NahamCon 2024 – Kitty Kitty Bang Bang

Description: I found a cool android app to play with a cowboy cat! There’s has to be more going on with the app I can’t see on my screen…

NahamCon 2024

Install the APK with ADB

				
					adb install -r kittykittybangbang.apk
				
			

Let’s decompile it with apktool

				
					apktool d kittykittybangbang.apk
				
			

Also, we can inspect the source code with jadx (GUI version)

We can see in the MainActivity class the following java code

				
					public static final boolean onCreate$lambda$0(MainActivity this$0, View view, MotionEvent motionEvent) {
    Intrinsics.checkNotNullParameter(this$0, "this$0");
    Log.i("kitty kitty bang bang", "Listening for taps...");
    
    if (motionEvent.getAction() != 0) {
        return true;
    }
    
    Log.i("kitty kitty bang bang", "Screen tapped!");
    this$0.showOverlayImage();
    this$0.playSound(R.raw.bang);
    Log.i("kitty kitty bang bang", "BANG!");
    Log.i("kitty kitty bang bang", "flag{" + this$0.stringFromJNI() + '}');
    
    return true;
}
				
			

After a scare (I had the volume too loud) I noticed that the application reacts after a screen tap.
And that’s why app’s called Kitty and there’s a cat…

Just run logcat grepping flag string

				
					adb logcat | grep flag{
				
			

Flag: flag{f9028245dd46eedbf9b4f8861d73ae0f}

I hope you found it useful (:

Leave a Reply

Your email address will not be published. Required fields are marked *