to
see the output.
The output is Wrong VIP code! . Let's reverse the APK file. Using d2j-dex2jar we can
create a JAR file, and then using JD-GUI we can read the source code of the APK file.

sudo apt-get install dex2jar


sudo apt-get install jd-gui
Finally, we run the following.

d2j-dex2jar APKrypt.apk
jd-gui

On the top left we choose the file icon and we select the JAR file we just created. Then we
click Open .

Let's read the source code in the MainActivity.class .

Reading the source code, we conclude that the VIP code (flag) is encrypted using AES.
In the MainActivity.java of the project we created earlier on android studio, we add the
following code to decrypt the flag, using the secrete key Dgu8Trf6Ge4Ki9Lb that is shown
above.

package com.example.myapplication;

import androidx.appcompat.app.AppCompatActivity;
import android.os.Bundle;
import android.util.Base64;
import android.util.Log;
import java.security.Key;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;

public class MainActivity extends AppCompatActivity {

@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);

try {
decrypt();
} catch (Exception e) {
e.printStackTrace();
}
}

public static void decrypt() throws Exception {


Key key = generateKey();
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] decryptedValue64 =
Base64.decode("k+RLD5J86JRYnluaZLF3Zs/yJrVdVfGo1CQy5k0+tCZDJZTozBWPn2l
ExQYDHH1l", Base64.DEFAULT);
byte [] decryptedByteValue =
cipher.doFinal(decryptedValue64);
String decryptedValue = new
String(decryptedByteValue,"utf-8");

Log.d("The flag is: ", decryptedValue);


}

private static Key generateKey() throws Exception {


Key key = new SecretKeySpec("Dgu8Trf6Ge4Ki9Lb".getBytes(),
"AES");
return key;
}
}

On the top right, we click on the green "play" button to start the application.
On the run tab, we can see the output of the execution.

The flag has been decrypted and printed successfully.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy