code hacking, zen coding


CSAW 2011 Android2 Write-up

In this challenge we get an Android .apk with a crackme application

I used Ded+Sooth to decompile the apk. We can see the application was made with the app generator tool AppInventor so we search for a Screen1.class which we find in: appinventor/ai_stratos/CSAW2011CTF/

Ded cannot fully decompile this class file, we get an exception so we will have to work with the intermediate Jasmin file.

It's a large file but after a bit of staring we locate this section:

2426 .method static lambda8()Ljava/lang/Object;
2427     .limit stack 4
2428     .limit locals 0
2429     getstatic appinventor/ai_stratos/CSAW2011CTF/Screen1/Lit26 Lgnu/mapping/SimpleSymbol;
2430     getstatic appinventor/ai_stratos/CSAW2011CTF/Screen1/Lit23 Lgnu/mapping/SimpleSymbol;
2431     ldc "bdd2e9488929399071a72991e196e6d0"
2432     getstatic appinventor/ai_stratos/CSAW2011CTF/Screen1/Lit10 Lgnu/mapping/SimpleSymbol;
2433     invokestatic com/google/youngandroid/runtime/setAndCoerceProperty$Ex(Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
2434     areturn
2435 .end method

Hash ? Lets try that.. validated. So this was the key: bdd2e9488929399071a72991e196e6d0


Posted by aXs

Tagged as: , , , Comments Off
Comments (0) Trackbacks (0)

Sorry, the comment form is closed at this time.

Trackbacks are disabled.