Hints given to us:
Space Station 0xA1EA512A
You have seen a deserted space station. Your task is to enter it. The first barrier is the access system. But you can find a module with the application on it. Here is the file:
https://ctf.hack.lu/files/0xA1EA512A.apk
What is the key?
(There is also station B. Station B is the advanced one.)
Here is a copy of the apk file.
0xA1EA512A.zip
Recommended Tools:
1. android emulator (http://developer.android.com/sdk/index.html)
2. dex-translator (http://code.google.com/p/dex2jar/downloads/detail?name=dex-translator-0.0.9.3.zip&can=2&q=) - convert android apps to Java jar file
3. DJ Java Decompiler (http://members.fortunecity.com/neshkov/dj.html) - java decompiler
Key Logic:
if(k == (j1 ^ (0x67782aef ^ j1 ^ j - 1422) ^ j - 2))
textview.append("That's OK. Come in.");
else
textview.append("No, that is not OK!");
where
k = inputs that user type
j = 0x67782aef + 2
j1 can be 12 from the code
More Information:
Decompiling the file reveals 2 java files in which only the AccessControl.java is of interest to us.
My approach in finding the condition in gaining access is to find the line where it indicates that you are “authorized”.
In this puzzle that will be “That’s OK. Come in.”
The If statement has a total of 3 unknown variables. After tracing upwards, you will discover that k is actually what the user type in the text box. J is defined as 0x67782aef + 2 and j1 can be either 12 or 3L * (16 + (0x67782aef - 2)) - 0x57bac1daL - 2L;
Let’s take the easy way out by letting j1 be 12. We write a 1 liner PHP script and run the result. Type in the emulator and test if it works.
Solution:
Run a php script =D
Result:
0x67782563
Screenshot:
Using the answer, we solved the Android CrackMe. :D
cheers
Elucidator
No comments:
Post a Comment