timer
Author: Loic Shema | 100 points
Description
You will find the flag after analyzing this apk
Download here.
Solution
For this challenge we are given an Android apk file. If you are not familiar with the apk format, it is a file format used by Android, and other Android-based operating systems, for distribution and installation of software. It's similar to deb packages if you've use Ubuntu/Debian.
The first action I perform when given a file is use the file program to retrieve the basic information of the file.
Once I see it's a zip archive, I unzip it after placing it in it's own directory and display it's contents.
Here we are interested in the classes.dex file, as it will contain the code we need to find the flag. But how do we decompile a dex file?... stackoverflow.
Once we follow the installation instructions for both dex2jar and jd-gui as explained in the stackoverflow post above, we can use them to decompile all three dex files and investigate them.
Now we open the jar files in JD-GUI, as shown below.
To find the flag we can open all three jar files in JD-GUI and use the Search tool to search for the string "pico" since we know this is what the flag string will start with.
We find it in the BuildConfig.class file.
Flag
The flag, found in BuildConfig.class, is picoCTF{t1m3r_r3v3rs3d_succ355fully_17496}
Last updated