![]() If you want the correct filename you have to pull the db from /data/data//databases/cal.db (this requires a rooted device or aįull filesystem extraction). I made a simple script based on what we saw when analysing the app in jadx: What we need to do is to find out where the files are stored, pull the files and then create something that will decrypt the files for us.Īfter following some code i ended up with this method:Ĭ0mputer ~ % adb pull /storage/emulated/0/Android/data//files/photo_encrypt/ I wont comment further on the use of DES and a static key -). The creator of the app uses a static key "12345678" for encryption, and also uses "DES" encryption. When looking at the Class and methods i saw that this was a class responsible for encrypting and decrypting files. To view the method EncryptUtils.m10791a() you just right-click on it and select "Goto declaration". So when i clicked the search result the following code showed up:įileInputStream fileInputStream = new FileInputStream(6361a) īyteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream() ĮncryptUtils.m10791a("12345678", fileInputStream, byteArrayOutputStream) īyteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray()) In this case i searched for "encrypt", "decrypt", "AES" etc etc. I also use the search function to search for strings that should be of interest. What i usually do next is to just click and look at all the classes and methods. This will sometimes (often) do a pretty decent job of helping out with applications that are obfuscated when compiled. I loaded the apk into JADX-GUI, a tool that "produces Java source code from Android Dex and Apk files".Ī very nice feature of jadx is that you can activate deobfuscation when parsing the apk. This is kinda important as Google playstore often have multiple applications, from different publishers, that share the same name and icon. Go to or and search for the packagename "". If you want to download the apk from internet Now the application is saved to "base.apk" and you can start to analyse it. data/app/-OP_MBoGMZN-LZ5wr50dN.1 file pulled, 0 skipped. Package:/data/app/-OP_MBoGMZN-LZ5wr50dNWA=/base.apkĬ0mputer ~ % adb pull /data/app/-OP_MBoGMZN-LZ5wr50dNWA=/base.apk C0mputer ~ % adb shell pm list packages|grep calcĬ0mputer ~ % adb shell pm path
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |