Андрей Андреевич (Andrew Andreevich)

duckerz

Task: Android APK with native JNI library containing encrypted flag. Solution: Reverse-engineered custom hash function and XOR cipher, discovered Android Bionic uses BSD PRNG (not glibc LCG), brute-forced 5-char input with known-plaintext constraints from flag format.

brute_force xor_cipher android apk prng anti_debug native_library jni

xor_decryptionknown_plaintext_attackapk_decompilationjni_reverse_engineeringbionic_prng_emulationconstraint_based_pruning

$ ls tags/ techniques/

brute_force xor_cipher android apk prng anti_debug native_library jni

xor_decryptionknown_plaintext_attackapk_decompilationjni_reverse_engineeringbionic_prng_emulationconstraint_based_pruning

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[reverse][Pro]Эльфийский смали (Elfiyskiy Smali)— hackerlab
[reverse][Pro]129 (Утка)— duckerz
[reverse][Pro]Зелёный робот (Green Robot)— hackerlab
[reverse][free]SAW— hackthebox
[reverse][Pro]Танчики (Tanks)— duckerz