Don’t Overreact – Hack The Box – @lautarovculic

Don't Overreact hackthebox

Difficult: Very Easy

Category: Mobile

OS: Android (SDK 29)

Description: Some web developers wrote this fancy new app! It’s really cool, isn’t it?

Download the .zip file and extract with hackthebox password.

Let’s decompile the apk file with apktool

					apktool d app-release.apk

We can see that the SDK is 29, then we can use Android 12 API 31.

Install it with

					adb install -r app-release.apk

I can’t see any functions.

Let’s inspect the source code with jadx.

After see the source code, I look the assets folder and there are a file


And we can see an Javascript code ofuscated.

Let’s go to

And paste the code.

At the end, we can see:

					  function (g, r, i, a, m, e, d) {
    Object.defineProperty(e, "__esModule", { value: !0 }),
      (e.myConfig = void 0);
    var t = {
      importantData: "baNaNa".toLowerCase(),
      apiUrl: "",
      debug: "SFRCezIzbTQxbl9jNDFtXzRuZF9kMG43XzB2MzIyMzRjN30=",
    e.myConfig = t;

If we decode the base64 string

					echo 'SFRCezIzbTQxbl9jNDFtXzRuZF9kMG43XzB2MzIyMzRjN30=' | base64 -d



We get the flag.

I hope you found it useful (:

Leave a Reply

Your email address will not be published. Required fields are marked *