background preloader

NDH2K12

Facebook Twitter

NDH2k12-wargame Write-up CrackMe Android - w3pwnz. File : NDH.apk We were asked to reverse an Android application, coming as an APK file. The first move was to get the Java source of that application with dex2jar in order to decompile the APK into a plain JAR file. If you ever want more information about this step, check out that link Once we have the JAR file, we opened it with JD-GUI and located the main Activity, that is to say the entry point of an application. Here's the code : Before going any further with that code, we wanted it to be running on a Android emulator and we had to patch few things. This time, we completely disassembled the APK with apktool. Android@honeynet:~/tools/apktool$ apktool d ~/ndh/NDH.apk ~/ndh/NDH_Decomp I: Baksmaling... Here's the AndroidManifest.xml : That manifest requires Android 4.0.3 (API 15) as minimum SDK version.

Now, let's go back into the code. Just by reading the source, we're aware that this application graphically consists of a EditText (a textbox) and a Button. Pwned ! NDH2k12-wargame Write-up What the file ? - w3pwnz. Name What the file ? Score 1000 Content While doing some forensics, an analyst found a weird file. Please help him. We have this file unknown.bin $ file unknown.bin.png unknown.bin.png: PNG image data, CORRUPTED $ pngcheck -vt7f unknown.bin File: unknown.bin (1179008 bytes) File is CORRUPTED. It seems to have suffered EOL conversion. Ok, it's a corrupted PNG that we have to patch. We realized that the lengths and the chunks' names are affected by several alterations.

We begun by correcting those names and lengths for each chunk. A quick reminder from the RFC 2083 about the chunk layout : Length A 4-byte unsigned integer giving the number of bytes in the chunk's data field. No apparent problem for IHDR, sBIT, pHYs, tEXt(Software) and IEND chunks. For IDAT chunks, we can understand that they're 8192 bytes long. . $ pngcheck -vt7f unknown.bin.png [...] chunk IDAT at offset 0x11c717, length 8192 chunk IDAT at offset 0x11e723, length 8192: EOF while reading data 650b0a5aa1ec4cea................ #! NDH 2k12 - Human rights hide some secrets | K3YS3C. k3ys3c.blogspot.fr. Blindp0wn3rs. Codezen.fr.