HTB

Challenge Description The malware forensics lab identified a new technique for hiding and executing code dynamically. A sample that seems to use this technique has just arrived in their queue. Can you help them? SAW.apk Solution This is something that I think quite hard but yea another fun challenge. Static Analysis As usual, I started with jadx-gui for reading the decompiled Java code. 1 2 3 4 5 6 <activity android:name="com.stego.saw.MainActivity"> <intent-filter> <action android:name="android.intent.action.MAIN"/> <category android:name="android.intent.category.LAUNCHER"/> </intent-filter> </activity> It seems like there’s only one activity to focus on. I then have a look in it. Inside the MainActivity.java, there’s a few that I think its interesting and useful. ...

Challenge Description This app contains some unique keys. Can you get one? APKey.apk Solution Static Analysis The first step is always static analysis. I started by using jadx-gui to see the decompiled Java code. Looking into the AndroidManifest.xml, it looks like there’s only one activity which is MainActivity. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 <application android:theme="@style/Theme.APKey" android:label="@string/app_name" android:icon="@mipmap/ic_launcher" android:allowBackup="true" android:supportsRtl="true" android:roundIcon="@mipmap/ic_launcher_round" android:appComponentFactory="androidx.core.app.CoreComponentFactory"> <activity android:name="com.example.apkey.MainActivity"> <intent-filter> <action android:name="android.intent.action.MAIN"/> <category android:name="android.intent.category.LAUNCHER"/> </intent-filter> </activity> </application> Since it’s gonna be MainActivity, we could have a look at the code. Inside the code, we have something interesting. ...