JSON data decryption

I would say you are right so far, but this is just guessing so far (probably right though :)).

Yes, I think reverse engineering the application binary is your next step. If you identify the encryption function and the key, then you can reimplement the crypto functions in say, python, and decrypt/encrypt your values as you like.

So,

  1. Get your hands on the application binary. (either extract it from the phone (might need to jailbreak it), or download the IPA from iTunes, more info here)

  2. Run a "strings" on the application. It can results in many interesting strings, it might even list you the encryption key or some clues about what algorithm is used.

  3. Use a static debugger, such as IDA Pro or Hopper (need to support ARM) to peek into the binary. If you are lucky it has the function names, which could help you greatly to find what you are looking for. If not, you could try to search for known crypto constants in the binary. Check out my answer about that here. Also check out this and this. If you found a constant used in the crypto function, you can cross-reference where that constant is accessed/used, and eventually you will find the key as a parameter or static variable used by the crypto function.

  4. If all else fails, you will have to use a dynamic debugger (such as GDB), and attach to the process running on the phone and work from there. Find a piece of data that you know for sure that it will be eventually encrypted, and trace the function calls accessing that data until it's encrypted.

Don't forget about the Reverse Engineering and Crypto stackexchange sites, and of course google a lot! ;)

Tags:

Aes

Decryption