root💀bl4ck4non-sec:~#

Hack. Eat. Sleep. Repeat!!!

View on GitHub

Android 01

image

Our task is to get the key from this android application.

Downloading the file to our machine. We can use apktool to decompile this

command:apktool d Android01.apk -o output

image

nice, now lets check the common files for the key. The files AndroidManifest.xml and res/values/strings.xml

image

oops, not there

checking the other file,

image

We have gotten the key,

Submitting the key

image

We have successfully completed this exercise

Android 02

image

Our task is to retrieve the key that solves this exercise

Lets download the apk file to our machine.

We’ll be using the tool apktool to decompile

command:apktool d Android02.apk -o output

image

Now, what we have to do is look for the file that has the key.

Lets hunt for .db and .sqlite files

image

We found one, lets access this file

command:sqlite3 data.sqlite

image

We found the key hehe

Submitting the key

image

We have successfully completed this task

Android 03

image

Our task is to retrieve the key that help solve the lab

Download the file to your machine

We’ll use apktool to decompile the file

comman:apktool d Android03.apk -o output

image

We’ll be analyzing that directory for the key.

I used a command to sniff the key out😂

command:grep -ir "key"

image

That’s the key hehe

Submitting the key

image

We have successfully completed this exercise

Android 04

image

Our task is to retrieve the key that solves this lab

Lets download the file to our machine

We’ll start out by unziping the file

image image

Next thing is to convert the .dex file to a .jar file using a tool dex2jar. You can install the tool by running sudo apt install dex2jar

To run it

command:d2j-dex2jar classes.dex

image

We’ll open this with jd-gui

image

The key has been encrypted, the way to solve this is to XOR between the key and a single character.

We can use this python script for that

original_bytes = b"\005\006\006\003U\001UU\031WQ\f\006\031\000PU\f\031\rVU\002\031W\000\rQ\f\004\rVU\003\006\004"
xor_value = 52

result_bytes = bytes([byte ^ xor_value for byte in original_bytes])

print(result_bytes)

image

We got the key

Submitting the key

image

We have successfully completed this exercise

Android 05

image

Our task is to retrieve the key that solves this lab

Downloading the application. We’ll use the same step we used in the previous lab by unzipping then converting the dex file to a jar file. Then we’ll open with jd-gui

image

getString(2131427348) is requesting the string resource associated with the resource ID 2131427348 from the app’s resources, and it returns the corresponding string

Lets convert this to hex first then we look for the corresponding strings from the decomopiled output we got from apktools

image image

Nice, we got the string to be PentesterLab

Now lets decrypt the xor

We can use the python script

input_string = b"i]\rD\004\025\027\004_~\002\006`HZ@UBY\\Ku\002O2\003_MQB\020\007G~\004Q"
key = "PentesterLab"

# Repeat the key to match the length of the input string
key = key * (len(input_string) // len(key) + 1)
key = key.encode()[:len(input_string)]

# Perform the XOR operation
result = bytearray()
for i in range(len(input_string)):
    result.append(input_string[i] ^ key[i])

# Convert the result back to a string
result_string = bytes(result).decode()

print(result_string)

image

We got the key hehe

Submitting the key

image

We have successfully completed this exercise

#