![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8WVMncYIm6BEPHAeuOL_RHxaqp0Hb1GzKXks9FUQXamQv_HGw623jAGX4SmneRMtiPHHnC64njSAPYRxMv9H-OFsi0UITccvLEOCas8T4vQSoEChQfY6wuPulgtxU8ewOwq5y5ZxHczo/s640/Screenshot+from+2018-01-30+23-41-30.png)
Challenge description is "Patch this app", so we need to modify the application, and recompile, change bit something like that.
First I download the challenge file, the challenge provide mobile application ( apk ) file.
Just try to decompile with d2j-dex2jar to get a more readable source code with java version, and that will more easier to help you to understand with java language.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeFKoRQRbPxXVXbWOlrZJliNVMSuz6oSDxe5idbbomlD7CAoiSmiMrh_X2bQAwuHnopFC8wNQ_a3-Jxj3_ReikbCCvIF4Bexbl7UuOWIeGBz9Lr-j8ewbsu1SkPzgJFi0xQK3wnDq3gVo/s640/Screenshot+from+2018-01-30+23-57-45.png)
In MainActivity.class function, we can see the clearly at source code,
String isActivated = "0";
isActivated is already initialized with value "0"
in checkActivation() function
that compare isActivated with "1",
if not equal "You are not activated yet" bad boy message
if equal "Congraulations , You have patched challenge" good boy message.
so let's make a patch "0" to "1" at the isActivated variable.
first we need to decompile the apk file with apktool to get a smali code.
apktool d mcsc_misc2.apk
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiu90kfSPaaPmRu8jFhbzeC6VgiW12aAh_0w_EX7zfed1ObkZiIDlJ-O9GWV8XMXJUfn3TZRZjusd9iDLxDGv0t1wBEEx8hjok6P58jXnVGmaQYSNPBf6d36P23mejVIepZmkLNHqCTeH8/s640/Screenshot+from+2018-01-31+00-08-21.png)
in ./mcsc_misc2/smali/myanmar/mcsc/challenge2/MainActivity.smali file
change "0"
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLfVy5wxLn8DSxx2J_HcVZJERJP7mnYCdbqoaLLNGjjNHfOq62pLZr8goAnPOPVJqm20Wips0CPN1hqUdHeiRbtvhaEYhhxLllIs8yUAUdcR4fvuSknS_i9xUd6wDqkeluLHFyVtZNMK0/s640/Screenshot+from+2018-01-31+00-10-06.png)
to "1"
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBQV51AYFEkIIIO8zzbfxQqO7QdvefrDMqI_oaShWQMo-nzCDQ6aJoiARXkOFWn03qIhFsETGT36oLrCXnGjib_WOnCIkkaZ-h2ltQDE2rIF0IIKcwo23ojzgntPXrqT6JzxZZpkBEjyE/s640/Screenshot+from+2018-01-31+00-10-17.png)
and recompile the smali source with apktool
apktool b mcsc_misc2/
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrPXCDy31SAQ68UFsFsS95ZNwVqCijZl6fpGdQQcDpV7ZCLImjlEhlT-CyQF5apVxdRLyCJdeWL_4E6az1In6qLwqfOl73-Ia_MGwT8ZuFEv4svCTBIY4CxRqE1qsHT43z0yc3I2odFtc/s640/Screenshot+from+2018-01-31+00-14-22.png)
the application needed to be signed before install at the android, I used the jarsigner to sign the applicaion.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5n-glpRmE-QxSP_KivODR8lPbpDw1A8xEOrO4jH5JK6XBBH3dUip70JBf_9TjV6T9wklABXTxJiPe9ZBw5KMMWpm_CFTWpGJTR67B7QHAdKCYFVy3C-1V-I4-H-0sm9APlJcSHK_5WK8/s640/Screenshot+from+2018-01-31+00-18-36.png)
Now, the patched application ready to install at the android.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNG3Zad20sqF133BqmEpLkMUfJyh9VKJ7yIJPSBOks-DI8DwLMqttyj0XBwlv5H0n0M6aewcScm7ZSo43xDyB1aJ4nZ5kACzJ_ls7ju272cry733-boB530TY1eOjIrPLD_NXlZaD_FAg/s320/Screenshot+from+2018-01-31+00-19-43.png)
Just click the CHECK PATCH button to get the flag!! yay!
Decrypted text: this is testing
just the fix with the flag format mcsc{} , and then I got the flag.
flag : mcsc{this is testing}
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2UzLfMu7GKdA-2ZS76Py2Hbx-fnocp1GSjbc1cKXdSO270znMlTaBx_O6H0xVyW1OeesfjfATTyKU1hyphenhyphene4brVlvUto5Nj_ejskvp3TRpZTY_dH8peA8s7TwbS8n86-N70u2gEOA_MKHo/s640/Screenshot+from+2018-01-31+00-23-01.png)
This is seventh challenge that I solved in MCSC2018.
but this time we are not first solver team.
Noted
Just updated text
12.07.2020
I want to say thank you to challenge creator.
No comments:
Post a Comment