Reading Time : 2min

Reoky Android Crackme Challenge One Solution


Crackme: challenge-one

Author: reoky

Difficulty: ?

Platform: Android

Language: java

Architecture: X86


Description by Author: A file will be created within the application's sandbox boundaries. You must extract its contents.


User Interface

After Installation we are presented with this application

Image 1.1 – Application logo

by running the application we are presented with this User Interface

Image 1.2 – Challenge

we also have HINT and ABOUT Tabs

Image 1.3 – Hint tab

The hint window is telling us to use a “file browser " application but i was not successful with any application. So i will be using adb to extract our file.

Image 1.4 – About tab

The About tab shows information about author and application

Solution

I am using Android Studio AVD Emulator for this excercise. Let’s start by pressing Write File button The file will be created in application directory and button will be changed to Delete File

Image 2.1 - file created

Now lets start digging for file

The file is located in a protected directory. to access that directory we need to use root permission we are going to use adb root command to access root permission

I found the file “ANSWER” in this location

# data/data/com.reoky.crackme.challengeone/files/ANSWER

lets pull this file using this command

$ adb pull data/data/com.reoky.crackme.challengeone/files/ANSWER /home/"Username"/Documents

i am using linux so my destination path is “/home/$USER/Documents”. use destination path according to your OS.

and this is what we found inside our file

poorly-protected-secret

Testing

lets try putting our secret flag

Image 3.1 - Testing

and by pressing “Check” button we get a pop up saying “You’ve completed this challenge!