0
1
00:00:06,660 --> 00:00:11,900
OK so now we have a situation where we know enough about simple locker to be able to do the decryption
1

2
00:00:11,900 --> 00:00:20,060
of our files. So simplocker is encrypting our files and we want to write a simple application that's
2

3
00:00:20,060 --> 00:00:25,610
able to use the code that we obtained through the static analysis and decrypt the files that were encrypted
3

4
00:00:25,610 --> 00:00:28,950
by simplelocker. OK.
4

5
00:00:28,950 --> 00:00:34,740
So before we do that let's check our emulator just in case we didn't save the state of the emulator
5

6
00:00:34,740 --> 00:00:41,190
for some reason and the files that were encrypted or not there, so let's just confirm that the file is
6

7
00:00:41,190 --> 00:00:48,480
there by doing a Adb shell,  CD SDcard, CD pictures
7

8
00:00:51,410 --> 00:00:54,290
so we turn off our emulator and we didn't save the state.
8

9
00:00:54,290 --> 00:00:59,570
So in this case the files are no longer there. No problem.
9

10
00:00:59,610 --> 00:01:03,670
We can quickly go over the steps of installing simplocker.
10

11
00:01:03,780 --> 00:01:07,630
We need to disconnect the Internet.
11

12
00:01:09,040 --> 00:01:16,030
Go to downloads ADB install.
12

13
00:01:16,040 --> 00:01:16,640
There we go.
13

14
00:01:17,750 --> 00:01:25,130
So it's been installed let's just make sure that we have the SD card part in the storage enabled.
14

15
00:01:25,350 --> 00:01:26,100
OK.
15

16
00:01:26,120 --> 00:01:29,850
Create create create.
16

17
00:01:30,050 --> 00:01:32,770
This will create the demo picture.
17

18
00:01:32,780 --> 00:01:40,390
Now we're going to run simplocker, get the notification maybe give it a few seconds so it encrypts
18

19
00:01:40,390 --> 00:01:48,420
our file and then we can run ADB uninstall org.simplelocker.
19

20
00:01:48,420 --> 00:01:50,340
There we go.
20

21
00:01:50,340 --> 00:01:57,280
Now we go to ADB shel,  CD SDcard, CD pictures.
21

22
00:01:57,580 --> 00:02:05,240
We will see that we have our encrypted file. OK. So now let's try to develop a simple Android application
22

23
00:02:05,330 --> 00:02:11,690
that will be able to decrypt the encrypted file and the source for the Android application is going
23

24
00:02:11,690 --> 00:02:20,640
to come from Simplelocker itself using static analysis. So we're going to create a new project let's call
24

25
00:02:20,640 --> 00:02:25,410
it for example simple locker decryptor.
25

26
00:02:26,640 --> 00:02:33,550
So here we're going to do some revision of building an Android application section if you didn't follow
26

27
00:02:33,550 --> 00:02:34,080
that part,
27

28
00:02:34,090 --> 00:02:35,250
It's not a problem.
28

29
00:02:35,380 --> 00:02:40,690
We will be building a very simple application and most of the code actually comes from Simplocker itself
29

30
00:02:42,250 --> 00:02:48,660
so the first thing we need to do we need to open the manifest and since we're going to be working with
30

31
00:02:48,660 --> 00:03:02,250
the SD card the first thing we need to do is add permission so users permission Android permission dot
31

32
00:03:03,600 --> 00:03:04,000
write 
32

33
00:03:04,010 --> 00:03:06,800
External storage.
33

34
00:03:07,700 --> 00:03:08,200
OK.
34

35
00:03:09,300 --> 00:03:16,390
And we closed the permission so since we're going to be writing to file we need to obviously request
35

36
00:03:16,420 --> 00:03:18,720
this permission.
36

37
00:03:18,740 --> 00:03:22,680
Now let's try and obtain the source code from here.
37

38
00:03:22,780 --> 00:03:25,850
We have quite a lot of code that we can just copy altogether.
38

39
00:03:27,230 --> 00:03:29,840
Just copy everything from a script.
39

40
00:03:31,060 --> 00:03:37,690
And here we're going to add a new class and call it the same dot aes script.
40

