Posts

Challenge Description Welcome to the Cyclic Scanner Challenge! This lab is designed to mimic real-world scenarios where vulnerabilities within Android services lead to exploitable situations. Participants will have the opportunity to exploit these vulnerabilities to achieve remote code execution (RCE) on an Android device. cyclicscanner.apk Solution I started by performing static analysis to get an understanding on what the application is doing. Static Analysis I started out by looking into the AndroidManifest.xml after decompiling using jadx-gui. ...

Challenge Description Welcome to the Strings Challenge! In this lab,your goal is to find the flag. The flag’s format should be “MHL{…}”. The challenge will give you a clear idea of how intents and intent filters work on android also you will get a hands-on experience using Frida APIs. Strings.apk Solution This is interesting challenge. I started with static analysis first. Static Analysis As usual, I used jadx-gui to have a look at the source code. ...

Challenge Description This challenge focuses on exploiting a security flaw related to the broadcast receiver in the “IOT Connect” application, allowing unauthorized users to activate the master switch, which can turn on all connected devices. The goal is to send a broadcast in a way that only authenticated users can trigger the master switch. IOT Connect APK Solution As usual, I started by performing static analysis and dynamic analysis to fully understand what the code is doing. ...