0

I've been trying to decompile and extract useful data from an APK for some time now. This data is stored in CSV files inside an "assets" folder. Unfortunately, the developers got smart, and have begun encrypting these CSVs starting in July. I've exhausted every way I know of to try and turn these files into readable versions of themselves without any success. But then, I realized, there are a few files in the assets folder that haven't changed since well before July—thus, I have both the decrypted and encrypted versions of these files. Using this knowledge, is it possible to predict the encryption pattern that all other files in the directory went through?

I'm fairly sure that it was encrypted bit-level, not byte-level since there are a lot of unknown characters (represented as special question marks) while trying to read these CSVs using Notepad/TextEdit/Atom in UTF-8 mode (or any other mode except UTF-16, really).

Farhana Naaz Ansari
  • 7,524
  • 26
  • 65
  • 105
QuaternionsRock
  • 832
  • 7
  • 14
  • You should replace "excel" with "obfuscation" since although technically there might be an encryption algo in play, it can only really be obfuscating the code. – xendi Sep 05 '16 at 02:34

2 Answers2

0

You're talking about a "known plain text" attack. No modern, widely used method is vulnerable to this kind of attack, but many home grown encryption methods are. Even with known text, you need to know or guess a lot about the details of the encryption algorithm.

A better plan might be to hack the software that you know is doing the decrypting, which must contain both the algorithm and the key.

ddyer
  • 1,792
  • 19
  • 26
0

You'd have better luck simply guessing based on the encrypted output. You'll need to familiarize yourself with characteristics of the output of algorithms and compare against what you see. This is probably a lot easier for hashes but you're talking about encryption. To answer your question though, it's unlikely that you're going to be able to use an unencrypted version of a file to break the encrypted one. You might try encrypting that file using different algorithms and comparing the results. That might give you the algo but could take longer.

Alternatively, here are some tools I found that might be able to automate the process for you...

https://code.google.com/archive/p/aligot/

https://bitbucket.org/daniel_plohmann/simplifire.idascope

https://www.aldeid.com/wiki/IDA-Pro/plugins/FindCrypt2

To crack it, you're also going to need to find the key that was used to encrypt it. Since it's a program that obvious must be decrypted to use, that key shouldn't be impossible to find. It's either in the apk or on a server somewhere in which case use wireshark but I'm guessing it's embedded.

They might be usig DexGuard or ProGuard. Here's a related post What methods are being used to protect this Android APK: Reflection? Encryption? How do I reverse engineer it and analyze it?

If it's ProGuard you might start with something like this: http://proguard.sourceforge.net/manual/retrace/examples.html

Here's some info on that: How to decode ProGuard's obfuscated code precisely?

Community
  • 1
  • 1
xendi
  • 2,332
  • 5
  • 40
  • 64
  • Added some more info about what they could be using to encrypt and how you might start reverse engineering. – xendi Sep 05 '16 at 02:11