Android 07

This exercise will guide through the process of reversing simple obfuscated Android code

1-2 Hrs.


In this exercise, you'll begin by downloading an Android application that requires a pin code to provide a key. Since the pin is not provided, you'll learn two methods to solve the challenge. First, you can use apktool to decompile the application into smali code and inspect it. Alternatively, you can unzip the application to extract the classes.dex file and convert it into a jar file using dex2jar. This jar file can then be decompiled to Java code using jd-gui.

The application's code has been minimized using ProGuard, making it more complex to reverse engineer. By examining the smali or Java code, you will discover that the key is encrypted using AES and is based on the pin code, which is hashed before use. Your task is to write a Python script to brute force the pin, which consists of four digits, and decrypt the AES-encrypted key. This hands-on approach will deepen your understanding of Android app reverse engineering and cryptographic techniques.

Want to learn more? Get started with PentesterLab Pro! GO PRO