|    |    |    | Today: 28-Mar-2017 |

[Write-up] RC3 CTF : My Lil Droid

November 22, 2016 | Posted in How to

Tittle : My Lil Droid
Category : Forensics
Point : 100
Description : Sometimes not all files are needed.

Download Link: https://drive.google.com/file/d/0Bw7N3lAmY5PCOFNQZFgtSVlFZ3M/view?usp=sharing


- You probably don't have to run it



Given an APK we used The Unarchiver to open it up.

$ apktool d youtube.apk

I: Using Apktool 2.2.0 on youtube.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /Users/beefbabe/Library/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Baksmaling classes2.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...

Found interesting files under "unknown" directory.

- Fastest way

Let's begin to soring using grep

$ grep -r "2016" .

... cut
./youtube/unknown/build-data.properties:build.tool=Blaze, release blaze-2016.04.14-4 (mainline @119748905)
./youtube/unknown/build-data.properties:build.time=Tue May 31 15\:02\:21 2016 (1464732141)
Binary file ./youtube.apk matches

Voila, but it was base64 decoded which UkMz base64 from RC3 and R09URU0yMQ== from GOTEM21
So after decoding this base64 can submit the flag.

Flag : RC3-2016-GOTEM21

- Slowest way

Check the youtube folder then go to unknown folder, there is a file name called build-data.properties

Let's check it.

Gotcha !

Taged in: Android, APK, ctf, forensics, rc3ctf, writeup, youtube