Post

Cyberspace24 Writeup

Posted
By whmir
1 min read

Beginner

Encryptor

File : encryptor.apk

Given android file (.apk). To start, read the source code by extracting the apk using MobSF tools or apktool.

Solve by Tools

image

Above image give the overview on apk being uploaded. Our main focus here is Source code. The dashboard also show interesting part on API where it use base64 encoded and decoded and also crypto.

image

Moving into source code name as *MainActivity.java* or located at com.example.encryptor.MainActivity

image image

:::info The snippet code show the encryption part using Blowfish. The key being encoded using base64. (ZW5jcnlwdG9yZW5jcnlwdG9y) The result will be save in asset name as enc.txt :::

Solve by apktool

Run below script to decode the apk. apktool d -p . encryptor.apk

The decode file in smali. To read it, use jadx-gui where it convert smali to java.

image

We know that the encryption operation happen here. The encryption using blowfish with key being encoded using base64.

image The encryption then being save to asset file name as enc.txt.

Locate the directory /asset and file enc.txt to get the encryption text.

image

Using any online tools to decode blowfish encryption.

key = encryptorencryptor

image

==CSCTF{3ncrypt0r_15nt_s4Fe_w1th_4n_h4Rdc0d3D_k3y!}==

This post is licensed under CC BY 4.0 by the author.