The problem is that button’s click listener will exit the app. After inspection, it is evident that dialog is set not to be dismissed on the click outside of it – only pressing the dialog button can close the dialog. Second, open GUI tool: java -jar /opt/jd-gui/jd-gui.jar & jar: d2j-dex2jar.sh -f UnCrackable-Level1.apk Decompile the app – see the source codeįirst, convert. To get to that stage, one has to bypass the dialog. In other words, the dialog “App is debuggable” prevents us from debugging a place in code that is called when the VERIFY button is pressed. There is little use of a debuggable app when one cannot reach the point which is to be debugged. Upon launch, the app will show “App is debuggable” dialog – another hack-prevention mechanism. Install debuggable app adb install UnCrackable-Level1-repackaged-with-d-option.apk A keystore file can also be created with the help of Android Studio. If you are not comfortable with signing on the command line (terminal), you can always sign your app in Android Studio. Signing the app is not in the scope of this post, hence no further explanation of the above command is provided. The following template can be used to sign the app: apksigner sign -v -in UnCrackable-Level1-repackaged-with-d-option.apk -v2-signing-enabled -ks -ks-key-alias $KEYSTORE_KEY_ALIAS -ks-pass env:KEYSTORE_PASSWORD -ks-type pkcs12 Use apksigner to check whether the app will pass the verification process during installation: apksigner verify -print-certs -verbose The app needs to be signed, otherwise the installation of the unsigned app will fail. Option -d is very useful, as one would have to alter AndroidManifest.xml manually to add app:debuggable=true attribute to tag. Now, repack with -d option, that will automatically add debuggable="true" to the AndroidManifest.xml: apktool b decoded -d -o Uncrackable-Level1-repackaged-with-d-option.apk s means do not decode resources (we don’t need them. apk: apktool d -s UnCrackable-Level1.apk -o decoded apk, and then re-pack it with the altered manifest file. Then, uninstall it: adb uninstall 1 Make the app debuggableĪn app should be debuggable if it is flagged as one in its AndroidManifest.xml file. First, find out its package name: adb shell pm list packages | grep mstg Currently, the installed app is not debuggable, so uninstall the app. The main piece to cracking the app is to make it debuggable. This is because the app has a root detection mechanism to prevent tempering and that emulator is considered to be a rooted device. Launching the app on the emulator will give a dialog “Root detected” and the app will exit upon closing the dialog with the dialog’s button. Install the app: adb install UnCrackable-Level1.apk $ANDROID_HOME/emulator/emulator -list-avdsįire up the emulator: $ANDROID_HOME/emulator/emulator -avd & If nothing comes up after running the previous command, create an emulator using avdmanager tool, or via Android Studio GUI. Where the value of the environment variable $ANDROID_HOME is usually ~/Android/Sdk. See what you are dealing with: install and uninstall the app The debugger will allow you to see the value of the secret String, as well as circumvent the safety mechanisms employed by the app. The plan is to put the app into debug mode and debug it. The main goal of the cracking challenge is to find out the value of that secret String. Pressing the button will compare whatever is in the input field with the secret String. Level 1 app is a simple one screen app, with an input field and a VERIFY button. The MSTG repository also contains links to other solutions of the same CRACKME challenges – I encourage you to check them out after reading this guide. Level 2: the secret is on the native side, debugging and patching native library. Level 1: the secret is on the Java side, debugging Java code. MSTG provides several CREACKMEs with varying difficulty level I’m going to go over the basic ones, level 1 and level 2 (in my next blog post). What is a CRACKME? Think of it as an app built purposefully to be cracked. I’m going to present here a solution for two Android CRACKMEs provided by it. There is a great online resource dedicated to mobile security: the Mobile Security Testing Guide ( MSTG). This is a blog-post version of my Cracking UnCrackable Android Apps webinar.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |