HackTheBox APKrypt Challenge
Explore the basics of cybersecurity in the APKrypt Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
https://app.hackthebox.com/challenges/285
Description
Can you get the ticket without the VIP code?
Exploitation
Use jadx-gui to decompile and look at the code.
1
apktool d <apk>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
import hashlib
from base64 import b64decode
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
def md5_hash(text):
md5 = hashlib.md5()
md5.update(text.encode())
return ''.join(hex(x)[2:] for x in md5.digest())
def decrypt_aes(encrypted_str):
key = b'Dgu8Trf6Ge4Ki9Lb'
encrypted_bytes = b64decode(encrypted_str)
cipher = AES.new(key, AES.MODE_ECB)
decrypted = unpad(cipher.decrypt(encrypted_bytes), AES.block_size)
return decrypted.decode('utf-8')
def main():
target_hash = "735c3628699822c4c1c09219f317a8e9"
encrypted = "k+RLD5J86JRYnluaZLF3Zs/yJrVdVfGo1CQy5k0+tCZDJZTozBWPn2lExQYDHH1l"
print("Decrypting AES string...")
try:
decrypted = decrypt_aes(encrypted)
print(f"Decrypted string: {decrypted}")
except Exception as e:
print(f"Error decrypting: {e}")
if __name__ == "__main__":
main()
Summary
The APKrypt Challenge on Hack The Box is an easy-level challenge that introduces encryption reversal and file handling concepts, making it ideal for beginners interested in Android security. In this challenge, participants are tasked with obtaining a ticket without the VIP code by reversing an encrypted APK. Tools like jadx-gui and apktool are used to decompile the APK and analyze the Java code. The challenge revolves around decrypting an AES-encrypted string using a fixed key. A Python script is provided, which demonstrates how to perform AES decryption and retrieve the ticket. This challenge offers a great introduction to reversing Android applications and understanding encryption methods.