droid2 picoCTF Reverse Engineering writeup

-

Description

Find the pass, get the flag. Check out this file.
 
Solution 
 
lets decompile the app using jadx-gui 
 
Link to download jadx-gui
 
wget https://github.com/skylot/jadx/releases/download/v1.1.0/jadx-1.1.0.zip
unzip jadx-1.1.0.zip -d jadx
cd jadx
./jadx-gui   
 
 
Lets launch and open two.apk and seek to com.hellocmu.picoctf.FlagstaffHill

 
 
 
 
At this function we have seen an array containing string and the if condition is trying to access the array.
 
Above that there is a variables and i try to represent those like this 
 

 
then I create a simple python program because I don't like in Java for real.

here is the program

 
 
 
 Now, lets try this password 
 
dismass.ogg.weatherwax.aching.nitt.garlick
 
Flag:
picoCTF{what.is.your.favourite.colour}
 


 

Comments

Post a Comment

Popular posts from this blog

flag [pwn]pwnable.kr game writeup

-
Image
                                flag [pwn]pwnable.kr game writeup Description Papa brought me a packed present! let's open it. Download : http://pwnable.kr/bin/flag This is reversing task. all you need is binary     Step-1: As the description says the binary is packed so lets see if we can do smtg.  UPX 😋 Step-2: Lets unpack the binary Step-3: Lets disassemble and get the flag........................... Personally I use radare2 mostly  Flag: UPX...? sounds like a delivery service :)
Read more

Malware Development Basics

-
Image
  Malware is malicious software specifically designed to damage, steal, or exploit information from computer systems and networks. It can take various forms, such as viruses, worms, Trojans, ransomware, and spyware. Developing, distributing, or using malware is against the law and can lead to severe legal consequences, including fines and imprisonment. It is essential to use your programming skills for legitimate and ethical purposes, such as creating useful applications, enhancing cybersecurity, and contributing positively to the digital world. If you are interested in cybersecurity, ethical hacking, or learning how to protect computer systems from potential threats, there are legitimate and legal ways to pursue knowledge and training in these fields. There are various courses, certifications, and resources available that focus on ethical hacking and cybersecurity practices. By choosing the ethical path, you can contribute positively to society and help create a safer and more sec...
Read more

How to disassemble stripped binary

-
Image
Disassemble stripped binary A stripped binary is a program that is compiled with a strip flag that tells the compiler to discard these debugging symbols and compile to program  Simply, A binary with no debugging symbol  In GCC if we want strip a binary we can compile with -s option/parameter In normal program debuggers like GDB disassembles a binary using those mechanisms Debug Information: GDB relies on debug information that is often generated during the compilation of a program with debugging symbols enabled. These symbols provide a mapping between the source code and the corresponding machine code instructions. Symbol Table: The debug information includes a symbol table that associates functions, variables, and other code elements with their memory addresses and data types. This information is crucial for GDB to understand the structure of the program.   So lets cut to the chase Here is how we disassemble stripped binary  I have created some c program for te...
Read more