challenges
Game 24
We have an Android APK file to reverse engineer:
1
2
| ❯ file suninatas24
suninatas24: Android package (APK), with AndroidManifest.xml, with APK Signing Block
|
Decompile the APK using jadx (rename the file with
.apk extension first):
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| public class MainActivity extends Activity {
@Override
public void onCreate(Bundle bundle) {
super.onCreate(bundle);
setContentView(R.layout.activity_main);
((Button) findViewById(R.id.btn_send)).setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View view) {
EditText editText = (EditText) MainActivity.this.findViewById(R.id.input_pw);
EditText editText2 = (EditText) MainActivity.this.findViewById(R.id.input_key);
Editable text = ((EditText) MainActivity.this.findViewById(R.id.input_id)).getText();
Editable text2 = editText.getText();
Editable text3 = editText2.getText();
if (text3.toString().equals("https://www.youtube.com/channel/UCuPOkAy1x5eZhUda-aZXUlg")) {
MainActivity.this.startActivity(new Intent("android.intent.action.VIEW",
Uri.parse("http://www.suninatas.com/challenge/web24/chk_key.asp?id=" +
text.toString() + "&pw=" + text2.toString() + "&key=" + text3.toString())));
return;
}
new AlertDialog.Builder(MainActivity.this).setMessage("Wrong!").show();
}
});
}
}
|
The code reveals a hardcoded validation: the key field
must equal
https://www.youtube.com/channel/UCuPOkAy1x5eZhUda-aZXUlg.
Construct the URL with a test account and the hardcoded key:
1
| http://www.suninatas.com/challenge/web24/chk_key.asp?id=testuser&pw=testpass&key=https://www.youtube.com/channel/UCuPOkAy1x5eZhUda-aZXUlg
|
This triggers the backend verification which returns the auth
key.
Auth_key = StARtANdr0idW0r1d