CTF - Nowyouseeme [Android]
Solution for nowyouseeme apk
APK:
Solution :
We run app and get a Textview contains a hint. The hint says : “This is not a part of the module, making too hard.”
So the app doesn’t do anything else, let’s decompile the APK.
As I tought the app doesn’t do anything :
Let’s explore other class. There are FlagEngine and DataBridge :
FlagEngine :
The FlagEngine class calls a native compiled code in the lib directory. We are going to decompile this with Ghidra to figure out what it does.
There is a function called ‘getFlag’ that receives a parameters and XORs parameters with a key. Let’s retrieve the secret key to obtain the flag.
Next, we will to analyse the DataBridge class :
This class unzips a ZIP file, loads a class into memory and calls the getKey() method which returns the key to un-xor the flag.
We will unzip the ZIP file located in the assets directory and put secret.dex in Jadx and decompile it, and get the key.
To obtain the flag, I created an APK that runs native code with key to get flag :
Run app and voilà :
