2019年06月

Mobile Photo Video Vault are commonly used to prevent access to sensitive data on the phone (such as images, videos, documents and so on). These Photo Video Vault usually offer a vault with your desired password. You can push any secret files to this vault and they would be secure, as the data present in vault is encrypted and would decrypt only when the correct password is entered. The Fake Calculator app is one such mobile Photo Video Vault which boasted that it “encrypts” and secures your confidential files. All this has now become a joke and we will see why!

Fake Calculator app allows you to pick a private passcode and “encrypts” pictures, texts, and any other data from the eyes of anyone who happens to look through your phone or device. For instance, an attacker who has access to the device should not be able to view the original files unless he knows the passcode. The idea is that even if an attacker pulls these files from the device, since they are encrypted, they would mean nothing but junk. But in case of Calculator app, it turned out that if an attacker pulls these encrypted files, he could easily get the original files in a matter of seconds.

The Fake calculator can not be hacked. Secret Calculator app is one of the best safe vault nowadays. If any can not enter the right passcode, the photo vault cannot be opened. Here is the way to hack NQ Vault for who need it. NQ Vault is one of best Photo Video Vault of Android device.

Breaking it step by step

I tried to verify this practically, and here is how easy it turned out to be:

1. Download and install the NQ Vault mobile app from App Store on any Android device. Set your desired passcode (say 000) secret calculator +.
2. Select any secret file (for example apple.png).

3. Now send the image to the NQ Vault using the app. This would mean the file apple.png is encrypted and should have been stored somewhere on the device. This is the message shown by NQ Photo Video Vault:

4. These so called “encrypted” files are stored on the SD card at the location /mnt/sdcard/SystemAndroid/Data. How do I know this? Well just by looking at SQLite files in this case. Also at the above mentioned location, there is a text file saved by the app which says:

5. But these encrypted files are hidden from the user. So initially a simple ‘ls’ on the folder does not reveal anything. But ‘ls’ with –a attribute would reveal all the hidden files, as shown in the following screenshot.

6. The next thing is to pull out this encrypted file to the local machine. I used the adb pull command for this purpose. As seen below, the file is stored with a .bin extension.

7. Now see the HEX representation of this encrypted file:

8. Now just XOR abc.png & the encrypted file:\

9. What this suggests is, based on the passcode selected by the user, it generates a “key” (30 in this case) and just XORs the user’s file with this key Photo Video Vault! Upon investigation, it turned out that this key value is always between 00 and ff, which means 255 possible values. As explained by NinjaDoge24, here are some of the passcodes and their corresponding key values:

Thus, an attacker who has access to the encrypted files just need to brute force XOR with 255 possible values to get the original files back!

Photo Vault App Recovery via ES File Explorer File Manager

Actually most photo video locker applications fall in 2 types :
1) Hiding using Encryption
2) Hiding in dot folders (Example: .foldername)

For the first type, you have a very less chance of photo vault apps picture recovery unless you know a very good decrypted application or someone who is familiar with that method. For the second type just as the photo vault app, you might as well rely on an explorer that is capable of exposing the dot folders (hidden folders whose name begin with a dot.), such as ES File Explorer File Manager.

ES File Explorer File Manager is able to show hidden files. As it shows, you’ll see the hidden files and folders to check for the photos/videos in the application folder where it is installed. If not, search the photo and video formats by using willcard characters.

Steps to recover deleted photos from vault app:
  1. Install Es File Explorer File Manager and launch it.
  2. Navigate to settings and enable the option “show hidden files”. Now back to home directory search the folder “. My security”. Then open the folder and you’ll get many files named like “24ad4ca5”.
  3. Go to search option, select “advanced options”. Input the size 10kb-10mb which may be vary with size of video. Select “all files” and press search photos vault app.
  4. You’ll get the files with different extensions. Try to open them as image or video.
  5. Change the extensions of files into jpg/mp4 by using multirename tool.


Imagine that you have moved your precious photos in the Fake Calculator photo vault apps and you uninstall the app without getting those photos out of the vault. In this case, you’re able to recover the photos with ease by re-installing the Fake Calculator. But if you happen to not have apk file of the vault, then you’ll be in trouble. This post will walk you through it with solutions below, please read on and find the answer.

Now you have finally done. You can move the pictures/videos to custom folder. Another way is connecting the iOS phone to PC to search photos and videos on this device. Just enable hidden files through control panel> Folder options, then search with a wildcard character and file format.

↑このページのトップヘ