frida
-
Read more: Mobile Hacking Lab – NoteKeeper
Description: Welcome to the NoteKeeper Application, where users can create and encode short notes. However, lurking within the app is a critical buffer overflow vulnerability. Your mission is to uncover this vulnerability and exploit it to achieve remote code execution. Download: https://lautarovculic.com/my_files/notekeeper.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-notekeeper Install the app with ADB adb install -r notekeeper.apk We can see how this notes app allows…
-
Read more: Mobile Hacking Lab – Strings
Description: Welcome to the Strings Challenge! In this lab,your goal is to find the flag. The flag’s format should be “MHL{…}“. The challenge will give you a clear idea of how intents and intent filters work on android also you will get a hands-on experience using Frida APIs. Download: https://lautarovculic.com/my_files/strings-MHL.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-strings Install the app with ADB adb install -r strings-MHL.apk…
-
Read more: NahamCon 2024 – Fly Away
Description: Lenny Kravitz lovers, this new app cleverly named “Fly Away!” can give you random lines from one of his most popular songs. Can you figure out how the songs are being sent to the app? Download: https://lautarovculic.com/my_files/flyaway.apk Install the APK with ADB adb install -r flyaway.apk This app was made in reFlutter. You need install it for proceed with…
-
Read more: CyberTruck Challenge 2019 – Android CTF
Description: A new mobile remote keyless system “CyberTruck” has been implemented by one of the most well-known car security companies “NowSecure Mobile Vehicles”. The car security company has ensured that the system is entirely uncrackable and therefore attackers will not be able to recover secrets within the mobile application. If you are an experienced Android reverser, then…
-
Read more: PwnSec CTF 2024 – FireStorm
Description: Descriptions are boring, just solve the challenge meh!Download content: https://lautarovculic.com/my_files/firestorm.zip Install the apk with ADB adb install -r FireStorm.apk Then, let’s decompile it with apktool apktool d FireStorm.apk Open jadx (GUI version) for look the Java code and inspect it.We can see in the MainActivity the following code public String Password() { StringBuilder sb = new StringBuilder(); String string = getString(R.string.Friday_Night); String string2 = getString(R.string.Author); String string3…
-
Read more: BSidesSF 2018 CTF – Reversing & Forensic Challenge
Download content: https://lautarovculic.com/my_files/bsides_2018.zip Install the APK with ADB adb install -r passwordVault.apk But first let’s take a look at the file passwordVaultDiskImage.We can see that ispasswordVaultDiskImage: XZ compressed data, checksum CRC64 We just need extract the file. 7z x passwordVaultDiskImage Try extract the new file again, there are a pew folder. This will drop a .fat file, we can use fatcat tool for inspect the content. fatcat…
-
Read more: HackerOne H1-702 – Challenge 2
Description: Looks like this app is all locked up. Think you can figure out the combination? Download APK: https://lautarovculic.com/my_files/challenge2_h1-702.apk Install the apk with adb adb install -r challenge2_h1-702.apk And then, decompile with apktool apktool d challenge2_h1-702.apk We can see a PIN app, which have six numbers combination.So, we can simply try the 1.000.000 combinations (C= 10⁶ = 1.000.000) or look the source code. Open jadx (GUI Version) for analyze the code.The package name is com.hackerone.mobile.challenge2And…
-
Read more: BSides San Francisco CTF 2017 – flag-receiver
Description: Here is a simple mobile application that will hand you the flag.. if you ask for it the right way.P.S, it is meant to have a blank landing activity 🙂 Use string starting with Flag:Note: For this challenge, we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation Download APK: https://lautarovculic.com/my_files/flagstore.apk…
-
Read more: 0CTF 2015 Quals CTF – Vezel
DescriptionEvermars says he is good at repackaging Android applications. For this challenge, we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation For download the APKhttps://lautarovculic.com/my_files/vezel.apk Install it with adb adb install -r vezel.apk We can see a text edit and an button.Let’s decompile the apk with apktool apktool d vezel.apk The package name is com.ctf.vezel Let’s inspect the source code with jadx.We just…
-
Read more: AHE17: Android Hacking Events 2017 (Why Should I Pay?)
For this challenge, probably we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation For download the APKhttps://team-sik.org/wp-content/uploads/2017/06/WhyShouldIPay.apk_.zip Install the apk with adb adb install -r WhyShouldIPay.apk And decompile the apk with apktool Load the apk to jadx-gui for see the source codeWe can see in the first activity that we have the VERIFY button, that give us an error.And the PREMIUM CONTENT button, that show us…