Everyone knows that you should not click on the link in the fraudulent text message, because there may be a Trojan APP hidden in it. So how do these malicious APPs get your information? A master successfully cracked one and also obtained the email and password of the Trojan maker. However, the other party left a trick in the code, and the master burst into laughter at the time. The story goes like this: A netizen received a text message: I just received it a while ago, and it started with my name, my full name, Zhang Zhizhen, I don’t know who it is. I checked the cell phone number and it's an Internet telecom operator number from Sichuan. Can someone help me figure out what this is? Then a Zhihu expert started his cracking journey: I downloaded and installed this application on a virtual machine. Look, there are a lot of permissions. (There are many more permissions below) After clicking, Device Admin permissions will be requested directly: this means that after you enable it, you cannot uninstall it easily. Do you think I'm done here? I even decompiled it. The program uses obfuscation, so it is not very easy to read the source code, but it still took me an hour or two to sort out the core parts of the code. I found the main categories. This is a Trojan that transmits private information by sending emails, so the suspect's contact information must be in the application. Sure enough, in the PreferencesWrapper (named by me later) class, I found this: The actual corresponding username and password data is: It was obviously encrypted. But this did not bother me, I found the encryption-related code in DESEncipher. If DES is used for encryption, there must be a key. The key they use is: Here, but when I go to use this as a key it fails. Aha! It turns out that the part that initializes the key is here: When I input ***'s key into the decryption: Originally I was just curious and wanted to study what this person was trying to do: but...
In short! Remind netizens to think twice before installing applications! Try not to install applications from unknown websites! I just tried to log in directly with the email client and saw some shocking content. All your text messages and contacts will be sent to this email address after being infected by this Trojan. If someone obtains your Alipay password through social engineering and then uses this method to get the verification code, well, figure it out yourself. The master cracked the Trojan APP and laughed when he saw *** |
<<: XcodeGhost malware updated to target iOS 9
appendix: If you don’t like taking showers, you m...
I often see questions like these on the Internet,...
In terms of the governance of "cyber violenc...
2018 may be the year when everyone tried out TikT...
Why does black smoke appear when the oil pan is h...
According to statistics, after the outbreak of th...
Original title: The “space business trip” schedul...
On the evening of February 22, 2022, the Central ...
New media people will never be excited after writ...
Have people from Northeast China ever eaten cranb...
Today, we will use actual cases to further analyz...
As a social method for the younger generation, &q...
A bird's eye view of science Quanzhou Associa...
"Even though times are hard, we still can...