Tags: mobile_reverse aes crypto 

Rating: 5.0

### NOTE
This task can be solved differently, via the Frida plugin for IdaPro. But we solved this task by another way.

### Step 1
Read description and download apk file from site.

### Step 2

We use the *d2j-dex2jar* utility to turn the apk into a jar.


Open this file in the *jd-gui* program and check the source code. You may notice that there is a tab with a similar task name. After a little study, you can see in the file *LoginDataSource.class* that a certain *dev.keekledev* file is being created. Remember this.


Next, we study the file *LoginDataController.class* and we understand that AES encryption is used with the key ***ponyponyponypony***.


### Step 3

We use the *apktool* app to unpack our apk.


Since it became clear from the previous step that a certain file is being created with a name that contains *dev*, we will find it using the *find* utility.


We get **AES** ciphered message: ***441A65DEFFEFC5A3B3F4A83ED6A9EA463D7782E23D516226A5CFC8477757D46F023A8E39FF4BCE61C6F883B202728978***.

Use *cyberchef* or another tools for decrypt this message with key and get flag: **unictf{h0p370u-d1D'tu53-fR33d4}**