Explore the basics of cybersecurity in the Ancored Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/284

Description#

A client asked me to check if I can intercept the https request and get the value of the secret parameter that is passed along with the user’s email. The application is intended to run in a non-rooted device. Can you help me find a way to intercept this value in plain text.

Exploitation#

Use jadx-gui to decompile and look at the code or decompiled using www.javadecompilers.com, reveals MainActivity.java from the com.example.anchored package. It utilizes native methods (frf(), prp(), mrm()) linked to libanchored.so to construct HTTP request parameters.

The Java_com_example_anchored_MainActivity_frf function in libanchored.so applies XOR encryption using specific byte constants (e.g., 0x0012d0c9 for t and 0x0012d0cb for u). Decryption can be performed using the known XOR keys (local_e8) and encrypted data (local_198), which can be simulated with a Python script.

#!/usr/bin/python3
from pwn import xor

def xor(data, key):
    return bytes([data[i] ^ key[i % len(key)] for i in range(len(data))])

ct = b't%u9t8?M/~bx&uz-ebtux8'
key = b'!K!K!KK~K!!KT!KKT!@!KK'
decrypted_text = xor(ct, key)
print("Decrypted Text: HTB{" + decrypted_text.decode() + "}")

Summary#

The Ancored Challenge on Hack The Box is an easy-level challenge focused on encryption reversal and file handling. It involves decompiling the APK to expose native methods (frf(), prp(), mrm()) linked to libanchored.so for building HTTP request parameters. The challenge guides you through understanding the XOR encryption in the frf() function, and you create a Python script to simulate the decryption. By reversing the encryption, you uncover sensitive data, offering valuable insights into the app’s security practices.