Digital Forensics Challenge 2021 Writeup (305 — Crack the app)

Instructions

Description
You just seized the suspect’s cell phone. To analyze the cell phone, you must login to unlock the private drive application. The suspect refused to provide the passcode, so you need to crack the password through reverse engineering.
Questions
1. Suggest the appropriate method to crack the passcode. If you have implemented a program to solve the problem, submit the source code together.
2. After unlocking the passcode, take screenshots with the ‘first password’ and OTP code.
File Given
PrivateDrive.apk

Tool Used

Android Studio, jadx, and Notepad++ are the tools that will be used to answer this problem.

Answer

On this case, we are asked to crack the password used to unlock the private drive application through reverse engineering.

Figure 1. PrivateDrive.apk opened using Android Studio (Profile or Debug APK).
Figure 2. Screenshot of first page shown after installing and opening the application (login page).
Figure 3. Files and directories on PrivateDrive.apk opened using jadx-gui.bat (reverse engineering).
Figure 4. Source code of MainActivity.
Figure 5. Snippet of MainActivity’s source code.
Figure 6. Snippet of MainActivity’s source code.
Figure 7. Content of strings.xml.
Figure 8. Source code of LoginResult.
Table 1. Hexadecimal value found in the ‘203d233e382c1e215a6a7c6c7e725c6b’ and its decimal value.
Table 2. The example of bitwise XOR operation.
Table 3. The example of bitwise XOR operation (reverse from table 2).
Figure 9. Source code of the program used to change modified keyArray1 and keyArray2 values to its original.
Figure 10. The output of the source code shown in Figure 9.
Figure 11. Screenshot of first page shown after installing and opening the application (login page) filled with any username and ‘Jonathan081326#$’ as password.
Figure 12. Screenshot of SubActivity page.
Figure 13. Source code of SubActivity class.
Figure 14. Source code of activity_main.xml.
Figure 15. Source code of build.gradle (:app).
Figure 16. Source code of MainActivity class.
Figure 17. MainActivity page run using emulator (AVD) on Android Studio.
Figure 18. Screenshot of SubActivity page with an OTP as input.
Figure 19. Screenshot of DriveActivity class (home).
Figure 20. Screenshot of DriveActivity class (Slideshow).

Summary:

Password = Jonathan081326#$
OTP Code for that period = 892783

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Williams Kosasi

Williams Kosasi

I have so much interest in DFIR and love any challenge that is given to me.