Winja CTF, Quiz #2 — WriteUp

Tweet challenge
  • Fire up Ghidra or IDA.
  1. Then I looked into AndoridManifest and discovered activity which is basically a web view but which is not exported 😢 From this guess I expect to find anything related to URLs as well.
  2. Save the output and scavenge anything related to password because the validator in the app displayed “Incorrect Password Detected”. Start from this.
save the output to .txt file
Search result
Secret in Ghidra
I won

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Merab Tato Kutalia

Merab Tato Kutalia

Android GDE, Software Engineer with 8 years of experience, specializing in Android