The master cracked the Trojan APP and burst into laughter at the end

Everyone knows that you should not click on the link in the fraudulent text message, because there may be a Trojan APP hidden in it. So how do these malicious APPs get your information? A master successfully cracked one and also obtained the email and password of the Trojan maker. However, the other party left a trick in the code, and the master burst into laughter at the time. The story goes like this: A netizen received a text message: I just received it a while ago, and it started with my name, my full name, Zhang Zhizhen, I don’t know who it is.

I checked the cell phone number and it's an Internet telecom operator number from Sichuan. Can someone help me figure out what this is?

Then a Zhihu expert started his cracking journey:

I downloaded and installed this application on a virtual machine. Look, there are a lot of permissions. (There are many more permissions below)

After clicking, Device Admin permissions will be requested directly: this means that after you enable it, you cannot uninstall it easily.

Do you think I'm done here? I even decompiled it.

The program uses obfuscation, so it is not very easy to read the source code, but it still took me an hour or two to sort out the core parts of the code.

I found the main categories. This is a Trojan that transmits private information by sending emails, so the suspect's contact information must be in the application.

Sure enough, in the PreferencesWrapper (named by me later) class, I found this:

The actual corresponding username and password data is:

It was obviously encrypted. But this did not bother me, I found the encryption-related code in DESEncipher.

If DES is used for encryption, there must be a key. The key they use is:

Here, but when I go to use this as a key it fails.

Aha! It turns out that the part that initializes the key is here:

When I input ***'s key into the decryption:

Originally I was just curious and wanted to study what this person was trying to do: but...

I decompiled the virus for the first time and found the suspect’s contact information. So exciting!

In short! Remind netizens to think twice before installing applications! Try not to install applications from unknown websites!

I just tried to log in directly with the email client and saw some shocking content.

All your text messages and contacts will be sent to this email address after being infected by this Trojan. If someone obtains your Alipay password through social engineering and then uses this method to get the verification code, well, figure it out yourself.

The master cracked the Trojan APP and laughed when he saw ***