You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1) Download the apk (and all the Tools if you do not have)<br>
2) Use Tool [2] and review source code directly into "com.example.secondapp" > "MainActivity"<br>
3) Use Tool [2] and review source code directly into "com.example.secondapp" > "MainActivity"<br>
3a) You will see Flag string at the bottom (line 26) <code>((TextView) findViewById(R.id.textView)).setText("Success! CTFlearn{" + editText.getText().toString() + "_is_not_secure!}");</code><br>
3b) in upper line you will see hash code (line 25) <code>if (DigestUtils.md5Hex(editText.getText().toString()).equalsIgnoreCase("b74dec4f39d35b6a2e6c48e637c8aedb")) {</code><br>
4) use Tools [3] to identfy the hash and find out it is MD5<br>
5) use Tools [4] to decrypt MD5 code in 3b)<br>
6) You will get the password<br>
7) use Tools [1] to open the apk<br>
8) enter the password and you will get the flag<br>
