Android 05

This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data

PRO
Tier
Medium
1-2 Hrs.
1763

This lab involves downloading an Android application and using various tools to extract and examine its contents. You begin by unzipping the APK file and identifying the classes.dex file, which you then convert to a JAR file using dex2jar. After converting, you browse the code either by unzipping the JAR or using jd-gui. The code is obfuscated using ProGuard, making it slightly more complex to reverse-engineer.

You are encouraged to inspect the smali or Java code to find how the key is "encrypted." The encryption is a simple XOR operation between the key and a string. By reversing this operation, you can retrieve the actual key. The lab also suggests using apktool to gain additional insights, especially when other tools don't provide the necessary information. Finally, a practical example using Ruby demonstrates how to implement the XOR decryption to solve the challenge.

Want to learn more? Get started with PentesterLab Pro! GOPRO