-1

I have captured request content of a mobile app (iphone) through a proxy (Charles Proxy), but the content seems to be encoded which I want to decode into human-readable format. As the source of the encoding format is not known, I cannot decode it, I have tried several online tools with different source formats but none of it decode it properly. How to decode such content properly?

pv8WkNKPolGj6EgiYKNXzlGAOjGku5ewenklAlyQ58wpWcLBH7y4S0ZZ12JODvWSLpvoJbeffKgDxvaTMTt17qLUNKsiTroaldStWO5n+H1BdI+IXLFusgipOtpUUvnvbA52x0Gwi349bfXNCD9EamQBEPD8J+zreVtYwvgL9b7ohgvnoq2WXpOeHs9hTJnWEwAiLzPTocVDzr3kzLsMsB6N10X+pnJ/QODY3RDklqQeb5o6vzvTapgs5G/R2ZjsvzBTJ/u+DuLxulVfNUAKXGjh4CVAWjWzsymuxo1CaI7s3nPW17Kx9BNYxw37r4TKAqTMA+A0uP+NPi17KsC9ag==

UPDATE:

enter image description here

user1614862
  • 3,701
  • 7
  • 29
  • 46
  • How did you capture the content? Was it HTTP content? If so, you should know what the source is. If you are sniffing on encrypted data, then you may have to spend more years than you'll be alive to decrypt it and it is not a simple case of decoding it. – bill.lee Jul 17 '18 at 02:43
  • I mentioned above that I have captured it with an http proxy (Charles Proxy) which is running on my computer whereas app is running on my mobile, both computer and mobile are in the same WiFi network, I just added a screenshot of content captured in proxy above, it is a REST call and the content is a JSON payload. It's not an encrypted data instead it's an encoded data where request/response content is encoded with some algorithm(base64, utf-8..etc) and being sent over the network instead of a raw content. So, unless I look into the app code or server code,I do not know what algorithm is used – user1614862 Jul 17 '18 at 03:25
  • Is it BASE64? Which BTW it is just an intermediate encoder. – Giacomo Catenazzi Jul 18 '18 at 12:52
  • It seems that the content captured here is SSL encrypted, this app is doing something different before sending payload to the server (programmatically encrypted??), for all other apps (which are also using 128-bit SSL encryption) I am able to capture raw content within my network by trusting and handshaking the proxy's SSL certificates in my mobile device, but only for this app the content is not shown in plain text – user1614862 Jul 18 '18 at 23:49
  • In both screenshots, the HTTP body content has clearly been encoded in base64 (which is very unusual for HTTP/S or REST to do - are you sure it is not your capture tool doing that for display purposes?). In the case of the HTTP response, the body content has been compressed in gzip format before encoded in base64 – Remy Lebeau Jul 24 '18 at 02:06
  • No, my capturing tool is not doing anything, I can say this because when I capture the requests for other apps I am able to see the content in normal text, only for this app, it is showing like that. If the content is encoded in base64 as stated by you then I must be able to decode it with some online base64 decoder right? It's not happening, so this is not base64 encoded format for sure, it seems something encrypted by SSL certificate programatically. – user1614862 Jul 24 '18 at 21:16

1 Answers1

0

The request/response content is encrypted by java cryptography before sending it in the network using the AES cipher algorithm and cipher transformation is done with AES/CBC/PKCS5Padding. I am able to decrypt it by debugging APK code and finding the secret key used to encrypt the content. It's really another level of encryption before sending it in the network.

user1614862
  • 3,701
  • 7
  • 29
  • 46