Difficult: Very Easy
Category: Mobile
OS: Android (SDK 29)
Description: Some web developers wrote this fancy new app! It’s really cool, isn’t it?
Download the .zip file and extract with hackthebox password.
Let’s decompile the apk file with apktool
apktool d app-release.apk
We can see that the SDK is 29, then we can use Android 12 API 31.
Install it with
adb install -r app-release.apk
I can’t see any functions.
Let’s inspect the source code with jadx.
After see the source code, I look the assets folder and there are a file
index.android.bundle
And we can see an Javascript code ofuscated.
Let’s go to https://prettier.io
And paste the code.
At the end, we can see:
function (g, r, i, a, m, e, d) {
Object.defineProperty(e, "__esModule", { value: !0 }),
(e.myConfig = void 0);
var t = {
importantData: "baNaNa".toLowerCase(),
apiUrl: "https://www.hackthebox.eu/",
debug: "SFRCezIzbTQxbl9jNDFtXzRuZF9kMG43XzB2MzIyMzRjN30=",
};
e.myConfig = t;
},
400,
[],
);
If we decode the base64 string
echo 'SFRCezIzbTQxbl9jNDFtXzRuZF9kMG43XzB2MzIyMzRjN30=' | base64 -d
Output:
HTB{23m41n_c41m_4nd_d0n7_0v32234c7}
We get the flag.
I hope you found it useful (:
Leave a Reply