PicoCTF Writeup – droids0

# Information:

CTF Name: PicoCTF

CTF Challenge: droids0

Challenge Category: Reverse Engineering, Mobile Hacking

Challenge Points: 300

picoCTF 2019

# Used Tools:

# Challenge Description:

Where do droid logs go. Check out this file.

Hints: Try using an emulator or device. https://developer.android.com/studio

# Writeup

Well, this is an interesting challenge. Starting with the name we have droids, that automatically reminds me of Android.

We are provided with 1 file, zero.apk. After some googling I discovered that .apk extension is “An APK file is an app created for Android”, FileInfo.

Ok we know this much. Let’s now install Android studio so that we can open this file.

Step 1

I have Linux so I followed the Linux instructions at https://developer.android.com/studio/install but you can follow the ones that apply to your situation.

Step 2

Now that we have Android Studio installed we have to open zero.apk with Android Studio. To do so, launch Android Studio -> Open and select the zero.apk file.

Once Android Studio fully opens go to AVD Manager on the top right corner and create a new emulator device, I created the most recent one.

Once this is done, launch the emulator and wait until it is fully opened. Like this:

Step 3

We now have an emulator, however, to run the .apk file in the emulator we need to install the SDK Android tools, if they are not yet installed, to do so on Linux I did the following:

 mregra on Cyber $ sudo apt install android-sdk -y
 mregra on Cyber $ cd /bin/lib/android-sdk

After changing to the android-sdk directory I moved to the platform-tools folder.

In this folder we can see an executable file named adb. What we should do now is install the zero.apk into the emulator.

To do so I first recommend you to list all devices that you have on your machine by typing the command:

 mregra on Cyber $ adb devices
 List of devices attached
 emulator-5556	device

In my case I only have one device. But sometimes you can have more than one. If they are offline you can destroy them by running the command:

 mregra on Cyber $ adb kill-server

Now you can list again the devices to make sure you only have 1.

Finally you can install the zero.apk into the emulator that is already running.

To do so run the command:

 mregra on Cyber $ sudo adb install ~/hacking/droids0/zero.apk

Step 4

Now that we installed zero.apk in the emulator let’s go back to it!

As you can see in the second picture of the slide show above we have an application called PicoCTF marked with a red rectangle. I decided to click on it! This is the first page that I saw:

After a quick analysis of the application’s interface I noticed the [PICO] remark. I decided to insert that into the text box and then I clicked the button. The output is on the third image of the slide show above. After clicking the button I got the message: “Not Today…“.

I decided to analyse the Bug Logs of the emulator, to do so…:

In the first image of the slide show above you can see a red square that is marking the 3 dots. After clicking on it I was presented with the second image of the slide show, which is the Extended Controls for the emulator.

Once in this page I selected the option Bug report. Once I did I selected all of the Bug report data copied it and pasted it in a text editor.

Once in a text editor I simply searched for picoCTF{ and I found the flag!

The flag is:

Show flag
picoCTF{a.moose.once.bit.my.sister}


Thank you very much for reading!

Cheers,

MRegra


Share this post:

Popular posts

Leave a Reply

Your email address will not be published. Required fields are marked *