Just another Cracking the Uncrackable
Cracking OWASPâs Android Uncrackable Level 2
While spending some time developing some modules for MEDUSA, I decided to give a try and see how I could use this tool in order to crack some of the popular OWASPâs Android Crackmes. I will try to keep this post as short as possible, so lets get right to the pointâŚ
Download and Install
Assuming that the reader has already install MEDUSA, lets download the crackme and install it using the apkutils.py script:
That wasnât hard I guess, but when we try to run the application we got our first wall:
I didnât even âopenâ the apk, but this canât be that hard so I decided to use MEDUSAâs anti_debug module and see how it goes:
Excellent, wall Number 1 down:
Native Stuff
Just type âeâ to exit the session and letâs have a look to the appâs native libraries. Typing âlist <package name> pathâ will yield the appâs installation directory:
Back to the apkutils (I hope you havenât exit), to see whats there:
libfoo ? lets extract it from the device:
Cant avoid Ghidra
Letâs open libfoo.so and search for a âJava_â function:
Starting from the CodeCheck_bar, it seems that we are right to the point:
Line 24: Will return the Byte array elements representing the userâs input
Line 25: Will return the size of the input byte array
Line 26: There will check if the size is equal to 0x17 and if true will proceed on checking what seems to be the secret. If the comparison is successful it will return True or otherwise false.
Notice the content at lines 21â23 ?
Lets use some CyberChef magic:
Excellent !
Thanks for the fish !!
Ah⌠not to forget to clean the device ;) :
