Decrypting Cordova "Crypt File" plugin
Hey, It has been a while since the last update.While doing my daily job, I found an interesting android mobile application. It's a hybrid mobile application, written using Cordova.
Cordova in a nutshell:
"Apache Cordova is an open-source mobile development framework. It allows you to use standard web technologies - HTML5, CSS3, and JavaScript for cross-platform development. Applications execute within wrappers targeted to each platform, and rely on standards-compliant API bindings to access each device's capabilities such as sensors, data, network status, etc."
Reference: https://cordova.apache.org/docs/en/latest/guide/overview/
As usual I start with static analysis by "decompiling" the application using "apktool", and browse to "assets/www" folder, this is where all HTML/CSS/JS file for Cordova located.
What's make this application interesting is, all the files is encrypted.
Encrypted File Content |
I have made a decryptor in order to ease static analysis. I have also made a encryptor for application recompilation during analysis. Example for patching the SSL Pinning/Root Detection mechanism.
In order to use the tool, first you need to retrieve the KEY and IV from the application. It not complicated as the KEY and IV is located at com.tkyaki.cordova.DecryptResource.class
CRYPT_IV and CRYPT_KEY |
Thanks!
Subscribe to:
Post Comments
(
Atom
)
Error: Invalid key length
ReplyDeleteat new Decipheriv (crypto.js:241:16)
at Object.Decipheriv (crypto.js:238:12)
at Decrypt (E:\xampp\htdocs\android\scrypt.js\app.js:76:25)
at E:\xampp\htdocs\android\scrypt.js\app.js:52:32
at Array.forEach (native)
at DecryptThis (E:\xampp\htdocs\android\scrypt.js\app.js:49:8)
at Object. (E:\xampp\htdocs\android\scrypt.js\app.js:26:9)
at Module._compile (module.js:571:32)
at Object.Module._extensions..js (module.js:580:10)
at Module.load (module.js:488:32)
THIS script not working
ReplyDeleteI don't know how to work with node.js. Can you please make a detailed tutorial?
ReplyDeleteIs there a way that at the moment of decompiling the apk it is not possible to see the "CRYPT_KEY"?
ReplyDeleteawesome man
ReplyDeletegread man!
ReplyDelete