Decoding The Mr. Robot VR experience

The Mr. Robot VR experience was a one time event (21-07-2016 1:45 p.m. ET). You needed the With.in app to watch the Mr. Robot VR experience.

I wanted to view this video another time so i did everything in my power to save this video! I succeeded this is my story:

With.in app

Files on my phone

Once the preload was finished i tried to open the video/audio files on my phone with no success. The files were encrypted.

Preloaded files on phone

Gut feeling

I had this gut feeling that the key would be sent before or during the one time event. To get the key i used a mobile packet capture app, i ran the capture during the one time event. After being blown away by the Mr. Robot VR experience i mined the capture and found the encryption-key.

HTTPS sniffer

Missing lock

While getting the encryption-key was easy the tough part is getting the files decrypted using “DfZw7wrIxvSdHP3S” . I had to find out the used encryption method to decrypt the files.

Decompiling

I needed to decompile the android apk to find the used encryption method. I downloaded a recent version from apk4fun. To decompile the app we first need to use a tool called dex2jar, to view the exported jar file i used the tool JD-GUI it can be downloaded from github.

The lock

After a while i found EncryptedVideoDataSource it included the final clue “private String algorithm = “RC4″;”

Decompiled

Decrypting (finally)

Now we can decrypt the files. I created a program to decrypt using RC4 in Visual Studio it can be downloaded from github. After decoding i had 5 playable files.

Compositing the audio and video

Unfortunately i cannot play separate audio/video files on my VR headset.

Decrypted files

I had to integrate the audio into the video. The audio included 4 stereo mp3’s for 360 audio. I found that you can effortlessly create the needed file using Adobe Premiere. After exporting it from premiere i can finaly re-enjoy the Mr. Robot VR experience.

Final VR composite

Conclusion

I did succeed in getting the “one time” edition of the Mr. Robot VR experience.

But actually all of this doesn’t matter anymore because The Mr. Robot VR experience is now widely available.

Download

Dutch Health Hackathon

E-mailtje van Iprototype:

Kraak de code en win €250 tegoed bij iPrototype

Wil je vast even oefenen met hacken? Op de website www.dhh2015.nl staan meerdere woorden verstopt, die samen één zin vormen. Heb je de verborgen zin gevonden? Meld het ons via info@dutchhealthhackathon.nl. Je maakt dan kans op een waardebon van €250,- vrij te besteden bij iPrototype.

Hint 1:

<!-- SGVscCBqaWogR0daLUZyaWVzbGFuZA== -->
Na een BASE64 decode krijg je: “Help jij GGZ-Friesland”.
Gevonden hint: Help jij GGZ-Friesland

Hint 2:

Achter http://www.dutchhealthhackathon.com/interface/images/podium.png zit extra payload
Gevonden hint: innovatieve tools te ontwikkelen

Hint 3:

Exif (exif) info in plaatje:
=======www.dutchhealthhackathon.com/interface/images/dhh.jpg=======
ExifTool Version Number : 10.00
File Name : dhh.jpg
Directory : D:/Geert/Dropbox/My Web Sites/a/www.dutchhealthhackathon.com/interface/images
File Size : 170 kB
File Modification Date/Time : 2015:06:02 15:53:10+02:00
File Access Date/Time : 2015:08:28 18:23:32+02:00
File Creation Date/Time : 2015:08:28 14:31:33+02:00
File Permissions : rw-rw-rw-
File Type : JPEG
File Type Extension : jpg
MIME Type : image/jpeg
Exif Byte Order : Little-endian (Intel, II)
Make : die bijdragen aan de zorg?
XMP Toolkit : XMP Core 4.4.0-Exiv2
Creator Tool : Adobe Photoshop CS5 Windows
Instance ID : xmp.iid:394F6806B5D911E4A926AC8453081018
Document ID : xmp.did:394F6807B5D911E4A926AC8453081018
Derived From Instance ID : xmp.iid:394F6804B5D911E4A926AC8453081018
Derived From Document ID : xmp.did:394F6805B5D911E4A926AC8453081018
Quality : 100%
DCT Encode Version : 100
APP14 Flags 0 : [14], Encoded with Blend=1 downsampling
APP14 Flags 1 : (none)
Color Transform : YCbCr
Image Width : 1920
Image Height : 1064
Encoding Process : Baseline DCT, Huffman coding
Bits Per Sample : 8
Color Components : 3
Y Cb Cr Sub Sampling : YCbCr4:4:4 (1 1)
Image Size : 1920x1064
Megapixels : 2.0
=======www.dutchhealthhackathon.com/interface/images/dhh.jpg=======

Gevonden hint: die bijdragen aan de zorg?

Hint 4:

http://www.dutchhealthhackathon.com/scriptlibrary/jquery.scrollto.js
/*!
* jquery.scrollto.js 0.0.1 - https://github.com/yckart/jquery.scrollto.js
* Scroll smooth to any element in your DOM.
*
* Copyright (c) 2012 Yannick Albert (http://yckart.com)
* Licensed under the MIT license (http://www.opensource.org/licenses/mit-license.php).
* 2013/02/17
* Een op de vier nederlanders
**/

Gevonden hint: Een op de vier nederlanders

Hint 5:

HTTP response headers http://www.dutchhealthhackathon.com/
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
SecretKey: krijgt te maken met een
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Thu, 03 Sep 2015 23:19:38 GMT
Content-Length: 5828

Gevonden hint: krijgt te maken met een

Hint 6:

<img src="interface/images/contact.svg" alt="psychische stoornis">
Gevonden hint: psychische stoornis

Dat maakt samen:

Een op de vier nederlanders krijgt te maken met een psychische stoornis
Help jij GGZ-Friesland innovatieve tools te ontwikkelen die bijdragen aan de zorg?

Overig:

Niet gebruikte klassen “oplossing” in css.
Map bestaat http://www.dutchhealthhackathon.com/backup
Missende video 404 http://www.dutchhealthhackathon.com/interface/video/dhh.ogv