Decrypting ‘Secret Calculator Photo Vault’

Snippet of Application from Android Play Store

Calculator applications that store more than you think on the face value are becoming more common. Recently I assisted with a request to decrypt data stored in one such application. Luckily, the investigator already had the PIN to the application and could manually view the files. Manual examination is always the bare minimum aim with this type of application but given the opportunity we want the files decrypted so we can better interact with the them and potentially gain more information.

Secret Calculator Photo Vault: Hide Keep Safe Lock’ uses ‘Military Grade Encryption AES-256 bit‘ to keep files safe within the application. The developers also make the following statement: ‘Secret Calculator’s architecture was developed with the help of data security consultants experts to make sure that nobody, including our team, will be able to access your private photo locker without knowing your pass phrase, even if your device is stolen!‘. To a point this is correct, but it will be demonstrated later in the post how access to the encrypted files can be granted.

Examination into the application identified the following key locations:

Data
/data/data/com.photovault.secret.calculator
Media Files
…/files/calculator_encrypted_DoNotDelete
Table of Key Artefact Locations

Normally having the PIN identified first makes sense but in this case showing the process used to encrypt / decrypt the media files is better suited before hand.

Media Files

Interestingly in this case the media files are stored under subfolders of the application files, rather than on the emulated SD card, so acquiring the data may not be as straight forward.

Tree View of Encrypted Files Directory

Media files are encrypted and stored within subfolders respective to their contents ‘pics’ and ‘vids’. ‘vid_thumbnails’ exists storing one file per video in the main ‘vids’ folder. Files are stored with randomly assigned GUIDs with appropriate extensions.

The media files are encrypted using a method seen in a previous post, Decrypting ‘Apps Lock & File Encryption — GOLD version’, Facebook Conceal API. As a reminder, the Facebook Conceal API is designed for ‘Efficient storage encryption for Android’ and utilises AES_GCM encryption under the hood.

Facebook Conceal provides documentation around the structure of the encrypted files. The IV can be a variable length depending on how the developer implements it.

The below illustration shows the structure of the encrypted file header.

Encrypted File Header
File StartAlways 0x01
Key Type0x01 (128bit) 0x02 (256bit)
IV24 bits long
Encrypted DataLength Varies
Key Features of Encrypted File

Files encrypted in this application are done so using a 256 bit key with a 24 bit IV.

The encrypted data continues to the end of the file up to the last 32 bits which is the GCM Authentication Tag (Auth Tag). The Auth Tag is used to verify the encrypted / decrypted data. It isn’t required for the purposes of decrypting the data but can be used to verify the integrity.

Encrypted File Footer

Decrypting the Media Files

There are 2 key parts to the encryption / decryption process and the first part is linked to the PIN set for the application. All required details for both parts are stored in the file ‘AppPreferences.xml’ found within the ‘shared_prefs’ folder.

AppPreferences.xml Preview

Initially a PBKDF2 key is generated. In order to generate a PBKDF2 key several elements are required; salt, password, iterations, key length and hash mode.

Some of the values are hard coded in this application and are as follows:

Iterations4096
Key Length64 bit
Hash ModeSHA256

As for the remaining values, the salt and the password. The salt is identified within the ‘AppPreferences.xml’ as the tag ‘pbkdf2_salt‘. This value decoded from Base64 and represented as hex provides the salt required to generate the PBKDF2 Key. The password, in this case a PIN, is not saved on the device (which I will cover later) so it deals with it on the fly. In the case of my tests it was 1234 which I could use with the details above to generate my PBKDF2 key. Easily accomplished with CyberChef:

CyberChef Generating PBKDF2 Key Generation

To make it a bit easier to keep track of, I will call this the Primary Key. The resultant Primary Key is used later in the process.

The next value requiring attention is the ‘symmetric_encrypted_files_encryption_key‘, which is encrypted using the Facebook Conceal API, in other words AES_GCM. The value first needs to be decoded from Base64 and then converted to hex revealing the structure:

Encrypted String

As with the encrypted media files the encrypted key starts with the standard 0x01 indicator followed by the key length indicator, again 256 bit. Next is the IV then followed by the encrypted data, when decrypted produces a 64 bit key. The remainder of the data is the Auth Tag but isn’t strictly a requirement as the data can be decrypted without it. Using the Primary Key and the IV identified within the symmetric key it is possible to decrypt the encrypted data above, producing the Master Key. In this example the data would be as follows:

IV
b51ad7d4d6b37743eee8265c
Encrypted Data
be678f7cfd17a37acbe007d330478270bead5a713d3df2141b150bb483654e99
Master Key
14d7cbaa2187530de9959fb2241db96fa022980c7dd05296f4458c0e53c6595b
Data from Symmetric Key Decryption

Decrypting using AES_GCM does not always work in tools such as CyberChef which is why I haven’t included its use. The next stage would be to decrypt the media files as the master key, required to decrypt them, is now known.

The PIN

The process above requires the users PIN to be known as the PIN is used to create the primary key, without that there is no way to decrypt the symmetric key. My issue was understanding how the application was verifying the user PIN and what I didn’t realise was that it only checks at the end of the decryption process. This is done using the value ‘hashed_files_encryption_key‘ from the same AppPreferences.xml file.

Once the user enters any passcode into the application, the PBKDF2 key is generated and regardless of whether it is correct or not, it is used to decrypt the symmetric key, the result being the master key. However, it is not guaranteed to be correct. Upon completing those cryptographic functions the generated master key is taken from hex and run through the SHA256 hashing algorithm. The result is then compared to the Base64 decoded value stored as ‘hashed_files_encryption_key‘. If it matches the user got the right PIN, if it doesn’t nothing will happen and no decryption of media will take place, with access to the application not granted. The diagram below should make this more clear:

Key Generation and Decryption Diagram

Encrypting the data in this way means that the correct PIN needs to be known in order to decrypt data. If the PIN was not known it would need to be brute forced, taking each possible PIN and running it through the above process in order to make the comparison.

Conclusion

A very interesting scenario where the PIN was already known removing the requirement to understand how the PIN verification function worked. However, to make it more practical for any future involvement with the application it was necessary to do so. Without the PIN, decryption of the files is not possible meaning the PIN needs to be provided or brute forced.

Facebook Conceal API made another appearance, along with a first time appearance of PBKDF2 Key generation. Coupled together made for a more difficult time understanding the inner workings.

I have created a script which just needs adjusting to properly implement the bruteforce function before it is made available. I have also now created a GitHub which can be found here. There is currently only the original script made for dealing with MEO file encryption: https://theincidentalchewtoy.wordpress.com/2021/11/09/meo-file-encryption-software/.

I would always encourage feedback so if you found this helpful etc then hit me up in the comments on here or my twitter @4n6chewtoy.

One thought on “Decrypting ‘Secret Calculator Photo Vault’”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create your website with WordPress.com
Get started
%d bloggers like this: