/ Android hacking

[CTF Writeup] Garage4hackers Android (Broken Angel)

There was an Android challenge in the Garage4Hackers CTF. The apk was provided with the name brokenangel.apk

Installing the apk in the device and running it shows a simple screen where we are supposed to enter a password and click submit.
(You will have to sign the apk to install, even though this specific challege doesn't require you to install the app in order to get the flag.)

Upon decompiling with dex2jar the Android Manifest File reveals the following line:

<meta-data android:name="com.example.guest1.passcode_actf.key" android:value="9999999"/>

Checking the Main activity in jd-gui reveals that there is a comparison of the value supllied by the input box in app and a variable. If they are equal the flag will be revealed in the logcat output int he following format.

Log.i("debug", "If you think you've successfully recovered my passcode...enter actf{" + i + "} as the flag!");

Upon going through the onCreate() method it is found that the comparison is being made with the value we found in the manifest file earlier.

this.r = paramBundle.metaData.getInt("com.example.guest1.passcode_actf.key");

At this point we have the complete flag ( the value of i and the rest of the string.
On a seperate note the adb logcat obviously outputs the same .

Flag : actf{9999999}