Skip to content

02

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

02

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
write-ups
write-ups
 
 
mobile-challenge02.zip
mobile-challenge02.zip
 
 
readme.md
readme.md
 
 

readme.md

Write-ups for TCTT2022/Mobile/02

Flag pattern

TCTT2022{xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}

Challenge Files

mobile-challenge02

Solution

  1. Let decompile the apk file. I prefer to use jadx
jadx ./challenge.apk

jadx_result

  1. Let look at line 47 in the strings.xml file in resources/res/values/.
    .
    .
    .
    <string name="first_fragment_label">First Fragment</string>
    <string name="hello_first_fragment">tctt2022{REDACTED}</string>
    <string name="hello_second_fragment">Hello World!\n\n . .t. .c. .t. .t. .2. .0. .2. .2. .\n{. .K. .4. .n. ._. .4. .N. .Y. .o. .N. .e. ._. .f. .1. .n. .d. ._. .O. .u. .R. ._. .H. .1. .d. .D. .E. .n. ._. .W. .O. .r. .l. .d. .}</string>
    <string name="hide_bottom_view_on_scroll_behavior">com.google.android.material.behavior.HideBottomViewOnScrollBehavior</string>
    <string name="icon_content_description">Dialog Icon</string>
    .
    .
    .

The interesting part is

<string name="hello_second_fragment">Hello World!\n\n . .t. .c. .t. .t. .2. .0. .2. .2. .\n{. .K. .4. .n. ._. .4. .N. .Y. .o. .N. .e. ._. .f. .1. .n. .d. ._. .O. .u. .R. ._. .H. .1. .d. .D. .E. .n. ._. .W. .O. .r. .l. .d. .}</string>
  1. After remove Hello World!\n\n , . . and other trash stuff, the result is tctt2022{K4n_4NYoNe_f1nd_OuR_H1dDEn_WOrld}