Android 06

This exercise will guide through the process of reversing simple obfuscated Android code

1-2 Hrs.


This challenge focuses on an Android application that requires a pin code to reveal a key. However, no pin code is set, making it necessary to reverse engineer the application to find the key. The first approach involves using apktool to decompile the application and browse the smali code. The second method requires extracting the application's classes.dex file, converting it to a jar file using dex2jar, and then decompiling it with jd-gui to inspect the Java code.

The application has been obfuscated using ProGuard, which adds complexity to the reversing process. By analyzing the smali or Java code, you'll discover that the key is encrypted using AES in CBC mode. The lab guides you through writing a small program to decrypt the encrypted string using the discovered key.

Want to learn more? Get started with PentesterLab Pro! GO PRO