Reading Time : 2min

Reoky Android Crackme Challenge Five Solution


Crackme: challenge-two

Author: reoky

Difficulty: ?

Platform: Android

Language: java

Architecture: X86


Description by Author: The password is stored in the app's string resources. Decompile the app and go get it. This should be fairly easy.


User Interface

After Installation we are presented with this application

Image 1.1 – Application logo

by running the application we are presented with this User Interface

Image 1.2 – Challenge

we also have HINT and ABOUT Tabs

Image 1.3 – Hint tab

The hint told us to look into String resources. actually every android application uses a file called strings.xml almost all the strings used inside application are stored here.

Image 1.4 – About tab

The About tab shows information about author and application

Solution

I used apktool to decompile apk file

$ apktool d challenge-five.apk

after decompilation here is the location of our strings.xml file

challenge-five/res/values/strings.xml

these are the contents of strings.xml

<?xml version="1.0" encoding="utf-8"?>
<resources>
    <string name="abc_action_bar_home_description">Navigate home</string>
    <string name="abc_action_bar_up_description">Navigate up</string>
    <string name="abc_action_menu_overflow_description">More options</string>
    <string name="abc_action_mode_done">Done</string>
    <string name="abc_activity_chooser_view_see_all">See all</string>
    <string name="abc_activitychooserview_choose_application">Choose an app</string>
    <string name="abc_searchview_description_clear">Clear query</string>
    <string name="abc_searchview_description_query">Search query</string>
    <string name="abc_searchview_description_search">Search</string>
    <string name="abc_searchview_description_submit">Submit query</string>
    <string name="abc_searchview_description_voice">Voice search</string>
    <string name="abc_shareactionprovider_share_with">Share with</string>
    <string name="abc_shareactionprovider_share_with_application">Share with %s</string>
    <string name="app_name">CrackMe Five</string>
    <string name="eight">eight</string>
    <string name="string_about_author">reoky => Lucas Thoresen</string>
    <string name="string_about_icon_license">[App Icon] - romannurik.github.io - CC 3.0</string>
    <string name="string_about_license">[This App] - github.com/reoky - MIT</string>
    <string name="string_about_licenses">Licenses</string>
    <string name="string_about_programmer">Programmer</string>
    <string name="string_about_quit">Exit Zero</string>
    <string name="string_about_subtitle">Apps to be reverse-engineered</string>
    <string name="string_about_theme_license">[App Style] - jgilfelt.github.io - CC 3.0</string>
    <string name="string_about_title">Android CrackMe Challenge</string>
    <string name="string_challenge_five_check">Check</string>
    <string name="string_challenge_five_guess">Answer</string>
    <string name="string_challenge_five_intro">Recover the secret string and enter it in the box below.</string>
    <string name="string_challenge_five_lose">"Sorry, that wasn't correct."</string>
    <string name="string_challenge_five_subtitle">String Resources</string>
    <string name="string_challenge_five_title">Challenge Five</string>
    <string name="string_challenge_five_win">"You've completed challenge five."</string>
    <string name="string_hint_hint">"Lookup how to decompile Android applications. The string is actually an Android string resource, so finding it shouldn't take too much effort. You may even get away with using less tools than you'd expect."</string>
    <string name="string_hint_title">Display Hint</string>
    <string name="tab_about">About</string>
    <string name="tab_challenge">Challenge</string>
    <string name="tab_hint">Hint</string>
    <string name="the_answer">there are ... bits in a byte</string>
</resources>

at the bottom we can see a string named “the_answer” saying “there are … bits in a byte

so i tried writing 8 as an answer.

Image 2.1 - first try

It did not work

So I looked into xml file again and found this line

<string name="eight">eight</string>

Testing

lets try again with “eight” as an answer

Image 3.1 - second try

and we got it.