CtrlK

Injured Android

This flag was quite simple. After loading the APK into JADX and viewing the source code for the activity, the flag is revealed.

Flag 2 - Exported Activity

Looking at the manifest.xml, there is an exported activity that is directly above the flag2 activity.

Drop into an ADB shell and run the exported activity.

adb shell
am start b3nac.injuredandroid/.b25lActivity

Flag 3 - Resources

Viewing flag 3 login activity.

Checking strings.xml for the reference reveals the flag.

Viewing the activity for login2.

Viewing the method g().a()

Base64 decode the value to reveal the flag.

Flag 5 - Exported Broadcast Receiver

This one was straight forward, open the level 3 times to get the flag.

Viewing the login activity.

Viewing the method k.a

It shows that the key is generated from f1917a.

Decode the value to find the flag.

Flag 7 - SQLite

The database only exists while the activity is open.

Connect via adb.

View the tables.

Viewing the flag7 activity class.

Decode the value to reveal 'f1ag-pa55'.

The other value needs to be ROT47 decoded

Flag 8 - AWS

There was a mention of AWS in the strings.xml file.

Used cloud_enum to search for any cloud resources. Found an open S3 bucket.

Flag 9 - Firebase

There is a Firebase URL referenced in strings.xml

Base64 decode the value.

Access the endpoint using the .json trick.

PreviousMobile NextDIVA

Last updated 1 year ago