[ Walkthrough 2015移动安全挑战赛(第二届): iOS Challenge 1 ]

It’s been a long time since we wrote something here.
Today i will be writing on a simple iOS crackme which i found some time to play with 10days ago.

To make it easier for everyone to follow this lame guide of mine.
I’ve attached the file here: iOS Crackme

iOS.0x0001

The original question given to participants is like above.

But i’ve loosely translated the above text for simplicity sake. 😀

Opening the binary file in IDA Pro, the first thing that i usually look for in iOS Crackmes are “Strings” or “onClick” first.

In this case, i went for “strings”. The first thing that caught my eye is “decryptPassword
iOS.0x0001_1

Double click that string and then press “X” to list the cross references. I selected the method using that.

iOS.0x0001_2

After selecting that, you will get the following.

iOS.0x0001_3

As i’m on of those lucky ones to have the “Decompiler”, pressing “tab” and we will see this beautiful pseudo code.

iOS.0x0001_4

I’ve extracted out the codes for better reading purposes.

 

Based on the above pseudo codes, we can identify several things.

1.) There are 5 loops. Each loop started off by doing Caesar Cipher on the following base64 encoded string.

2.) After the Caesar Cipher, it base64 decoded the returned result .

3.)  Then it did a AES decrypt with the base64 decoded string and the key is the following:

4.) Then it repeats this process until the loop ended.

5.) Finally it compared the final result with the entered input by the user.

I made a simple python script to illustrate the steps.

 

The key for this challenge is “Sp4rkDr0idKit

Happy Reversing
Jacob Soo