In this challenge we get an Android .apk with a crackme application
I used Ded+Sooth to decompile the apk. We can see the application was made with the app generator tool AppInventor so we search for a Screen1.class which we find in: appinventor/ai_stratos/CSAW2011CTF/
Ded cannot fully decompile this class file, we get an exception so we will have to work with the intermediate Jasmin file.
It’s a large file but after a bit of staring we locate this section:
2426 .method static lambda8()Ljava/lang/Object;
2427 .limit stack 4
2428 .limit locals 0
2429 getstatic appinventor/ai_stratos/CSAW2011CTF/Screen1/Lit26 Lgnu/mapping/SimpleSymbol;
2430 getstatic appinventor/ai_stratos/CSAW2011CTF/Screen1/Lit23 Lgnu/mapping/SimpleSymbol;
2431 ldc "bdd2e9488929399071a72991e196e6d0"
2432 getstatic appinventor/ai_stratos/CSAW2011CTF/Screen1/Lit10 Lgnu/mapping/SimpleSymbol;
2433 invokestatic com/google/youngandroid/runtime/setAndCoerceProperty$Ex(Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
2434 areturn
2435 .end method
2427 .limit stack 4
2428 .limit locals 0
2429 getstatic appinventor/ai_stratos/CSAW2011CTF/Screen1/Lit26 Lgnu/mapping/SimpleSymbol;
2430 getstatic appinventor/ai_stratos/CSAW2011CTF/Screen1/Lit23 Lgnu/mapping/SimpleSymbol;
2431 ldc "bdd2e9488929399071a72991e196e6d0"
2432 getstatic appinventor/ai_stratos/CSAW2011CTF/Screen1/Lit10 Lgnu/mapping/SimpleSymbol;
2433 invokestatic com/google/youngandroid/runtime/setAndCoerceProperty$Ex(Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
2434 areturn
2435 .end method
Hash ? Lets try that.. validated. So this was the key: bdd2e9488929399071a72991e196e6d0
