Posts

Showing posts from October, 2018

Mobile Infosec Challenge Walkthrough

Image
This article aims to briefly document some techniques and tools involved in the vulnerability assessment process of android applications. For such purpose, we will solve the 2nd CTF challenge of Infosec institute (please, get the apk from  here ). " The goal of this challenge is to extract encrypted data plus its secret from a database embedded inside the application. Successfully decrypting the data reveals the flag." First of all, we simply launch the app in the android emulator. Here are the standard steps we will perform to understand the inner working of the application: 1.         Decompiling the apk 2.         Retrieving the source code 3.         Crafting the solution with a PoC 1) Decompiling the apk We use  apktool  to decompile the resources and the bytecode. Apktool output Decompiled folders and files We have a look at the android manifest, to have an overview of the components exported by the application.