hooking
-
Read more: BSides San Francisco CTF 2017 – flag-receiverDescription: Here is a simple mobile application that will hand you the flag.. if you ask for it the right way.P.S, it is meant to have a blank landing activity 🙂 Use string starting with Flag:Note: For this challenge, we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation Download APK: https://lautarovculic.com/my_files/flagstore.apk…
-
Read more: Cyber Security Challenge 2015 – Reverse That App & Nviso VaultReverse That App Description: We have intercepted a malicious Android binary, and we need your help analyzing the application! Reports from the wild say that this piece of malware is sending text messages to a premium number, resulting in a huge phone bill for the victims! This needs to stop… Can you identify the mobile…
-
Read more: 0CTF 2015 Quals CTF – VezelDescriptionEvermars says he is good at repackaging Android applications. For this challenge, we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation For download the APKhttps://lautarovculic.com/my_files/vezel.apk Install it with adb adb install -r vezel.apk We can see a text edit and an button.Let’s decompile the apk with apktool apktool d vezel.apk The package name is com.ctf.vezel Let’s inspect the source code with jadx.We just…
-
Read more: AHE17: Android Hacking Events 2017 (Why Should I Pay?)For this challenge, probably we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation For download the APKhttps://team-sik.org/wp-content/uploads/2017/06/WhyShouldIPay.apk_.zip Install the apk with adb adb install -r WhyShouldIPay.apk And decompile the apk with apktool Load the apk to jadx-gui for see the source codeWe can see in the first activity that we have the VERIFY button, that give us an error.And the PREMIUM CONTENT button, that show us…
-
Read more: AHE17: Android Hacking Events 2017 (You Can Hide – But You Cannot Run)For this challenge, probably we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation For download the APKhttps://team-sik.org/wp-content/uploads/2017/06/YouCanHideButYouCannotRun.apk_.zip Use apktool for decompile the .apk file apktool d YouCanHideButYouCannotRun.apk And install the .apk with adb adb install -r YouCanHideButYouCannotRun.apk Launching the app we can see that we have a text that talk about encryption and a button. That say Start to Running if we press it. Let’s load the .apk to jadx for…
-
Read more: AHE17: Android Hacking Events 2017 (AES-Decrypt)For this challenge, we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation For download the APK https://team-sik.org/wp-content/uploads/2017/06/AES-Decrypt.apk_.zip Now, installing the APK, we can see a button and two text box for decrypt something. Then, let’s take around the code with jadx. Just we need this piece of Java…
-
Read more: Angler – Hack The Box – @lautarovculicDifficult: Medium Category: Mobile OS: Android Description: The skilled fisherman used his full strength and expertise to hook the fish. Can you beat him and set the fish free? First we’ll download the .apk file. The pass is hackthebox And then decompile with apktool ☝️🤓 apktool d Angler.apk The SDK version is 32, then we…
-
Read more: SAW – Hack The Box – @lautarovculicDifficult: Medium Category: Mobile OS: Android (SDK ≥ 29) Description: The malware forensics lab identified a new technique for hiding and executing code dynamically. A sample that seems to use this technique has just arrived in their queue. Can you help them? When you download the .zip file and extract them, we can see that…