DISCLAIMER - The following is a FICTITIOUS story meant for providing realistic context for the Codebreaker Challenge and is not tied in any way to actual events.
Tech savvy terrorists have developed a new suite of communication tools to use for attack planning purposes. Their most recent creation — TerrorTime — is a secure mobile chat application that runs on Android devices. This program is of particular interest since recent intelligence suggests the majority of their communications are happening via this app. Your mission is to reverse-engineer and develop new exploitation capabilities to help discover and thwart future attacks before they happen. There are 7 tasks of increasing difficulty that you will be working through as part of this challenge. Ultimately, you will be developing capabilities that will enable the following:
- Spoof TerrorTime messages
- Masquerade (i.e., authenticate) as TerrorTime users without knowledge of their credentials
- Decrypt TerrorTime chat messages
The first three tasks of the challenge will provide you with everything you need to install and run TerrorTime in an Android emulator. You will also discover account information for two TerrorTime users, which will enable you to send chat messages between the users by running the app in two emulators. Beginning with Task 4, the difficulty will increase significantly as you begin working towards the goals outlined above. We hope you enjoy the challenge!
This resository contains provided files and my documentation for completing the 2019 Codebreaker Challenge. Keep in mind that this is just how I personally solved the challenge - there are multiple approaches and tools to solve these tasks!
- Task 1 - It Begins! - [Getting Started - Part 1] - (Network Traffic Analysis)
- Task 2 - Permissions - [Getting Started - Part 2] - (Mobile APK Analysis)
- Task 3 - Turn of Events - [Getting Started - Part 3] - (Database Analysis)
- Task 4 - Schemes - (Cryptography; Reverse Engineering; Language Analysis)
- Task 5 - Masquerade - (Vulnerability Analysis)
- Task 6a - Message Spoofing - (Vulnerability Analysis; Cryptanalysis)
- Task 6b - Future Message Decryption - (Vulnerability Analysis; Cryptanalysis)
- Task 7 - Distrust - (Reverse Engineering; Cryptography, Exploit Development)