mobilemedium
Protected
hackthebox
Task: recover a hidden flag.png from a ZipCrypto-encrypted Android /data partition dump containing Gallery Vault app artifacts. Solution: crack ZipCrypto via known-plaintext attack (bkcrack) using predictable shared_prefs XML, then reverse Gallery Vault encryption (DES key chain + XOR stream cipher with >>tyfs>> markers) to decrypt the hidden image.
$ ls tags/ techniques/
sqlitedesxorknown_plaintext_attackandroidbkcrackzipcryptomobile_forensicsgallery_vaultdata_partitionfile_hiding
zipcrypto_known_plaintext_attackgallery_vault_decryptiondes_key_derivation_chainxor_stream_cipherandroid_data_partition_analysishidden_app_artifact_recovery
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Create a free account with GitHub, then upgrade to Pro.
$ssh [email protected]