Skip to content

Latest commit

 

History

History
201 lines (133 loc) · 11 KB

README.md

File metadata and controls

201 lines (133 loc) · 11 KB

UnCrackable Mobile Apps

Welcome to the UnCrackable Apps for Android and iOS, a collection of mobile reverse engineering challenges. These challenges are used as examples throughout the Mobile Security Testing Guide. Of course, you can also solve them for fun.

Android

UnCrackable App for Android Level 1

This app holds a secret inside. Can you find it?

  • Objective: A secret string is hidden somewhere in this app. Find a way to extract it.
  • Author: Bernhard Mueller.
  • Maintained by the OWASP MSTG leaders.

Installation

This app is compatible with Android 4.4 and up.

  $ adb install UnCrackable-Level1.apk

Solutions

UnCrackable App for Android Level 2

This app holds a secret inside. May include traces of native code.

  • Objective: A secret string is hidden somewhere in this app. Find a way to extract it.
  • Author: Bernhard Mueller.
  • Special thanks to Michael Helwig for finding and fixing an oversight in the anti-tampering mechanism.
  • Maintained by the OWASP MSTG leaders.

Installation

This app is compatible with Android 4.4 and up.

  $ adb install UnCrackable-Level2.apk

Solutions

UnCrackable App for Android Level 3

The crackme from hell!

  • Objective: A secret string is hidden somewhere in this app. Find a way to extract it.
  • Author: Bernhard Mueller.
  • Special thanks to Eduardo Novella for testing, feedback and pointing out flaws in the initial build(s).
  • Maintained by the OWASP MSTG leaders.

Installation

This app is compatible with Android 4.4 and up.

$ adb install UnCrackable-Level3.apk

Solutions

UnCrackable App for Android Level 4: Radare2 Pay v0.9

The Radare2 community always dreamed with its decentralized and free currency to allow r2 fans to make payments in places and transfer money between r2 users. A debug version has been developed and it will be supported very soon in many stores and websites. Can you verify that this is cryptographically unbreakable?

Hint: Run the APK in a non-tampered device to play a bit with the app.

  • Objectives:
    • 1: There is a master PIN code that generates green tokens (aka r2coins) on the screen. If you see a red r2coin, then this token won't be validated by the community. You need to find out the 4 digits PIN code and the salt employed as well. Flag: r2con{PIN_NUMERIC:SALT_LOWERCASE}
    • 2: There is a "r2pay master key" buried in layers of obfuscation and protections. Can you break the whitebox? Flag: r2con{ascii(key)}
  • Author: Eduardo Novella & Gautam Arvind.
  • Special thanks to NowSecure for supporting this crackme.
  • Maintained by Eduardo Novella & Gautam Arvind.

Installation

This app is compatible with Android 4.4 and up.

$ adb install r2pay-v0.9.apk

Versions

  • v0.9 - Release for OWASP MSTG.
    • Source code is available and the compilation has been softened in many ways to make the challenge easier and more enjoyable for newcomers.
  • v1.0 - Release for R2con CTF 2020.
    • No source code is available and many extra protections are in place.

Solutions R2pay v0.9

  • Not yet

Solutions R2pay v1.0

Android License Validator

A brand new Android app sparks your interest. Of course, you are planning to purchase a license for the app eventually, but you'd still appreciate a test run before shelling out $1. Unfortunately no keygen is available!

  • Objective: Generate a valid serial key that is accepted by this app.
  • Author: Bernhard Mueller.
  • Maintained by the OWASP MSTG leaders.

Installation

Copy the binary to your Android device and run using the shell.

$ adb push validate /data/local/tmp
[100%] /data/local/tmp/validate
$ adb shell chmod 755 /data/local/tmp/validate
$ adb shell /data/local/tmp/validate
Usage: ./validate <serial>
$ adb shell /data/local/tmp/validate 1234
Incorrect serial (wrong format).
$ adb shell /data/local/tmp/validate JACE6ACIARNAAIIA
Entering base32_decode
Outlen = 10
Entering check_license
Product activation passed. Congratulations!

Solutions

iOS

UnCrackable App for iOS Level 1

This app holds a secret inside. Can you find it?

  • Objective: A secret string is hidden somewhere in this binary. Find a way to extract it. The app will give you a hint when started.
  • Author: Bernhard Mueller
  • Maintained by the OWASP MSTG leaders.

Installation

Open the "Device" window in Xcode and drag the IPA file into the list below "Installed Apps".

Note: The IPA is signed with an Enterprise distribution certificate. You'll need to install the provisioning profile and trust the developer to run the app the "normal" way. Alternatively, re-sign the app with your own certificate, or run it on a jailbroken device (you'll want to do one of those anyway to crack it).

Solutions

UnCrackable App for iOS Level 2

This app holds a secret inside - and this time it won't be tampered with!

  • Objective: Find the secret code - it is related to alcoholic beverages.
  • Author: Bernhard Mueller.
  • Maintained by the OWASP MSTG leaders.

Note: Due to its anti-tampering the app won't run correctly if the main executable is modified and/or re-signed. You'll need to trust the developer run it the standard way on a non-jailbroken device (General Settings -> Profile & Device Management) and to verify the solution.

Installation

Open the "Device" window in Xcode and drag the IPA file into the list below "Installed Apps".

Note: The IPA is signed with an Enterprise distribution certificate. You'll need to install the provisioning profile and trust the developer to run the app the "normal" way. Alternatively, re-sign the app with your own certificate, or run it on a jailbroken device (you'll want to do one of those anyway to crack it).

Solutions

MSTG Hacking Playground

Did you enjoy working with the Crackmes? There is more! Go to the MSTG Hacking Playground and find out!

Issues with the Crackmes

If the app does not boot, or if there is another bug: file an issue at this repository or at the one you should not go to (SPOILER ALERT!).