I decompiled an iOS app and I saw the privatekey and method used to encrypt a string. I used charles to catch this data and have a string like this: Charles package data
/random1/name/BQPnTF9MX8A3FbV1V5jtFozQnSkNtBK5AFJyTnzBJZgFkXIZyWlvxd3LzH6eIQznMLW7U8V3M5FDU9j9zGrkajIc5VjqIS1q8Sy+L9tLPE51aIy0xlKVlRgqjWGe0HGUBBAtlTk+rOZEeR/+TODnEN79mYtgWTNpscRr9dy6DoWw7wvE7MiLIibdCjQ4PbcFQ/EpvIjgWOzCorbobYbEUoI/aw== HTTP/1.1
Then I looked at iOS code and saw their method deassembler
So I wrote a php server to decode this encrypted string:
require __DIR__ . '/../autoload.php';
$password = "e12d33re";
$base64Encrypted = "BQN7evDaWMlRXiOOeCEIkL6+3K2dLRKv/e9tYTxrSVMTojf6gMPL7hW7gfuYHt622CIlfon5vsGpv9ykM6WbbMPdH7Q56lcbRPA2KO9aquYR5fM8e0fGGb7AQzPs3G0CJAAYG0E9i8cG1VH3uVP6VWjK5LkpRuUOk8QuoG1j3eP0fUZVY8RSjKyFZpbLlDIrANg4T5DmkigVTEN82QYCbLv2Iw==";
$cryptor = new \RNCryptor\Decryptor();
$plaintext = $cryptor->decrypt($base64Encrypted, $password);
echo "Base64 Encrypted:
$base64Encrypted
";
echo "Plaintext:
$plaintext
";
But I cannot decrypt it.
I checked the version of it by the code and see that it is version 5
$base64Encrypted = "BQN7evDaWMlRXiOOeCEIkL6+3K2dLRKv/e9tYTxrSVMTojf6gMPL7hW7gfuYHt622CIlfon5vsGpv9ykM6WbbMPdH7Q56lcbRPA2KO9aquYR5fM8e0fGGb7AQzPs3G0CJAAYG0E9i8cG1VH3uVP6VWjK5LkpRuUOk8QuoG1j3eP0fUZVY8RSjKyFZpbLlDIrANg4T5DmkigVTEN82QYCbLv2Iw==";
$actualVersion = ord(substr(base64_decode($base64Encrypted), 0, 1));
I see rncryptor lib in ios binary file.
The first picture, i decrypt with private key sucessfully( They encrypted v4 string with RNcryptor) http: //i.stack.imgur.com/Kq5m1.png
The second picture, they used unknown method to encrypt, but surely 100% rncryptor( They don't encrypt v4 string) http: //i.stack.imgur.com/NfScg.png
