Android 08

This exercise will guide through the process of reversing simple obfuscated Android code to recover encrypted data

1-2 Hrs.


This challenge revolves around an Android application that requires a pin code to reveal a key. You will begin by downloading the Android application and then proceed to extract and examine its code using tools like apktool and dex2jar. The application’s code, which has been minimized using ProGuard, will be inspected in both smali and Java formats. By understanding the encryption method, which employs AES, and how the pin code and a server-downloaded string are hashed together, you will write a tool to brute force the decryption key.

The video guides you through unzipping the APK file, converting the dex file to a jar file using dex2jar, and decompiling the Java code. It then explains how to inspect the code to identify the encryption process involving a pin and a server-downloaded string. Finally, you will write a Python script to brute force the pin code, decrypt the data, and retrieve the key necessary to complete the challenge. This exercise helps you understand the intricacies of Android application security and the steps involved in reversing such protections.

Want to learn more? Get started with PentesterLab Pro! GO PRO