How to decrypt encrypted files in an Android malware

http://www.youtube.com/v/DHZlFcMuZvI?version=3&f=user_uploads&app=youtube_gdata

This is a demo video, presented at RSA Conference Europe. It is meant to help reverse engineer deal with mobile malware that use encryption. Android/DrdLight uses DES encryption to encrypt one of its configuration file, prefer.dat. We show how easy (or not?) it is to decrypt the file, using Dalvik and Java decompilers. We spot the encryption key and encryption method, and copy / paste this in our own decryption code.

You Can Learn More About the Fortinet Product Line By Going to www.FirewallShop.com/Fortinet

The original article/video can be found at How to decrypt encrypted files in an Android malware

About the Author: Shannon Lewis

Leave a Reply Cancel reply