http://qtnes.com/tags/rc4/Recent content in Rc4 on QtnesHugoen-usThu, 16 Apr 2026 00:00:00 +0000http://qtnes.com/posts/6---deaddrop---emulating-an-mqtt-bot-to-recover-a-flag/Thu, 16 Apr 2026 00:00:00 +0000http://qtnes.com/posts/6---deaddrop---emulating-an-mqtt-bot-to-recover-a-flag/<h2 id="overview">Overview</h2> <p>DeadDrop presented an Android malware sample that used MQTT as its C2 channel, with RC4 encryption on every message. The challenge was to reverse the network protocol, recover the broker credentials and encryption keys from the APK, and then write a bot emulator that could register a fake device and trigger flag delivery.</p> <h2 id="decoding-the-config">Decoding the Config</h2> <p>The APK&rsquo;s <code>Cfg.java</code> class stored all configuration values as Base64-encoded strings. This is a minimal evasion technique — strings won&rsquo;t appear in a naive grep for IP addresses or credentials — but a single Base64 decode reveals everything:</p>