CTFtime.org

Keekle Accounts

by delvinru / kks_KeKoS_Team

Tags: mobile_reverse aes crypto 

Rating: 5.0

### NOTE
This task can be solved differently, via the Frida plugin for IdaPro. But we solved this task by another way.

### Step 1
Read description and download apk file from site.

### Step 2

We use the *d2j-dex2jar* utility to turn the apk into a jar.

![step2](https://raw.githubusercontent.com/delvinru/writeup/master/1.png)

Open this file in the *jd-gui* program and check the source code. You may notice that there is a tab with a similar task name. After a little study, you can see in the file *LoginDataSource.class* that a certain *dev.keekledev* file is being created. Remember this.

![step2_1](https://raw.githubusercontent.com/delvinru/writeup/master/2.png)

Next, we study the file *LoginDataController.class* and we understand that AES encryption is used with the key ***ponyponyponypony***.

![step_2_2](https://raw.githubusercontent.com/delvinru/writeup/master/3.png)

### Step 3

We use the *apktool* app to unpack our apk.

![step_3_1](https://raw.githubusercontent.com/delvinru/writeup/master/4.png)

Since it became clear from the previous step that a certain file is being created with a name that contains *dev*, we will find it using the *find* utility.

![step_3_2](https://raw.githubusercontent.com/delvinru/writeup/master/5.png)

We get **AES** ciphered message: ***441A65DEFFEFC5A3B3F4A83ED6A9EA463D7782E23D516226A5CFC8477757D46F023A8E39FF4BCE61C6F883B202728978***.

Use *cyberchef* or another tools for decrypt this message with key and get flag: **unictf{h0p370u-d1D'tu53-fR33d4}**

![step_3_3](https://raw.githubusercontent.com/delvinru/writeup/master/6.png)

Comments