Find file History
Latest commit d7379e5 Oct 1, 2018
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
Android #992: spelling fixes Sep 13, 2018
Write-ups Fixed markdown for github Jun 16, 2018
iOS Re-add crackmes as regular files May 22, 2017
README.md Fix url Oct 1, 2018

README.md

UnCrackable Mobile Apps

Welcome to the UnCrackable Apps for Android and iOS, a collection of mobile reverse engineering challenges. These challenges are used as examples throughout the Mobile Security Testing Guide. Of course, you can also solve them for fun. If you do solve any of the challenges, please take a moment to do our brief post-cracking survey.

Android

UnCrackable App for Android Level 1

This app holds a secret inside. Can you find it?

Installation

This app is compatible with Android 4.4 and up.

$ adb install UnCrackable-Level1.apk

Solutions

UnCrackable App for Android Level 2

This app holds a secret inside. May include traces of native code.

  • Objective: A secret string is hidden somewhere in this app. Find a way to extract it.
  • Author: Bernhard Mueller
  • Special thanks to Michael Helwig for finding and fixing an oversight in the anti-tampering mechanism.
  • Maintained by the OWASP MSTG leaders Jeroen Willemsen & Sven Schleier

Installation

This app is compatible with Android 4.4 and up.

$ adb install UnCrackable-Level2.apk

Solutions

UnCrackable App for Android Level 3

The crackme from hell!

  • Objective: A secret string is hidden somewhere in this app. Find a way to extract it.
  • Author: Bernhard Mueller
  • Special thanks to Eduardo Novella for testing, feedback and pointing out flaws in the initial build(s).
  • Maintained by the OWASP MSTG leaders Jeroen Willemsen & Sven Schleier

Installation

This app is compatible with Android 4.4 and up.

$ adb install UnCrackable-Level3.apk

Solutions

Android License Validator

A brand new Android app sparks your interest. Of course, you are planning to purchase a license for the app eventually, but you'd still appreciate a test run before shelling out $1. Unfortunately no keygen is available!

Installation

Copy the binary to your Android device and run using the shell.

$ adb push validate /data/local/tmp
[100%] /data/local/tmp/validate
$ adb shell chmod 755 /data/local/tmp/validate
$ adb shell /data/local/tmp/validate
Usage: ./validate <serial>
$ adb shell /data/local/tmp/validate 1234
Incorrect serial (wrong format).

Solutions

iOS

UnCrackable App for iOS Level 1

This app holds a secret inside. Can you find it?

Objective: A secret string is hidden somewhere in this binary. Find a way to extract it. The app will give you a hint when started.

Installation

Open the "Device" window in Xcode and drag the IPA file into the list below "Installed Apps".

Note: The IPA is signed with an Enterprise distribution certificate. You'll need to install the provisioning profile and trust the developer to run the app the "normal" way. Alternatively, re-sign the app with your own certificate, or run it on a jailbroken device (you'll want to do one of those anyway to crack it).

Solutions

UnCrackable App for iOS Level 2

This app holds a secret inside - and this time it won't be tampered with!

Objective: Find the secret code - it is related to alcoholic beverages.

Note: Due to its anti-tampering the app won't run correctly if the main executable is modified and/or re-signed. You'll need to trust the developer run it the standard way on a non-jailbroken device (General Settings -> Profile & Device Management) and to verify the solution.

Installation

Open the "Device" window in Xcode and drag the IPA file into the list below "Installed Apps".

Note: The IPA is signed with an Enterprise distribution certificate. You'll need to install the provisioning profile and trust the developer to run the app the "normal" way. Alternatively, re-sign the app with your own certificate, or run it on a jailbroken device (you'll want to do one of those anyway to crack it).

Solutions

Mobile Security testing playground

Did you enjoy working with the Crackmes? There is more! Go to the MSTG Hacking Playground and find out! Having troubles with getting through the playground challenges, check the Write-ups folder right here!

Issues with the Crackmes

Currently, the code is being maintained by @commjoen. If the app does not boot, or if there is another bug: file an issue at this repository or at the one you should not go to.