Closed enovella closed 4 years ago
Weird. But i think i reproduced this during the last training once on android only. Shouldnt be hard to fix unless its a bug in frida which i doubt
On 30 Aug 2019, at 02:40, Eduardo Novella notifications@github.com wrote:
Sample APK
https://github.com/nowsecure/cybertruckchallenge19/tree/master/apk
Missed methods
generateDynamicKey and generateKey Wondering if they cannot be seen as they're declared as protected
Decompiled code via JADX
package org.nowsecure.cybertruck.keygenerators;
import android.util.Log; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.spec.InvalidKeySpecException; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.DESKeySpec;
public class Challenge1 { private static final String TAG = "CyberTruckChallenge";
public Challenge1() { generateKey(); } /* access modifiers changed from: protected */ public byte[] generateDynamicKey(byte[] bArr) { SecretKey generateSecret = SecretKeyFactory.getInstance("DES").generateSecret(new DESKeySpec("s3cr3t$_n3veR_mUst_bE_h4rdc0d3d_m4t3!".getBytes())); Cipher instance = Cipher.getInstance("DES"); instance.init(1, generateSecret); return instance.doFinal(bArr); } /* access modifiers changed from: protected */ public void generateKey() { Log.d("CyberTruckChallenge", "KEYLESS CRYPTO [1] - Unlocking carID = 1"); try { generateDynamicKey("CyB3r_tRucK_Ch4113ng3".getBytes()); } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) { e.printStackTrace(); } }
} r2frida
[0x00000000]> \ic~+nowsecure org.nowsecure.cybertruck.MainActivity org.nowsecure.cybertruck.keygenerators.a org.nowsecure.cybertruck.a.a org.nowsecure.cybertruck.keygenerators.Challenge1 org.nowsecure.cybertruck.MainActivity$1 org.nowsecure.cybertruck.MainActivity$2 org.nowsecure.cybertruck.MainActivity$3 [0x00000000]> \ic org.nowsecure.cybertruck.keygenerators.Challenge1 public boolean java.lang.Object.equals(java.lang.Object) public final java.lang.Class java.lang.Object.getClass() public int java.lang.Object.hashCode() public final native void java.lang.Object.notify() public final native void java.lang.Object.notifyAll() public java.lang.String java.lang.Object.toString() public final native void java.lang.Object.wait() throws java.lang.InterruptedException public final void java.lang.Object.wait(long) throws java.lang.InterruptedException public final native void java.lang.Object.wait(long,int) throws java.lang.InterruptedException — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
Fixed with \icm (info-class-methods)
Sample APK
https://github.com/nowsecure/cybertruckchallenge19/tree/master/apk
Missed methods
generateDynamicKey
andgenerateKey
Wondering if they cannot be seen as they're declared as protectedDecompiled code via JADX
r2frida