The master cracked the Trojan APP and burst into laughter at the end

The master cracked the Trojan APP and burst into laughter at the end

Everyone knows that you should not click on the link in the fraudulent text message, because there may be a Trojan APP hidden in it. So how do these malicious APPs get your information? A master successfully cracked one and also obtained the email and password of the Trojan maker. However, the other party left a trick in the code, and the master burst into laughter at the time. The story goes like this: A netizen received a text message: I just received it a while ago, and it started with my name, my full name, Zhang Zhizhen, I don’t know who it is.

I checked the cell phone number and it's an Internet telecom operator number from Sichuan. Can someone help me figure out what this is?

Then a Zhihu expert started his cracking journey:

I downloaded and installed this application on a virtual machine. Look, there are a lot of permissions. (There are many more permissions below)

After clicking, Device Admin permissions will be requested directly: this means that after you enable it, you cannot uninstall it easily.

Do you think I'm done here? I even decompiled it.

The program uses obfuscation, so it is not very easy to read the source code, but it still took me an hour or two to sort out the core parts of the code.

I found the main categories. This is a Trojan that transmits private information by sending emails, so the suspect's contact information must be in the application.

Sure enough, in the PreferencesWrapper (named by me later) class, I found this:

The actual corresponding username and password data is:

It was obviously encrypted. But this did not bother me, I found the encryption-related code in DESEncipher.

If DES is used for encryption, there must be a key. The key they use is:

Here, but when I go to use this as a key it fails.

Aha! It turns out that the part that initializes the key is here:

When I input ***'s key into the decryption:

Originally I was just curious and wanted to study what this person was trying to do: but...


I decompiled the virus for the first time and found the suspect’s contact information. So exciting!

In short! Remind netizens to think twice before installing applications! Try not to install applications from unknown websites!

I just tried to log in directly with the email client and saw some shocking content.

All your text messages and contacts will be sent to this email address after being infected by this Trojan. If someone obtains your Alipay password through social engineering and then uses this method to get the verification code, well, figure it out yourself.

The master cracked the Trojan APP and laughed when he saw ***

<<:  XcodeGhost malware updated to target iOS 9

>>:  The tempting mobile Internet is both a poison and an antidote for small and medium-sized enterprises

Recommend

What would happen if you never took a shower?

appendix: If you don’t like taking showers, you m...

Douyin monetization promotion, 7 ways to make money on Douyin!

2018 may be the year when everyone tried out TikT...

How to sell goods through live streaming using virtual IP!

According to statistics, after the outbreak of th...

New media operation 10w+ hit article title ideas!

New media people will never be excited after writ...

Have people in Northeast China ever eaten cranberries? | Bolan Daily

Have people from Northeast China ever eaten cranb...

Kuaishou’s tips on how to create hits!

As a social method for the younger generation, &q...

Apple's "stubborn" promotion

"Even though times are hard, we still can...