jadx
-
Read more: HackerOne H1-702 – Challenge 3
Description: We could not find the original apk, but we got this. Can you make sense of it? Download APK: https://lautarovculic.com/my_files/challenge3_h1-702.zip We can see, unzipping the file, two files, base.odex and boot.oatBut, what are these files?OAT and ODEX files are binary formats used in the Android environment to optimize application execution. Each has a specific purpose related to the performance and precompilation of applications on the system. ODEX…
-
Read more: HackerOne H1-702 – Challenge 2
Description: Looks like this app is all locked up. Think you can figure out the combination? Download APK: https://lautarovculic.com/my_files/challenge2_h1-702.apk Install the apk with adb adb install -r challenge2_h1-702.apk And then, decompile with apktool apktool d challenge2_h1-702.apk We can see a PIN app, which have six numbers combination.So, we can simply try the 1.000.000 combinations (C= 10⁶ = 1.000.000) or look the source code. Open jadx (GUI Version) for analyze the code.The package name is com.hackerone.mobile.challenge2And…
-
Read more: HackerOne H1-702 – Challenge 1
Description: Someone chopped up the flag and hide it through out this challenge! Can you find all the parts and put them back together? Download APK: https://lautarovculic.com/my_files/challenge1_h1-702.apk Install the apk with adb adb install -r challenge1_h1-702.apk Then, decompile with apktool apktool d challenge1_h1-702.apk Let’s inspect the source code with jadx (GUI version)When the app is launched, we just see an blank activity with the text “Reverse the…
-
Read more: Protected: Instant – Hack The Box – @lautarovculic
There is no excerpt because this is a protected post.
-
Read more: LabyREnth CTF 2017 – 1 – EzDroid
Note: For this challenge, we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation Download APK: https://lautarovculic.com/my_files/EzDroid.apk Install the apk with adb adb install -r EzDroid.apk The app doesn’t launch, even if we start the activity with adb adb shell am start -n com.labyrenth.manykeys.manykeys/.EZMain So, let’s decompile it with apktool apktool d EzDroid.apk And let’s inspect the source…
-
Read more: BSides San Francisco CTF 2017 – flag-receiver
Description: Here is a simple mobile application that will hand you the flag.. if you ask for it the right way.P.S, it is meant to have a blank landing activity 🙂 Use string starting with Flag:Note: For this challenge, we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation Download APK: https://lautarovculic.com/my_files/flagstore.apk…
-
Read more: BSides San Francisco CTF 2017 – pinlock
Description: It’s the developer’s first mobile application. They are trying their hand at storing secrets securely. Could one of them be the flag?Note: For this challenge, we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation Download APK: https://lautarovculic.com/my_files/pinstore.apk Install the apk with adb adb install -r pinstore.apk Then, decompile with apktool apktool d pinstore.apk Notice…
-
Read more: LabyREnth CTF 2016 – 4 – Swip3r
Note: For this challenge, we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation Download APK: https://lautarovculic.com/my_files/c6acf741819c9632cffd12aec0b61aa0dcee0b9f262ccc24262fd8458512c85cPassword: infected Install the apk with adb adb install -r Swip3r.apk Then, decompile this with apktool apktool d Swip3r.apk The app crashes when we press the button give me the child.Let’s inspect the source code with jadx. There are two java classes.Pay attention, the MainActivity (Home) is Swip3r, no MainActivity.You…
-
Read more: LabyREnth CTF 2016 – 2 – Cups
Note: For this challenge, we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation Download APK: https://lautarovculic.com/my_files/3778e43f21797bb383108182fe200a928be8605ff5b078aaf4feac02850b91f4Password: infected After extract the file, we get the .apkInstall it with adb adb install -r ezFill.apk We can see a login activitySo, for understand what the app do, we need decompile it. apktool d ezFill.apk And open the apk file with jadx (GUI version) We have just one activity…
-
Read more: Sharif University CTF 2016 – Android App
Description: Find the Flag!!Note: For this challenge, we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation Download APK: https://lautarovculic.com/my_files/Sharif_CTF.apk Install the apk with adb adb install -r Sharif_CTF.apk Then, decompile with apktool apktool d Sharif_CTF.apk We can see an input that need a serial number for login.Let’s inspect the source code with jadx (GUI Version)The package name is com.example.ctf2 Here’s the MainActivity java code public class MainActivity extends…