We received a packed TPK file that we can just unpack with 7zip. Inside the “bin” folder we had number of interesting DLLs, the one that was the most interesting was the “TKApp.dll”, so we analyzed it with dnSpy.
We need to find the four variables:
The password is being checked in the function
OnLoginButtonClicked with the function
TKData.Password contains the encoded bytes:
public static byte Password = new byte
It is being decoded by the function
Using it on the encoded bytes and we will get the password: “mullethat”
Note variable is being calculated in the
Run it in C# and we will get: “keep steaks for dinner”
To find it, we see in the code that it takes it from the metadata file of the application, in our case:
tizen-manifest.xml, and takes the value of the key “its”:
tizen-manifest.xml we will find the value:
The value of
Step is “magic”.
In the code there is a place where it sets the value of the
exiftool we can see this value:
The value for
Desc is “water”.