Simpleapk

A funny challeng. At frist we found it will read the flag.txt and print it out, so we try to get the content of flag.txt like this:

cat /data/data/.com.ctf.xxx/xxx/flag.txt

But we know this not the correct answer. So I try the follow steps:

Strat the program
use gdb to attach the process
use gcore to get the memdump of process
string memdump | grep 0ctf

And then we done this. The real challenge is to found the code which has been hide. But I haven't analyse it.

VEZEL

Put the apk into Jeb, and then we can get the core code like follow:

public void confirm(View v) {
    if("0CTF{" + String.valueOf(this.getSig(this.getPackageName())) + this.getCrc() + "}".equals(
            this.et.getText().toString())) {
        Toast.makeText(((Context)this), "Yes!", 0).show();
    }
    else {
        Toast.makeText(((Context)this), "0ops!", 0).show();
    }
}

private String getCrc() {
    String v1;
    try {
        v1 = String.valueOf(new ZipFile(this.getApplicationContext().getPackageCodePath()).getEntry(
                "classes.dex").getCrc());
    }
    catch(Exception v0) {
        v0.printStackTrace();
    }

    return v1;
}

private int getSig(String packageName) {
    int v4;
    PackageManager v2 = this.getPackageManager();
    int v5 = 64;
    try {
        v4 = v2.getPackageInfo(packageName, v5).signatures[0].toCharsString().hashCode();
    }
    catch(Exception v0) {
        v0.printStackTrace();
    }

    return v4;
}

So the FLAG is: "0CTF{" + String.valueOf(this.getSig(this.getPackageName())) + this.getCrc() + "}" We use the above code to generate a apk to get the Flag.