Challenge description is "Patch this app", so we need to modify the application, and recompile, change bit something like that.
First I download the challenge file, the challenge provide mobile application ( apk ) file.
Just try to decompile with d2j-dex2jar to get a more readable source code with java version, and that will more easier to help you to understand with java language.
In MainActivity.class function, we can see the clearly at source code,
String isActivated = "0";
isActivated is already initialized with value "0"
in checkActivation() function
that compare isActivated with "1",
if not equal "You are not activated yet" bad boy message
if equal "Congraulations , You have patched challenge" good boy message.
so let's make a patch "0" to "1" at the isActivated variable.
first we need to decompile the apk file with apktool to get a smali code.
apktool d mcsc_misc2.apk
in ./mcsc_misc2/smali/myanmar/mcsc/challenge2/MainActivity.smali file
change "0"
to "1"
and recompile the smali source with apktool
apktool b mcsc_misc2/
the application needed to be signed before install at the android, I used the jarsigner to sign the applicaion.
Now, the patched application ready to install at the android.
Just click the CHECK PATCH button to get the flag!! yay!
Decrypted text: this is testing
just the fix with the flag format mcsc{} , and then I got the flag.
flag : mcsc{this is testing}
This is seventh challenge that I solved in MCSC2018.
but this time we are not first solver team.
Noted
Just updated text
12.07.2020
I want to say thank you to challenge creator.
No comments:
Post a Comment