15.6.15

RE APK for Fun and Profit

Today i stumbled upon an apk called proxy.apk which is also provided a configuration file that is encrypted. the configuration look like this ALMOST identical to base64


So I decompiled the apk using enjarify, which is quite good like an improved version of dex2jar.

C:\>enjarify proxy.apk

but when reading the decompiled dex files, i found out apkprotect.com, this is the cause that enjarify could not decompile apk properly


After quick google I found out that the apk is protected using apkprotect which is currently down at this time of writing. Then quick google on how to deobfuscate apkprotect, I found out this blog post Anti_APKProtect



will generate the following files


Then I analyze the classes_unpack.dex using bytecode viewer. After a while, i found out jsypt is doing the encryption and decryption process on the config file. from the official project state that
Jasypt is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.
So how I decrypt the config file?
The docs page on jasypt website clearly explain how encryption/decryption process works and also provided tools along with it. It clearly stated that the encryption/decryption required a password

So lets dive into the apk and find the password

looks easy enough to find, then lets decrypt all the strings!
using the tools provided by jasypt. lets picture do the talking


so you can see, some ip, port maybe configuration date was create.
so thats all, till next time!


5 najashark.net: RE APK for Fun and Profit Today i stumbled upon an apk called proxy.apk which is also provided a configuration file that is encrypted. the configuration look like thi...

No comments:

Post a Comment

Post Comment

< >