Tags: rsa reverse engineering json re android 

Rating:

## zerodaystore (misc, 200)
tldr; Add &price=0 to the end of the /pay request

[server.py](server.py.8c15b34d5e32243f5ed38c1b055bfd6f)
[zerodaystore.apk](zerodaystore.apk.7869c5b00cdf037273e39572fb1affdb)

We start off by decompiling the apk file using [javadecompilers](http://www.javadecompilers.com/apk). The code is pretty straight-forward, we can purchase 0dayexploits with our money.

There is one problem though, we have no money and 0days are expensive! There are 2 solutions though.

We can craft the requests ourselfes and send them directly to the recovered url or rebuild the apk with our money and/or exploits' prices faked.

![alt text](screen1.png)

After a purchase has been made a JSON request to `http://paygate.godric.me/order` is sent with products price, id and our devices id.

![alt](screen2.png)

The request is then corrected(price is set again from productid), signed and returned as a strings contacted by `&`. The response is then sent to `http://paygate.godric.me/order`

The server source tells us that we need to send a pay request with `price=0`, we could try sending a fake request directly at /pay but unfortunatelly the message is verified using rsa and sending edited requests results in error.

It turns out that the signing mechanism is broken, we can smuggle our `&price=0` after the message and sign. This way, we can have correctly-signed message and the price variable set to 0 which should give us the flag.

`BCTF{0DayL0veR1chGuy5}`
Bingo!

Original writeup (https://github.com/p4-team/ctf/blob/master/2016-03-19-bctf/misc_200_zerodaystore/README.md).