Winja CTF, Quiz #2 — WriteUp

Tweet challenge
  • we can run strings command on it and analyze the complete mess of strings
  • Fire up Ghidra or IDA.
  1. Run the app in the emulator. We see the only input and it requires a correct password.
  2. Then I looked into AndoridManifest and discovered activity which is basically a web view but which is not exported 😢 From this guess I expect to find anything related to URLs as well.
  3. Save the output and scavenge anything related to password because the validator in the app displayed “Incorrect Password Detected”. Start from this.
save the output to .txt file
Search result
Secret in Ghidra
I won

--

--

--

Android GDE, Software Engineer with 8 years of experience, specializing in Android development. Chapter Lead @ TBC Bank. Amateur cyclist and runner

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Window Dressing: Building UIElements In Unity

Flutter with flutter_bloc and Graphql

How I got certified on HashiCorp Terraform Associate?

Space Creation on KeplerSwap

TITLE : Exploring Alarm Clock using MIT APP INVENTOR

Robot Framework + Selenium For Automation Testing (4) — Data driven testing with self defined…

How to deploy Microsoft Big Data Cluster on Charmed Kubernetes

How I built My Pantry, an app to keep those veggies fresh

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Merab Tato Kutalia

Merab Tato Kutalia

Android GDE, Software Engineer with 8 years of experience, specializing in Android development. Chapter Lead @ TBC Bank. Amateur cyclist and runner

More from Medium

Paper - HackTheBox [Writeup]

Writeup: CSRF where token is duplicated in cookie @ PortSwigger Academy

Android Pentesting-Setting up lab

Agent Sudo — TryHackMe Walkthrough