http://qtnes.com/tags/obfuscation/Recent content in Obfuscation on QtnesHugoen-usWed, 15 Apr 2026 00:00:00 +0000http://qtnes.com/posts/3---smoke---bypassing-stringfog-and-decoding-a-custom-string-cipher/Wed, 15 Apr 2026 00:00:00 +0000http://qtnes.com/posts/3---smoke---bypassing-stringfog-and-decoding-a-custom-string-cipher/<h2 id="overview">Overview</h2> <p>Smoke was a StringFog challenge. StringFog is an open-source Android string obfuscation tool that transforms every string literal in the bytecode into an encrypted hex payload, decoded on demand by a runtime method injected into the class. The goal is to make static analysis significantly harder: decompiling the APK produces no human-readable strings, only opaque calls like <code>AbstractC0006a5.o(&quot;e30385842152b38cc3ab85&quot;)</code>.</p> <p>The challenge used a custom variant of StringFog with its own cipher. The goal was to identify the encryption algorithm, port it to Python, and bulk-decrypt all string payloads in the decompiled source tree to find the flag.</p>