Android Crackmes¶
Android UnCrackable L1¶
A secret string is hidden somewhere in this app. Find a way to extract it.
Installation
This app is compatible with Android 4.4 and up.
$ adb install UnCrackable-Level1.apk
SPOILER (Solutions)
- Solution using Frida by c0dmtr1x
- Solution using static analysis
- Solution using jdb
- Solution using Frida by Eduardo Novella
- Solution using Xposed by sh3llc0d3r
- Solution using RMS by @mobilesecurity_ (video)
- Solution using static analysis by Eduardo Vasconcelos
- Solution using Frida by Davide Cioccia
- Solution using MobSF by Jitendra Patro
Android UnCrackable L2¶
This app holds a secret inside. May include traces of native code.
Installation
This app is compatible with Android 4.4 and up.
$ adb install UnCrackable-Level2.apk
SPOILER (Solutions)
By Bernhard Mueller. Special thanks to Michael Helwig for finding and fixing an oversight in the anti-tampering mechanism.
Android UnCrackable L3¶
The crackme from hell! A secret string is hidden somewhere in this app. Find a way to extract it.
Installation
This app is compatible with Android 4.4 and up.
$ adb install UnCrackable-Level3.apk
SPOILER (Solutions)
By Bernhard Mueller. Special thanks to Eduardo Novella for testing, feedback and pointing out flaws in the initial build(s).
Android UnCrackable L4¶
The Radare2 community always dreamed with its decentralized and free currency to allow r2 fans to make payments in places and transfer money between r2 users. A debug version of the r2Pay app has been developed and it will be supported very soon in many stores and websites. Can you verify that this is cryptographically unbreakable?
Hint: Run the APK in a non-tampered device to play a bit with the app.
- There is a master PIN code that generates green tokens (aka r2coins) on the screen. If you see a red r2coin, then this token won't be validated by the community. You need to find out the 4 digits PIN code and the salt employed as well. Flag:
r2con{PIN_NUMERIC:SALT_LOWERCASE} - There is a "r2pay master key" buried in layers of obfuscation and protections. Can you break the whitebox? Flag:
r2con{ascii(key)}
Versions:
v0.9- Release for OWASP MAS: Source code is available and the compilation has been softened in many ways to make the challenge easier and more enjoyable for newcomers.v1.0- Release for R2con CTF 2020: No source code is available and many extra protections are in place.
Installation
This app is compatible with Android 4.4 and up.
$ adb install r2pay-v0.9.apk
SPOILER (Solutions)
Created and maintained by Eduardo Novella & Gautam Arvind. Special thanks to NowSecure for supporting this crackme.
Android License Validator¶
A brand new Android app sparks your interest. Of course, you are planning to purchase a license for the app eventually, but you'd still appreciate a test run before shelling out $1. Unfortunately no keygen is available! Generate a valid serial key that is accepted by this app.
Installation
Copy the binary to your Android device and run using the shell.
$ adb push validate /data/local/tmp
[100%] /data/local/tmp/validate
$ adb shell chmod 755 /data/local/tmp/validate
$ adb shell /data/local/tmp/validate
Usage: ./validate <serial>
$ adb shell /data/local/tmp/validate 1234
Incorrect serial (wrong format).
$ adb shell /data/local/tmp/validate JACE6ACIARNAAIIA
Entering base32_decode
Outlen = 10
Entering check_license
Product activation passed. Congratulations!
SPOILER (Solutions)
MASTG Hacking Playground¶
Did you enjoy working with the Crackmes? There is more! Go to the MASTG Hacking Playground and find out!