Giter VIP home page Giter VIP logo

ctf-practice-android's Introduction

About

Repository for practicing a Capture-The-Flag session.

Learning Goals

  • Do static analysis.
  • Do dynamic analysis.
  • Inject code through recompiling.

Mostly reverse engineering related...

Instructions

Grab the latest practice-CTF.apk file from the releases page.

  • Emulator Android's version must be 8.0 or higher.
  • DO NOT make use of the source code, /src. Pretend you have no access to the source code, but you may decompile the APK.
  • Do whatever else you want, use ChatGPT if you want, overcook and insert a malware into the APK...
  • There are 2 questions as of now, each with various hints and their own rules.

The solutions are in SOLUTIONS.md

Question 1 (Find Username)

Question: In the application, what is the actual username used to login?

Rules: None.

Hint 1 (Click to reveal)

 Decompile, and observe the flow of authentication function.

Hint 2

 How do you access an application's logcat?

Question 2 (Login)

Question: In the application, do a proper, successful login into a page that displays WIN.

Rules: Regardless of how you modify the APK or inject new code, you must do a proper login,
Requiring you to input a username and password into a field, then clicking the Login button,
bringing you into a page that displays WIN.

Hint 1 (You will likely need this...)

 Although the password seems to be randomly generated, they are actually consistently generated in a fixed set.
Ie. it is not true random, but just pseudo random.

Pseudo Random means a predictable random.
Imagine a rigged dice, that is programmed to roll 6 on every other roll.
Or a haunted coin, that lands on head during the night, and lands on tails during the day.

Hint 2

 How do you inject logging code into the APK?

Hint 3

 Log the password and attempt to authenticate a few times (~11 times). Everything will make sense after, hopefully...

Issues, Suggestions

For another issues or suggestions, post them in the Issue Tracker of the repository
I will accept Pull Requests as well.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.