Reading Time : 2min
Crackme: challenge-two
Author: reoky
Difficulty: ?
Platform: Android
Language: java
Architecture: X86
Description by Author: The password is stored in the app's string resources. Decompile the app and go get it. This should be fairly easy.
After Installation we are presented with this application
by running the application we are presented with this User Interface
we also have HINT and ABOUT Tabs
The hint told us to look into String resources. actually every android application uses a file called strings.xml almost all the strings used inside application are stored here.
The About tab shows information about author and application
I used apktool to decompile apk file
$ apktool d challenge-five.apk
after decompilation here is the location of our strings.xml file
challenge-five/res/values/strings.xml
these are the contents of strings.xml
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string name="abc_action_bar_home_description">Navigate home</string>
<string name="abc_action_bar_up_description">Navigate up</string>
<string name="abc_action_menu_overflow_description">More options</string>
<string name="abc_action_mode_done">Done</string>
<string name="abc_activity_chooser_view_see_all">See all</string>
<string name="abc_activitychooserview_choose_application">Choose an app</string>
<string name="abc_searchview_description_clear">Clear query</string>
<string name="abc_searchview_description_query">Search query</string>
<string name="abc_searchview_description_search">Search</string>
<string name="abc_searchview_description_submit">Submit query</string>
<string name="abc_searchview_description_voice">Voice search</string>
<string name="abc_shareactionprovider_share_with">Share with</string>
<string name="abc_shareactionprovider_share_with_application">Share with %s</string>
<string name="app_name">CrackMe Five</string>
<string name="eight">eight</string>
<string name="string_about_author">reoky => Lucas Thoresen</string>
<string name="string_about_icon_license">[App Icon] - romannurik.github.io - CC 3.0</string>
<string name="string_about_license">[This App] - github.com/reoky - MIT</string>
<string name="string_about_licenses">Licenses</string>
<string name="string_about_programmer">Programmer</string>
<string name="string_about_quit">Exit Zero</string>
<string name="string_about_subtitle">Apps to be reverse-engineered</string>
<string name="string_about_theme_license">[App Style] - jgilfelt.github.io - CC 3.0</string>
<string name="string_about_title">Android CrackMe Challenge</string>
<string name="string_challenge_five_check">Check</string>
<string name="string_challenge_five_guess">Answer</string>
<string name="string_challenge_five_intro">Recover the secret string and enter it in the box below.</string>
<string name="string_challenge_five_lose">"Sorry, that wasn't correct."</string>
<string name="string_challenge_five_subtitle">String Resources</string>
<string name="string_challenge_five_title">Challenge Five</string>
<string name="string_challenge_five_win">"You've completed challenge five."</string>
<string name="string_hint_hint">"Lookup how to decompile Android applications. The string is actually an Android string resource, so finding it shouldn't take too much effort. You may even get away with using less tools than you'd expect."</string>
<string name="string_hint_title">Display Hint</string>
<string name="tab_about">About</string>
<string name="tab_challenge">Challenge</string>
<string name="tab_hint">Hint</string>
<string name="the_answer">there are ... bits in a byte</string>
</resources>
at the bottom we can see a string named “the_answer” saying “there are … bits in a byte”
so i tried writing 8 as an answer.
It did not work
So I looked into xml file again and found this line
<string name="eight">eight</string>
lets try again with “eight” as an answer
and we got it.