android
-
Read more: PwnSec CTF 2024 – FireInTheHoleDescription: Great job, Mark! You encrypted the files, inserted them into the mobile application, and then forgot how to decrypt them. Seriously? Now, we have to figure out your mess. Well done! And by the way… YOU’RE FIRED!Download content: https://lautarovculic.com/my_files/fire-in-the-hole.zip Install the apk with ADB adb install -r FireInTheHole.apk We can see some wallpaper screen.Let’s check the source code with jadx (GUI version)But…
-
Read more: PwnSec CTF 2024 – ezmobileDescription: Just an ez mobile chall for n00bies.Download content: https://lautarovculic.com/my_files/ezmobile.zip Install the apk with ADB adb install -r ezmobile.apk Let’s inspect the source code with jadx. And the flag is in the res/values/strings.xml resources.We can also paste the flag decoded into the app for check the flag. Flag: PWNSEC{w3lp_n07h!ng_Sp3Ci4l_Just_4_Fl4g_!n_7h3_s7r!ng5_xml_f!l3} I hope you found it useful (:
-
Read more: BSidesSF 2018 CTF – Reversing & Forensic ChallengeDownload content: https://lautarovculic.com/my_files/bsides_2018.zip Install the APK with ADB adb install -r passwordVault.apk But first let’s take a look at the file passwordVaultDiskImage.We can see that ispasswordVaultDiskImage: XZ compressed data, checksum CRC64 We just need extract the file. 7z x passwordVaultDiskImage Try extract the new file again, there are a pew folder. This will drop a .fat file, we can use fatcat tool for inspect the content. fatcat…
-
Read more: Google CTF Quals 2018 – Shall We Play A Game?Description: Win the game 1,000,000 times to get the flag. Download APK: https://lautarovculic.com/my_files/shallweplayagame.apk Install the apk with adb adb install -r shallweplayagame.apk It seems to be the game of tic-tac-toe, and we need 1,000,000 games won to get the flag.If we lose, the application closes and the counter will return to 0. Our intention will not be to win 1,000,000 games in a row. But it will…
-
Read more: Ilam CTF 2018 – Android ReverseDownload APK: https://lautarovculic.com/my_files/ilam_ctf_2018.zip Install the APK with adb adb install -r app.apk We can notice that the app is totally broken, because it’s crash when we try to launch.Decompile the app with apktool apktool d app.apk Let’s proceed to inspect the source code it with jadx (gui version) See that the package name is com.example.ctf.ctf and there are just one activity.Which is MainActivity and this is the content public class…
-
Read more: HackerOne H1-702 – Challenge 3Description: We could not find the original apk, but we got this. Can you make sense of it? Download APK: https://lautarovculic.com/my_files/challenge3_h1-702.zip We can see, unzipping the file, two files, base.odex and boot.oatBut, what are these files?OAT and ODEX files are binary formats used in the Android environment to optimize application execution. Each has a specific purpose related to the performance and precompilation of applications on the system. ODEX…
-
Read more: HackerOne H1-702 – Challenge 2Description: Looks like this app is all locked up. Think you can figure out the combination? Download APK: https://lautarovculic.com/my_files/challenge2_h1-702.apk Install the apk with adb adb install -r challenge2_h1-702.apk And then, decompile with apktool apktool d challenge2_h1-702.apk We can see a PIN app, which have six numbers combination.So, we can simply try the 1.000.000 combinations (C= 10⁶ = 1.000.000) or look the source code. Open jadx (GUI Version) for analyze the code.The package name is com.hackerone.mobile.challenge2And…
-
Read more: HackerOne H1-702 – Challenge 1Description: Someone chopped up the flag and hide it through out this challenge! Can you find all the parts and put them back together? Download APK: https://lautarovculic.com/my_files/challenge1_h1-702.apk Install the apk with adb adb install -r challenge1_h1-702.apk Then, decompile with apktool apktool d challenge1_h1-702.apk Let’s inspect the source code with jadx (GUI version)When the app is launched, we just see an blank activity with the text “Reverse the…
-
Read more: Protected: Instant – Hack The Box – @lautarovculicThere is no excerpt because this is a protected post.
-
Read more: LabyREnth CTF 2017 – 1 – EzDroidNote: For this challenge, we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation Download APK: https://lautarovculic.com/my_files/EzDroid.apk Install the apk with adb adb install -r EzDroid.apk The app doesn’t launch, even if we start the activity with adb adb shell am start -n com.labyrenth.manykeys.manykeys/.EZMain So, let’s decompile it with apktool apktool d EzDroid.apk And let’s inspect the source…