BackDoor 1: Walkthrough of NET-SQUARE Hacking Warm-Up Mobile Application Challenge
Recently got an opportunity to participate in a CTF (Capture-The-Flag) event which was organized by NET-SQUARE. They had their different set of challenges with respect to Mobile, Web, Network, Source Code, and Thick/Thin Client. So, there were few quite interesting mobile application challenges and here we will be discussing one of them.
Note: Those who want to explore and want to try the challenges on their own before reading the walkthrough can access the applications from the GitHub repository. The application can be downloaded from here. Kindly share your experience with me in the comment box.
Challenge Description: The application hides username and password inside the application and we need to find the credentials using various tools and techniques to log in.
Tools Used :
adb : command line tool that lets you communicate with device
apktool : command line tool for reverse engineering android applications
jadx-gui : tool for producing Java source code from Android Dex and APK files
Android Studio : official Integrated Development Environment (IDE) for Android app development
Device : Android Device/Android Studio Emulator/Genymotion Emulator
Connecting the device with a USB cable and entering a command for checking proper connectivity.
adb devices
The above command will list down all the connected devices/emulators.
The above exhibit shows the list of devices connected to the system
Note : Make sure to connect the android phone with debugging mode enabled for initiating the application installation process.
We can see the application after downloading from the above-given link:
The application can be installed in the device/emulator by a very simple command.
adb install <apk-name>
We can run the application on the device/emulator.
Welcome page!
The below image explains that the application has three activities i.e Information, Task, and Validate.
Let us move ahead with the Task activity which asks to enter the credentials.
We have jadx-gui in our bucket as an APK analyzing tool. Let’s reverse engineer the APK.
jadx-gui <apk-name>
After reverse-engineering the APK using jadx-gui, we can read the source code of the application and grab the credentials.
Now start reading the source code from TaskActivity.java
After observing the code we can see there are strings stored named as i.e Ustr and Pstr.
Tracing down the code we were able to find that the strings that are being stored in res/values/strings.xml
BINGO! We got the credentials!
Here, we go!
Note: The application will not validate the credentials as it is not connected to the server anymore.
Takeaways
Learned how to reverse engineer android application.
Learned how to read the application source code.
Never hard code data in application source code.