Like any eager hacker starting a mobile challenge, I dove straight in trying to install the APK. However, Android had other plans for my evening:
adb install .\\\\cryptovault.apk
Performing Streamed Install
adb: failed to install .\\\\cryptovault.apk: Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES: Failed to collect certificates from /data/app/vmdl318868043.tmp/base.apk: Attempt to get length of null array]
Ah yes, the classic "where's your signature, buddy?" error. Android, being the responsible platform it is, refuses to run applications without proper signing. It's like trying to enter a fancy restaurant without a tie – you've got to dress the part!
First things first, we need the Android SDK build tools. Adding them to PATH:
C:\\\\Users\\\\<USER>\\\\AppData\\\\Local\\\\Android\\\\Sdk\\\\build-tools\\\\34.0.0
While we could jump straight to signing the APK, experience has taught us that we'll need to decompile it anyway for our investigation. So why not kill two birds with one stone?
Time to crack open this APK like a digital coconut using apktool. For those unfamiliar with apktool, it's like having X-ray vision for Android apps - it lets us peek inside and see what makes them tick!
apktool d .\\\\cryptovault.apk
cd cryptovaul
smali files (Android's equivalent of assembly code - as fun to read as ancient hieroglyphics!)res/AndroidManifest.xmlassets directorySince we can't get in without proper credentials, let's make some! We'll create a signing key that would make any app proud:
keytool -genkey -v -keystore research.keystore -alias research_key -keyalg RSA -keysize 2048 -validity 10000