Writeups
CTF Writeups
-
Read more: BYUCTF 2025 – Baby Android 1 & 2Baby Android 1 Description: If you’ve never reverse engineered an Android application, now is the time!! Get to it, already!! Learn how they work!!Download: https://lautarovculic.com/my_files/baby-android-1.apk Install the APK file using ADB adb install -r baby-android-1.apk We can see a message when the app is launched: Too slow!! So, let’s analyze the source code with jadx.We can see the MainActivity class: package byuctf.downwiththefrench; import android.os.Bundle; import…
-
Read more: Pedometer – Hack The Box – @lautarovculicDifficult: HardCategory: MobileOS: Android Description: I’ve been using this pedometer app for weeks, and I am convinced it’s using me as a power supply for some hidden machine. I bet it holds the key or a map to some sort of treasure. If only I could figure out what it’s doing… Download the .zip file and extract this…
-
Read more: DroidPhish (Sherlock) – Hack The BoxDescription: Last night, most employees’ mobile devices were compromised, putting them at significant risk of leaking personal and private information. We require your expertise in digital forensics to help investigate this breach.Difficulty: EasyCategory: Mobile / Forensics Download the .zip file and extract with the password: hacktheblue file DroidPhish.dd Output: DroidPhish.dd: Linux rev 1.0 ext4 filesystem data, UUID=e98cc545-b7fe-4ba9-8b33-2fb9bba476d6, volume…
-
Read more: UniWA 2022 – CaptainHookDescription: Captain Hook has applied for a position in Squid Game 2022, but in order to take part into the game, he got asked to bypass the login screen of this app. Help him bypass it and he wont have the crocodile eat your hand. Download: https://lautarovculic.com/my_files/Captain_Hook.apk Install the APK file with ADB adb install -r Captain_Hook.apk We can…
-
Read more: UniWA 2022 – SeekNDestroyDescription: James Hetfield has applied a position in Squid Game 2022, but in order to take part into the game, he was asked to bypass the login screen of this app. Help him do this and he might find you a free ticket for the concert. Download: https://lautarovculic.com/my_files/Seek_N_Destroy.apk Install the APK with ADB adb install -r Seek_N_Destroy.apk We can…
-
Read more: UniWA 2022 – SlapAppDescription: A heard there is an easy way to make money. All you have to do, is slap 1.000.000.000 times. Download: https://lautarovculic.com/my_files/SlapApp-signed.apk Install the APK with ADB adb install -r SlapApp-signed.apk We can see a button that Slap.We need reach the 1.000.000.000 Let’s analyze the source code with jadx.We have two activities if we look into AndroidManifest.xml file: ShowFlag MainActivity We just need work with MainActivity class.This is the java code public class MainActivity extends…
-
Read more: UniWA 2022 – WarmupAppDescription: A new game is released, but not everyone are allowed to play. Can you get the access code? Download: https://lautarovculic.com/my_files/WarmupApp-signed.apk Install the APK with ADB adb install -r WarmupApp-signed.apk Let’s analyze the source code with jadx.The package name is com.example.warmupapp and in the MainActivity class we can get the flag. public class MainActivity extends AppCompatActivity { private Button getBtn; private boolean isUser = false; static { System.loadLibrary(“warmupapp”);…
-
Read more: UVT CTF 2025 – Jokes and InfoDescription: We found an apk. It is useless, or isn’t it? Download: https://lautarovculic.com/my_files/jokes_and_info.apkNOTE: This challenge makes a request to a host, which is probably no longer available at the time you are reading this write-up.You can learn anyway. Install the APK file with ADB adb install -r jokes_and_info.apk We can see some JSON cards information in the MainActivity.Let’s check the source code with jadx. In MainActivity we…
-
Read more: NahamCon CTF 2022 – Secure NotesDescription: None of the free note taking app offer encryption… So I made my own! Download: https://lautarovculic.com/my_files/secure_notes.apk Install the APK file with ADB adb install -r secure_notes.apk We can see that we need insert a 4-Digit PIN.If we insert any number, we get the Wrong password message. Let’s inspect the source code using jadx.The package name is com.congon4tor.securenotes. We have two activities in AndroidManifest.xml file: LoginActivity -> MainActivity also?¿?¿ -> PIN Screen MainActivity ->…
-
Read more: NahamCon CTF 2022 – MobilizeDescription: Autobots. ROLLL OUTT!!!!!! Download: https://lautarovculic.com/my_files/mobilize.apk Install the APK file with ADB adb install -r mobilize.apk This app doesn’t nothing haha. Just, extract the app with jadx or just unzip.Inside of res/values/strings.xml you can find the flag. Or just unzip mobilize.apk && strings resources.arsc | grep flag Flag: flag{e2e7fd4a43e93ea679d38561fa982682} I hope you found it useful (: