See challenge here
Use dex2jar tool to extract source code.
$~/Downloads/dex-tools-2.1-SNAPSHOT/d2j-dex2jar.sh UnCrackable-Level1.apk
Use JD-GUI to review the source code
$java -jar ~/Downloads/jd-gui-1.6.6.jar
Unzip apk to see lib/ folder
$tree lib
lib
├── arm64-v8a
│ └── libfoo.so
├── armeabi-v7a
│ └── libfoo.so
├── x86
│ └── libfoo.so
└── x86_64
├── libfoo.so
If you're a lazy person like me, I use strings first to see if anything comes up.
$strings lib/x86_64/libfoo.so
"Thanks for all t" maybe our flag to capture, but didn't pass entering to the App. Looks like the ending part is missing. So, use Ghidra or IDA free or Hopper Diassembler to see the bar function
Java_sg_vantagepoint_uncrackable2_CodeCheck_bar
some ascii code strings were found at the strncpy.
The second parameter is our flag to capture
"Thanks for all the fish"
沒有留言:
張貼留言