M 414: Chirp Hardcoded Password (10 pts)

What You Need for This Project

jadx-gui running on any system
You should have that already set up from previous projects

Purpose

To practice finding a hardcoded password in an app.

This is a real security issue, reported on April 15, 2024, here.

Installing jadx-gui

If you don't already have it, install jadx-gui on your host system as explained below.

You can use Windows or MacOS to run Jadx. Choose one of them and follow the instructions below.

Using 64-Bit Windows
Copy the in.gov.uidai.mAadhaarPlus_2018-09-26.apk file into your Windows machine.
Installing Java
First open Control Panal and uninstall all old Java versions.
Then open a Web browser and go here:
https://java.com/en/download/manual.jsp
Download "Windows Offline (64-bit)" version and install it. as shown below.

Installing Jadx on Windows
Go here:
https://github.com/skylot/jadx/releases/tag/v0.8.0
Download jadx-gui, as shown below.
Launch Jadx.

Using a Mac
In a Terminal, execute these commands:
brew install jadx jadx-gui

Analyze Chirp Access

Download this APK:

com.chirp.access.apk

Open the APK in jadx-gui.

Search for "password"

Flag M 414.1: Chirp Password (10 pts)
The flag is the hardcoded password, covered by a green rectangle in the image below.

Posted 4-15-24