CTF - Twister [Android]

Description

Oh no! The twister picked up all of the flags! Now I don’t know which one is the real one! I’m pretty sure the real one is a bit heavier though…

File

twister.apk

Solution

Let’s run apk to see what happens once apk is launched:

As we can see it’s little messy. Let’s dive into the code: We can patch the apk to get the correct flag. As it is written in the description the real flag is heavier than others, we can modify the apk to have less messy display.

In the picture below, we can see invoke-virtual {V6, V9}, … ->SetPivotX

Y(F)V sets pivot for all the strings seen in video above

It used to determine the 2D position (x,y) so we could delete those lines. Now they rotate around 0,0.

It’s still a mess, so let’s figure out how to clean it up:

We see that there is a random call method to set random angle for rotation.

Patch to skip the random method call. We call v8 instead of v5, where v5 is a random angle and v8 is 360° (the maximum angle allowed in this case).

As it says in the description, the “heaviest flag” rotates alone after all the others.

Flag

CSC{ph0n3_w1nd}