Court of Analysis and Testing

 Disclaimer: This post is heavily based on Lukas Stefanko "Analysis of CryCryptor Android Ransomware and how I created decryptor | fake COVID-19 tracing app" all of the credit goes to him and please support his channel(You can check the video in this link ) Background: As soon I see the video, I grab my laptop and to try analyze the malware by myself and see what I came out with. In summary, I understand the encryption along with the decryption process, internal works of the malware in detail and I managed to come out with an alternative way to decrypt back the file. Nevertheless, the concept is pretty much the same from the original video. In this post, I will teach you how to analyze it and create your own tools for recovering the encrypted file. Before we move on to the juicy stuff, the following is the background story of CrypCryptor Android: It's targeting user in Canada It disguises itself as an official COVID-19 tracing app provided by Health Canada

Sooner or later, it will come the time when you start thinking about developing your own tools. Because the tools you usually used are not enough and you think you can do it better  Thus, in this post, I will show you some of the thought processes that you can apply when designing your own hacking tools.  We will take a look at how to automate the process of intercepting an Android application. If you want to see the source code directly you can check the following Github link   Some Background Knowledge: Let's start with a simple question? "why do we want to automate the process of intercepting an Android application?" we can do this pretty easy right? You just have to alter the device network to your proxy device(Burp Suite or MITMProxy) by changing the wifi setting.  Note: 192.168.56.1 is the proxy device 8080 is the port that the proxy device listening into Make sure the proxy is listening to all interface: