Posts

Challenge Description This challenge focuses on exploiting a security flaw related to the broadcast receiver in the “IOT Connect” application, allowing unauthorized users to activate the master switch, which can turn on all connected devices. The goal is to send a broadcast in a way that only authenticated users can trigger the master switch. IOT Connect APK Solution As usual, I started by performing static analysis and dynamic analysis to fully understand what the code is doing. ...

Challenge Description The malware forensics lab identified a new technique for hiding and executing code dynamically. A sample that seems to use this technique has just arrived in their queue. Can you help them? SAW.apk Solution This is something that I think quite hard but yea another fun challenge. Static Analysis As usual, I started with jadx-gui for reading the decompiled Java code. 1 2 3 4 5 6 <activity android:name="com.stego.saw.MainActivity"> <intent-filter> <action android:name="android.intent.action.MAIN"/> <category android:name="android.intent.category.LAUNCHER"/> </intent-filter> </activity> It seems like there’s only one activity to focus on. I then have a look in it. Inside the MainActivity.java, there’s a few that I think its interesting and useful. ...

Challenge Description This app contains some unique keys. Can you get one? APKey.apk Solution Static Analysis The first step is always static analysis. I started by using jadx-gui to see the decompiled Java code. Looking into the AndroidManifest.xml, it looks like there’s only one activity which is MainActivity. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 <application android:theme="@style/Theme.APKey" android:label="@string/app_name" android:icon="@mipmap/ic_launcher" android:allowBackup="true" android:supportsRtl="true" android:roundIcon="@mipmap/ic_launcher_round" android:appComponentFactory="androidx.core.app.CoreComponentFactory"> <activity android:name="com.example.apkey.MainActivity"> <intent-filter> <action android:name="android.intent.action.MAIN"/> <category android:name="android.intent.category.LAUNCHER"/> </intent-filter> </activity> </application> Since it’s gonna be MainActivity, we could have a look at the code. Inside the code, we have something interesting. ...