Level: Medium
Tags: picoCTF 2023, Reverse Engineering, android
Author: MUBARAK MIKAIL
Description:
You will find the flag after analysing this apk
Download here.
Hints:
1. Decompile
2. mobsf or jadx
Challenge link: https://play.picoctf.org/practice/challenge/381
There are several ways to solve this challenge. Here are two solutions presented in increasing difficulty.
APK-files are simply a Zip-file and can be unpacked with a tool such as 7-Zip.
Unpack the APK-file and then just use grep recursively on all the unpacked files
Z:\CTFs\picoCTF\picoCTF_2023\Reverse_Engineering\timer\timer>grep -iR picoCTF *
apktool.yml: versionName: picoCTF{<REDACTED>}
smali_classes3/com/example/timer/BuildConfig.smali:.field public static final VERSION_NAME:Ljava/lang/String; = "picoCTF{<REDACTED>}"As you can see the flag was present in two different files.
A more sofisticated solution is to decompile the APK-file with Jadx-GUI and study the decompiled code.
Since the APK-file contains a lot of files, the fastest way to find the flag is to use the 'Text search' feature.
It is available both in the Navigation-menu and as a button on the tool bar.
In this case, searching for picoCTF just gives you one hit, in com.example.timer.BuildConfig
package com.example.timer;
/* loaded from: classes3.dex */
public final class BuildConfig {
public static final String APPLICATION_ID = "com.example.timer";
public static final String BUILD_TYPE = "debug";
public static final boolean DEBUG = Boolean.parseBoolean("true");
public static final int VERSION_CODE = 1;
public static final String VERSION_NAME = "picoCTF{<REDACTED>}";
}For additional information, please see the references below.