pwnsec
-
Read more: PwnSec CTF 2024 – SnakeDescription: Make sure to run the mobile application on Android API 28 or less (Android 9 or less).Download content: https://lautarovculic.com/my_files/snake.zip Install the apk with ADB.NOTEIll use an AVD (Android Virtual Device) non-rooted from the Android Studio SDK. adb install -r snake.apk The UI app doesn’t have nothing interesting. But is good notice that the app ask for us about storage permissions.In fact, the AndroidManifest.xml file have Let’s decompile the app…
-
Read more: PwnSec CTF 2024 – FireStormDescription: Descriptions are boring, just solve the challenge meh!Download content: https://lautarovculic.com/my_files/firestorm.zip Install the apk with ADB adb install -r FireStorm.apk Then, let’s decompile it with apktool apktool d FireStorm.apk Open jadx (GUI version) for look the Java code and inspect it.We can see in the MainActivity the following code public String Password() { StringBuilder sb = new StringBuilder(); String string = getString(R.string.Friday_Night); String string2 = getString(R.string.Author); String string3…
-
Read more: PwnSec CTF 2024 – FireInTheHoleDescription: Great job, Mark! You encrypted the files, inserted them into the mobile application, and then forgot how to decrypt them. Seriously? Now, we have to figure out your mess. Well done! And by the way… YOU’RE FIRED!Download content: https://lautarovculic.com/my_files/fire-in-the-hole.zip Install the apk with ADB adb install -r FireInTheHole.apk We can see some wallpaper screen.Let’s check the source code with jadx (GUI version)But…
-
Read more: PwnSec CTF 2024 – ezmobileDescription: Just an ez mobile chall for n00bies.Download content: https://lautarovculic.com/my_files/ezmobile.zip Install the apk with ADB adb install -r ezmobile.apk Let’s inspect the source code with jadx. And the flag is in the res/values/strings.xml resources.We can also paste the flag decoded into the app for check the flag. Flag: PWNSEC{w3lp_n07h!ng_Sp3Ci4l_Just_4_Fl4g_!n_7h3_s7r!ng5_xml_f!l3} I hope you found it useful (: