Challenge Description Welcome to the “Guess Me” Deep Link Exploitation Challenge! Immerse yourself in the world of cybersecurity with this hands-on lab. This challenge revolves around a fictitious “Guess Me” app, shedding light on a critical security flaw related to deep links that can lead to remote code execution within the app’s framework. guessme.apk Solution I started out by performing static analysis. Static Analysis As usual, jadx-gui for reading the code. ...
Challenge Description Welcome to the Secure Notes Challenge! This lab immerses you in the intricacies of Android content providers, challenging you to crack a PIN code protected by a content provider within an Android application. It’s an excellent opportunity to explore Android’s data management and security features. securenote.apk Solution As usual, I start out by reading the code using static analysis Static Analysis To read the apk code, I used jadx-gui. ...
Challenge Description Welcome to the Cyclic Scanner Challenge! This lab is designed to mimic real-world scenarios where vulnerabilities within Android services lead to exploitable situations. Participants will have the opportunity to exploit these vulnerabilities to achieve remote code execution (RCE) on an Android device. cyclicscanner.apk Solution I started by performing static analysis to get an understanding on what the application is doing. Static Analysis I started out by looking into the AndroidManifest.xml after decompiling using jadx-gui. ...