Shivelight / kaskus-py

Kaskus Private API Wrapper
MIT License
10 stars 3 forks source link

Error Exception with Decrypt #3

Closed sluxzer closed 4 years ago

sluxzer commented 4 years ago

Hey There

I'm trying to get new consumer key with the tools you provide:

i run every step, but when i try to decrypt file "pixels.txt" i get this error

Exception in thread "main" java.lang.IllegalArgumentException: Input byte array has incorrect ending byte at 16 at java.util.Base64$Decoder.decode0(Unknown Source) at java.util.Base64$Decoder.decode(Unknown Source) at java.util.Base64$Decoder.decode(Unknown Source) at test.test.Main.e(Main.java:67) at test.test.Main.main(Main.java:36)

Hope you have spare time to fix this issue XD

btw, i really curious how could you reverse enginer this apk, can you give me reference to learn those things.

Thank you.

Shivelight commented 4 years ago

I'm sure they have updated their encryption method. I'll look into it.

btw, i really curious how could you reverse enginer this apk, can you give me reference to learn those things.

Decompiling and network sniffing, it is actually not too hard once you setup and understand your environment which is the tricky part. I recommend JADX decompiler to start and getting comfortable with it and possibly a rooted device (you can use emulator too). You can then sniff the app to get the right direction (not needed, but it can help you understand the network flow), but the problem is the kaskus app have a custom cert pinning and if I remember correctly it's implemented as OkHttp interceptor, which you have to patch manually within the smali file (use ApkTool). It's a long process if you don't have any experience before.

sluxzer commented 4 years ago

I'm sure they have updated their encryption method. I'll look into it.

btw, i really curious how could you reverse enginer this apk, can you give me reference to learn those things.

Decompiling and network sniffing, it is actually not too hard once you setup and understand your environment which is the tricky part. I recommend JADX decompiler to start and getting comfortable with it and possibly a rooted device (you can use emulator too). You can then sniff the app to get the right direction (not needed, but it can help you understand the network flow), but the problem is the kaskus app have a custom cert pinning and if I remember correctly it's implemented as OkHttp interceptor, which you have to patch manually within the smali file (use ApkTool). It's a long process if you don't have any experience before.

Actually i'm already have a lil experience to sniffing and decompiling using JADX Decompiler (i don't know the name before, but it's the same tools) and i'm using it on kaskus, and the reason i found this repo because the apps change the flow to show their consumer key & secret, and i think it's before you create this repo and cert pinning things.

And you somehow manage to find the cs/ck inside the image? (this is why i ask how come you find it)

Shivelight commented 4 years ago

And you somehow manage to find the cs/ck inside the image? (this is why i ask how come you find it)

I think the hint was one class named LSB or something if I remember correctly, doing quick search reveals it is a steganography algorithm and that's it :tada:

sluxzer commented 4 years ago

And you somehow manage to find the cs/ck inside the image? (this is why i ask how come you find it)

I think the hint was one class named LSB or something if I remember correctly, doing quick search reveals it is a steganography algorithm and that's it 🎉

I see, that's briliant, thanks for the information 👍

Shivelight commented 4 years ago

I added a Frida script to extract the key-secret, which is a much better and easier method. I also add an SSL pinning bypass script. The scripts are based on Kaskus Android 4.16.1.

sluxzer commented 4 years ago

I added a Frida script to extract the key-secret, which is a much better and easier method. I also add an SSL pinning bypass script. The scripts are based on Kaskus Android 4.16.1.

Wow, it's such a cool feature, may i know a bit detail about your equipment, i'd like to learn to bypass it

such as: what is the sniffing tools u use and could we bypass it by emulator or must with real phone?

many thanks before 👍 🥇

Shivelight commented 4 years ago

Honestly, you can use any HTTP sniffing tools but anyway I'm using HttpCanary and Proxymon on Android, Burp Suite and mitmproxy on PC.

could we bypass it by emulator or must with real phone?

I believe Frida server can run on an emulator.

sluxzer commented 4 years ago

Honestly, you can use any HTTP sniffing tools but anyway I'm using HttpCanary and Proxymon on Android, Burp Suite and mitmproxy on PC.

could we bypass it by emulator or must with real phone?

I believe Frida server can run on an emulator.

Thanks for this usefull information.

Kudos for you :)