41
00:03:37,720 --> 00:03:38,380
There we go.
41

42
00:03:41,140 --> 00:03:47,920
OK now we are about to see a lot of errors over here notice that we changed the package name because
42

43
00:03:47,920 --> 00:03:52,500
we need the package to match our project. To save us some time.
43

44
00:03:52,500 --> 00:03:58,860
I'm just going to remove the encrypt function since we are only going to be using the decrypt and let's
44

45
00:03:58,860 --> 00:04:07,770
just fix the content a bit over here.
45

46
00:04:07,800 --> 00:04:12,990
Let's see here you're going to have some errors where you can automatically fix and add the exception
46

47
00:04:12,990 --> 00:04:15,400
with its signature.
47

48
00:04:15,470 --> 00:04:16,930
Same thing over here.
48

49
00:04:18,500 --> 00:04:23,790
Remember ALT + ENTER will give you the required fix here.
49

50
00:04:23,800 --> 00:04:29,170
JDGUI has a weird way of passing the parameters so all you need to do is take where you see an
50

51
00:04:29,170 --> 00:04:31,200
error like this.
51

52
00:04:31,250 --> 00:04:35,220
Just take these parameters and pass them directly.
52

53
00:04:35,330 --> 00:04:40,610
It's just the way JDGUI decompiled the passing of the parameters which is kind of breaking stuff
53

54
00:04:42,280 --> 00:04:43,770
so the same thing all over.
54

55
00:04:43,780 --> 00:04:45,850
We're going to take the parameter from here.
55

56
00:04:45,850 --> 00:05:00,330
Pass it to here and remove the line.
56

57
00:05:00,450 --> 00:05:02,640
We just need to do the same thing throughout
57

58
00:05:05,550 --> 00:05:08,970
keep fixing the errors by clicking on alt and enter
58

59
00:05:11,770 --> 00:05:15,110
and fix all the parameters that were passed incorrectly.
59

60
00:05:17,120 --> 00:05:18,530
And that's pretty much it.
60

61
00:05:18,530 --> 00:05:24,500
We have our aes script class that has the decrypt function inside it OK.
61

62
00:05:24,500 --> 00:05:31,460
Now if we go back to simple locker static analysis we see file encryptor is where aes script was actually
62

63
00:05:31,460 --> 00:05:40,030
being used so here he has a way of passing through all the required files. In our test,
63

64
00:05:40,030 --> 00:05:42,600
we're just going to test it on one specific file,
64

65
00:05:42,610 --> 00:05:49,100
the demo picture. But then in reality all you'd have to do is a method that parses through the entire
65

66
00:05:49,100 --> 00:05:56,360
SD card and find all the files with DOT ENC in the file name but we don't really need to go through
66

67
00:05:56,360 --> 00:06:05,730
all of this let's just copy the small part where aes script is being used so in decrypt all they're doing
67

68
00:06:05,730 --> 00:06:14,370
here is initiating aes script let's actually copy all of this and we'll fix it ourselves so we're gonna
68

69
00:06:14,400 --> 00:06:19,920
copy all decrypt and we're gonna paste it directly in the main class over here.
69

70
00:06:19,920 --> 00:06:22,260
So here we have the function called decrypt
70

71
00:06:24,840 --> 00:06:28,160
here he's initializing the class aes script.
71

72
00:06:28,320 --> 00:06:34,930
Again we need to fix how their parameter is being passed instead of passing it like that we're going
72

73
00:06:34,930 --> 00:06:35,500
to pass it there.
73

74
00:06:35,520 --> 00:06:43,760
No need to check if storage exists for now and again we're not going to go through all the files.
74

75
00:06:44,120 --> 00:06:46,920
We're just going to specify one file.
75

76
00:06:47,090 --> 00:06:49,590
Let's just take the small part that we need.
76

77
00:06:49,910 --> 00:06:57,200
Let's remove everything else so we're just going to call the class and then call the function decrypt
77

78
00:06:57,230 --> 00:07:04,830
within the class on the file that we're specifying. So the decrypt accepts two parameters.
78

79
00:07:04,930 --> 00:07:12,370
It takes a string as the file input and one as the output. That's where you're going to put the file
79

80
00:07:12,370 --> 00:07:20,200
name that you want to decrypt and the output file where you want it to be decrypted to. So let's just
80

81
00:07:20,200 --> 00:07:30,880
do string to decrypt equals SD card slash picture slash demo picture.
81

82
00:07:31,080 --> 00:07:40,810
Dot jpeg dot ENC so that's what we want to encrypt and what we want to decrypt.
82

83
00:07:40,980 --> 00:07:44,490
Let's call it dest decrypt.
83

84
00:07:44,880 --> 00:07:51,160
So destination decrypt, so that's where we want to place our new file.
84

85
00:07:52,670 --> 00:07:56,090
So that's the first parameter we're going to pass through the decrypt.
85

86
00:07:56,090 --> 00:08:02,380
The second parameter we're gonna pass destination decrypt here we're not going to actually delete the
86

87
00:08:02,380 --> 00:08:02,850
file.
87

88
00:08:03,880 --> 00:08:08,260
But what they're doing is they're actually deleting the old file.
88

89
00:08:08,420 --> 00:08:11,150
We're not going to delete it just in case it doesn't work.
89

90
00:08:11,150 --> 00:08:17,210
So if anything we test it out with one image and if it works we'll start deleting the files but we don't
90

91
00:08:17,210 --> 00:08:18,460
really want to delete.
91

92
00:08:18,470 --> 00:08:24,560
Just in case the decryption doesn't work and we end up encrypting the file even more and make it unrecoverable
92

93
00:08:26,040 --> 00:08:26,400
OK.
93

94
00:08:26,410 --> 00:08:29,340
So let's create a method.
94

95
00:08:29,440 --> 00:08:32,830
Public void on click
95

96
00:08:35,890 --> 00:08:38,030
so we're gonna do an event handler here.
96

97
00:08:39,330 --> 00:08:46,050
So if you remember to create and have a handler have to set it as a view and then over here let's just
97

98
00:08:46,050 --> 00:08:54,840
call the decrypt which is decrypting one specific file. OK let's just add the exceptions.
98

99
00:08:54,870 --> 00:09:00,180
So now on our user interface we're going to drop a button.
99

100
00:09:00,190 --> 00:09:02,120
There we go.
100

101
00:09:02,140 --> 00:09:03,850
No need to fix the position.
101

102
00:09:05,240 --> 00:09:09,450
But we do need to just add the event listener.
102

103
00:09:10,620 --> 00:09:20,530
Over here on click we're going to tell it to call the method on click that should be at let's have a
103

104
00:09:20,530 --> 00:09:20,850
look.
104

105
00:09:27,030 --> 00:09:27,390
OK.
105

106
00:09:27,420 --> 00:09:34,370
So let's try to run the decryptor. Just click Run app or the play button depending on whether you ran
106

107
00:09:34,370 --> 00:09:36,130
it before.
107

108
00:09:36,370 --> 00:09:44,440
This will install the app on the emulator but before let's confirm that the file is still encrypted
108

109
00:09:46,490 --> 00:09:57,770
so CD SD card slash pictures list files and yes we can see that it is encrypted.
109

110
00:09:57,880 --> 00:10:06,780
Now let's click on the button in our app. List the files again and we can see that it generated a decrypted
110

111
00:10:06,780 --> 00:10:19,830
file. Let's just confirm that it is decrypted run adb pull slash SD card slash pictures slash demo
111

112
00:10:19,860 --> 00:10:30,480
picture.JPEG so we downloaded it we actually ran ADB from our home folder flip.
112

113
00:10:30,600 --> 00:10:37,800
So let's go to flip and there is our demo picture you can see the hot air balloons.
113

114
00:10:37,820 --> 00:10:42,060
So the picture has been decrypted OK.
114

115
00:10:42,090 --> 00:10:49,440
So your next job would be to parse all the files in the SD card that end in dot ENC and run the
115

116
00:10:49,440 --> 00:10:51,800
decrypt function on them.
116

117
00:10:51,810 --> 00:10:52,700
So there you go.
117

118
00:10:52,770 --> 00:10:53,760
You have your decryptor!