# LAB - iOS: Insufficient Cryptography

In this lab environment, you will get access to a Debian machine, which has all the required tools installed on it for this lab, along with an IPA file.

**Objective:** Complete the following task and retrieve the flag.

* **Task 1:** You are provided with the first four characters of a Base64-encoded string: **"bm92"**. Your task is to find the complete original string from which this encoded fragment was derived.
* **Task 2:** Leverage your discoveries from Task 1 and follow a chain of clues to uncover and retrieve the secret flag.

**The following file can be useful:**

* **MySchool.ipa**: Present on the "Desktop/IPA-Files".

***

<figure><img src="/files/bnjqaA5gCeW1PC0Asao0" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/d4N6U8X7UwfMLJ5mxMbg" alt=""><figcaption></figcaption></figure>

```
unzip MySchool.zip
```

<figure><img src="/files/B81Iv7ttixtRIXMPnrw8" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/8bECdT4crl6fQXeqKqEd" alt=""><figcaption></figcaption></figure>

```
strings MySchool > output
ls
cat output | grep "bm92"
```

> We found the entire base64-encoded string: **bm92YXRlY2hfdXNlcjpzdXBlcnNlY3JldHBhc3N3b3JkQG5vdmF0ZWNo**

```
echo "bm92YXRlY2hfdXNlcjpzdXBlcnNlY3JldHBhc3N3b3JkQG5vdmF0ZWNo" | base64 -d
```

<figure><img src="/files/33sOYbHxl4OGKTEajzUN" alt=""><figcaption></figcaption></figure>

After decoding the Base64-encoded string, we discover what appears to be a set of credentials: `novatech_user:supersecretpassword@novatech` suggesting access to a service, API or system associated with `novatech`.

Let's try finding the URLs and retrieving the flag. NOW GREP by HTTP

<figure><img src="/files/dLBnW5cj8KzpQ0hXG9cz" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/y9Es9Z0kT4OEBL7I4W3M" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://eldeim.gitbook.io/brain_fuck/notes/certifications/eastereggs/ine-emapt/notes-ios/lab-ios-insufficient-cryptography.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.