Security – Geert de Graaf

februari 6, 2017februari 18, 2017

Decoding The Mr. Robot VR experience

The Mr. Robot VR experience was a one time event (21-07-2016 1:45 p.m. ET). You needed the With.in app to watch the Mr. Robot VR experience.

I wanted to view this video another time so i did everything in my power to save this video! I succeeded this is my story:

With.in app

Files on my phone

Once the preload was finished i tried to open the video/audio files on my phone with no success. The files were encrypted.

Gut feeling

I had this gut feeling that the key would be sent before or during the one time event. To get the key i used a mobile packet capture app, i ran the capture during the one time event. After being blown away by the Mr. Robot VR experience i mined the capture and found the encryption-key.

Missing lock

While getting the encryption-key was easy the tough part is getting the files decrypted using “DfZw7wrIxvSdHP3S” . I had to find out the used encryption method to decrypt the files.

Decompiling

I needed to decompile the android apk to find the used encryption method. I downloaded a recent version from apk4fun. To decompile the app we first need to use a tool called dex2jar, to view the exported jar file i used the tool JD-GUI it can be downloaded from github.

The lock

After a while i found EncryptedVideoDataSource it included the final clue “private String algorithm = “RC4″;”

Decrypting (finally)

Now we can decrypt the files. I created a program to decrypt using RC4 in Visual Studio it can be downloaded from github. After decoding i had 5 playable files.

Compositing the audio and video

Unfortunately i cannot play separate audio/video files on my VR headset.

I had to integrate the audio into the video. The audio included 4 stereo mp3’s for 360 audio. I found that you can effortlessly create the needed file using Adobe Premiere. After exporting it from premiere i can finaly re-enjoy the Mr. Robot VR experience.

Conclusion

I did succeed in getting the “one time” edition of the Mr. Robot VR experience.

But actually all of this doesn’t matter anymore because The Mr. Robot VR experience is now widely available.

Download

december 2, 2015februari 4, 2017

Bunq-app slaat identiteitsgegevens onbeveiligd op

NOS
Tweakers

Automatiseringsgids
Numrush
Androidplanet
Emerce
Nu.nl
RTL
RTL-z
Sneap
Kassa
Bright

september 4, 2015februari 5, 2017

Dutch Health Hackathon

E-mailtje van Iprototype:

`Kraak de code en win €250 tegoed bij iPrototype`

Wil je vast even oefenen met hacken? Op de website www.dhh2015.nl staan meerdere woorden verstopt, die samen één zin vormen. Heb je de verborgen zin gevonden? Meld het ons via info@dutchhealthhackathon.nl. Je maakt dan kans op een waardebon van €250,- vrij te besteden bij iPrototype.

Hint 1:


Na een BASE64 decode krijg je: “Help jij GGZ-Friesland”.
Gevonden hint: Help jij GGZ-Friesland

Hint 2:

Achter http://www.dutchhealthhackathon.com/interface/images/podium.png zit extra payload
Gevonden hint: innovatieve tools te ontwikkelen

Hint 3:

Exif (exif) info in plaatje:
=======www.dutchhealthhackathon.com/interface/images/dhh.jpg======= ExifTool Version Number : 10.00 File Name : dhh.jpg Directory : D:/Geert/Dropbox/My Web Sites/a/www.dutchhealthhackathon.com/interface/images File Size : 170 kB File Modification Date/Time : 2015:06:02 15:53:10+02:00 File Access Date/Time : 2015:08:28 18:23:32+02:00 File Creation Date/Time : 2015:08:28 14:31:33+02:00 File Permissions : rw-rw-rw- File Type : JPEG File Type Extension : jpg MIME Type : image/jpeg Exif Byte Order : Little-endian (Intel, II) Make : die bijdragen aan de zorg? XMP Toolkit : XMP Core 4.4.0-Exiv2 Creator Tool : Adobe Photoshop CS5 Windows Instance ID : xmp.iid:394F6806B5D911E4A926AC8453081018 Document ID : xmp.did:394F6807B5D911E4A926AC8453081018 Derived From Instance ID : xmp.iid:394F6804B5D911E4A926AC8453081018 Derived From Document ID : xmp.did:394F6805B5D911E4A926AC8453081018 Quality : 100% DCT Encode Version : 100 APP14 Flags 0 : [14], Encoded with Blend=1 downsampling APP14 Flags 1 : (none) Color Transform : YCbCr Image Width : 1920 Image Height : 1064 Encoding Process : Baseline DCT, Huffman coding Bits Per Sample : 8 Color Components : 3 Y Cb Cr Sub Sampling : YCbCr4:4:4 (1 1) Image Size : 1920x1064 Megapixels : 2.0 =======www.dutchhealthhackathon.com/interface/images/dhh.jpg=======

Gevonden hint: die bijdragen aan de zorg?

Hint 4:

http://www.dutchhealthhackathon.com/scriptlibrary/jquery.scrollto.js
/*! * jquery.scrollto.js 0.0.1 - https://github.com/yckart/jquery.scrollto.js * Scroll smooth to any element in your DOM. * * Copyright (c) 2012 Yannick Albert (http://yckart.com) * Licensed under the MIT license (http://www.opensource.org/licenses/mit-license.php). * 2013/02/17 * Een op de vier nederlanders **/
Gevonden hint: Een op de vier nederlanders

Hint 5:

HTTP response headers http://www.dutchhealthhackathon.com/
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Encoding: gzip Vary: Accept-Encoding Server: Microsoft-IIS/7.5 SecretKey: krijgt te maken met een X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Thu, 03 Sep 2015 23:19:38 GMT Content-Length: 5828
Gevonden hint: krijgt te maken met een

Hint 6:

<img src="interface/images/contact.svg" alt="psychische stoornis">
Gevonden hint: psychische stoornis

Dat maakt samen:

Een op de vier nederlanders krijgt te maken met een psychische stoornis
Help jij GGZ-Friesland innovatieve tools te ontwikkelen die bijdragen aan de zorg?

Overig:

Niet gebruikte klassen “oplossing” in css.
Map bestaat http://www.dutchhealthhackathon.com/backup
Missende video 404 http://www.dutchhealthhackathon.com/interface/video/dhh.ogv