http://qtnes.com/tags/decryption/Recent content in Decryption on QtnesHugoen-usThu, 16 Apr 2026 00:00:00 +0000http://qtnes.com/posts/5---mediterraneanpotions---decrypting-a-flutter-apps-encrypted-database/Thu, 16 Apr 2026 00:00:00 +0000http://qtnes.com/posts/5---mediterraneanpotions---decrypting-a-flutter-apps-encrypted-database/<h2 id="overview">Overview</h2> <p>MediterraneanPotions was a Flutter challenge built around a single encrypted asset: <code>potions.hive</code>, a Hive key-value database where every record was AES-CBC encrypted. The AES key was hardcoded in the app&rsquo;s native Dart binary. The Hive frame format embedded a per-record IV.</p> <p>The challenge was to find the key, understand the binary format, and decrypt all records.</p> <h2 id="first-impressions">First Impressions</h2> <p>The APK was a Flutter application. That changed the decompilation landscape immediately: the main application logic was compiled into <code>libapp.so</code> as native Dart code, not Java bytecode. JADX produced almost nothing useful beyond the Android framework glue.</p>http://qtnes.com/posts/3---smoke---bypassing-stringfog-and-decoding-a-custom-string-cipher/Wed, 15 Apr 2026 00:00:00 +0000http://qtnes.com/posts/3---smoke---bypassing-stringfog-and-decoding-a-custom-string-cipher/<h2 id="overview">Overview</h2> <p>Smoke was a StringFog challenge. StringFog is an open-source Android string obfuscation tool that transforms every string literal in the bytecode into an encrypted hex payload, decoded on demand by a runtime method injected into the class. The goal is to make static analysis significantly harder: decompiling the APK produces no human-readable strings, only opaque calls like <code>AbstractC0006a5.o(&quot;e30385842152b38cc3ab85&quot;)</code>.</p> <p>The challenge used a custom variant of StringFog with its own cipher. The goal was to identify the encryption algorithm, port it to Python, and bulk-decrypt all string payloads in the decompiled source tree to find the flag.</p>