Jump to content

Welcome to AppCake Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!

capture PDF password


  • You cannot start a new topic
  • Please log in to reply
4 replies to this topic

#1
Guest_fsound_*

Guest_fsound_*
  • Guest

Hi there,

I've purchased an app, which loads crypted PDF-files (normal AES password protection when opening) in the integrated PDF viewer.

 

So, the password *is* actually inside the app or a database, but I couldn't find it. I think, it's crypted.

Is it possible to capture the used password using GNU DBG while running? There must be a call or something, which openes the PDF app and sends the password.

 

Best,

fsound



#2
hotsjf

hotsjf

    7 years in scene

  • Admin
  • 7,625 posts
    • Time Online: 191d 19h 55m 24s
  • Twitter:@iphonecake_com
  • LocationUSA
  • iDevices Owned:iPod Classic, iPod Touch 4, iPhone 3GS, iPhone 4, iPhone 5S, iPhone 6+, iPad 1, iPad 3, iPad 4, iPad Air 2, Apple Watch, MacBook Air, MacBook Pro, iMac
  • Most used iOS:iOS 6, iOS 7, iOS 8

Do a simple reverse should find it, unless it's reading the password from online service



#3
Guest_fsound_*

Guest_fsound_*
  • Guest

Do a simple reverse should find it, unless it's reading the password from online service

 

At in-app purchase, the password gets transmitted to the free app... but - of course - it's crypted.

Since the app works offline, the password has to be stored somewhere... but also cryped.

 

What should I look for? Where should I set breakpoints (which functions). Sorry, my knowledge for debugging ends on win32 :)



#4
hotsjf

hotsjf

    7 years in scene

  • Admin
  • 7,625 posts
    • Time Online: 191d 19h 55m 24s
  • Twitter:@iphonecake_com
  • LocationUSA
  • iDevices Owned:iPod Classic, iPod Touch 4, iPhone 3GS, iPhone 4, iPhone 5S, iPhone 6+, iPad 1, iPad 3, iPad 4, iPad Air 2, Apple Watch, MacBook Air, MacBook Pro, iMac
  • Most used iOS:iOS 6, iOS 7, iOS 8

At in-app purchase, the password gets transmitted to the free app... but - of course - it's crypted.

Since the app works offline, the password has to be stored somewhere... but also cryped.

 

What should I look for? Where should I set breakpoints (which functions). Sorry, my knowledge for debugging ends on win32 :)

 

Tools like IDA works for ARM binary too



#5
Guest_fsound_*

Guest_fsound_*
  • Guest

Tools like IDA works for ARM binary too

 

I know, but I think, the decryption of the PDF works "online" in realtime, while the app is running.

Dumping the app to work in IDA is useless, since the password is gone - isn't it?