Welcome to the UnCrackable Apps for Android and iOS, a collection of mobile reverse engineering challenges. These challenges are used as examples throughout the Mobile Security Testing Guide. Of course, you can also solve them for fun. If you do solve any of the challenges, please take a moment to do our brief post-cracking survey.
This app holds a secret inside. Can you find it?
- Objective: A secret string is hidden somewhere in this app. Find a way to extract it.
- Author: Bernhard Mueller
- Maintained by the OWASP MSTG leaders Jeroen Willemsen & Sven Schleier
This app is compatible with Android 4.4 and up.
$ adb install UnCrackable-Level1.apk
- Solution using frida by c0dmtr1x
- Solution using static analysis
- Solution using jdb
- Solution using frida by Eduardo Novella
- Solution using Xposed by sh3llc0d3r
This app holds a secret inside. May include traces of native code.
- Objective: A secret string is hidden somewhere in this app. Find a way to extract it.
- Author: Bernhard Mueller
- Special thanks to Michael Helwig for finding and fixing an oversight in the anti-tampering mechanism.
- Maintained by the OWASP MSTG leaders Jeroen Willemsen & Sven Schleier
This app is compatible with Android 4.4 and up.
$ adb install UnCrackable-Level2.apk
- Solution using frida and radare2 by c0dmtr1x
- Solution using frida by Eduardo Novella
- Solution using patches by sh3llc0d3r
The crackme from hell!
- Objective: A secret string is hidden somewhere in this app. Find a way to extract it.
- Author: Bernhard Mueller
- Special thanks to Eduardo Novella for testing, feedback and pointing out flaws in the initial build(s).
- Maintained by the OWASP MSTG leaders Jeroen Willemsen & Sven Schleier
This app is compatible with Android 4.4 and up.
$ adb install UnCrackable-Level3.apk
A brand new Android app sparks your interest. Of course, you are planning to purchase a license for the app eventually, but you'd still appreciate a test run before shelling out $1. Unfortunately no keygen is available!
- Objective: Generate a valid serial key that is accepted by this app.
- Author: Bernhard Mueller
- Maintained by the OWASP MSTG leaders Jeroen Willemsen & Sven Schleier
Copy the binary to your Android device and run using the shell.
$ adb push validate /data/local/tmp
[100%] /data/local/tmp/validate
$ adb shell chmod 755 /data/local/tmp/validate
$ adb shell /data/local/tmp/validate
Usage: ./validate <serial>
$ adb shell /data/local/tmp/validate 1234
Incorrect serial (wrong format).
This app holds a secret inside. Can you find it?
Objective: A secret string is hidden somewhere in this binary. Find a way to extract it. The app will give you a hint when started.
- Author: Bernhard Mueller
- Maintained by the OWASP MSTG leaders Jeroen Willemsen & Sven Schleier
Open the "Device" window in Xcode and drag the IPA file into the list below "Installed Apps".
Note: The IPA is signed with an Enterprise distribution certificate. You'll need to install the provisioning profile and trust the developer to run the app the "normal" way. Alternatively, re-sign the app with your own certificate, or run it on a jailbroken device (you'll want to do one of those anyway to crack it).
This app holds a secret inside - and this time it won't be tampered with!
- Author: Bernhard Mueller
- Maintained by the OWASP MSTG leaders Jeroen Willemsen & Sven Schleier
Objective: Find the secret code - it is related to alcoholic beverages.
Note: Due to its anti-tampering the app won't run correctly if the main executable is modified and/or re-signed. You'll need to trust the developer run it the standard way on a non-jailbroken device (General Settings -> Profile & Device Management) and to verify the solution.
Open the "Device" window in Xcode and drag the IPA file into the list below "Installed Apps".
Note: The IPA is signed with an Enterprise distribution certificate. You'll need to install the provisioning profile and trust the developer to run the app the "normal" way. Alternatively, re-sign the app with your own certificate, or run it on a jailbroken device (you'll want to do one of those anyway to crack it).
Did you enjoy working with the Crackmes? There is more! Go to the MSTG Hacking Playground and find out! Having troubles with getting through the playground challenges, check the Write-ups folder right here!
Currently, the code is being maintained by @commjoen. If the app does not boot, or if there is another bug: file an issue at this repository or at the one you should not go to.