Open in app

Sign in

Write

Sign in

AndroidReversing — Bonjour

Pranjal Aggarwal
DevCTF-2022
Published in
2 min readMay 17, 2022

Problem Statement:

Sometimes things are not what they appear!Apk Link: https://anonfiles.com/B5Yaw0hfy9/bonjour_apk

Setting Up

As true for other android problems, we will first start by decompiling the apk. For this we will need to the following softwares:

1.) apktool- For decompiling the apk to get its source assets, dex and smali files
2.) jadx- For decompiling .dex files into .java files

To simplify the process, I have used the ApkLab extension available on VSCode. It applies the relevant steps automatically and is going to be specially useful in other android problems.

Solution

We first open vscode and open the apk using ApkLab Extension. It opens the decompiled source code in a new project. For any problem, we should start by reading the AndroidManifest.xml file. It contains information for the MainActivity Class. Interestingly the package name is com.ctf.stegno. This along with the problem hints at that the solution must be related to steganography. And most of the steganography problems have something hidden in the images. So lets try to find something in the drawables and mipmap directories. On browsing we find some interesting and randomly placed images in res/mipmap-anydpi-v26 directory.

Images inside mipmap-anydpi-v26 folder

What’s Hidden in the images?

This blog has a good list of softwares for identifying different cases of steganography cases. For this question, I have used binwalk software. Now in a terminal simply run binwalk image_name , one by one on all the three images. On running this command on drapeau.jpg, we find that a zip file is embedded with file.txt inside it. So next we extract the hidden contents from image file using binwalk -e drapeau.jpg . Now lets extract the zip file to get our flag! But wait its asking for a password :(

Output of ‘binwalk drapeau.jpg’

Finding the password

Well this step doesn’t really needs great android skills. There are two methods to it, firstly one can simply browse through the decompiled files, and look for some hints for the password. Otherwise once can grep for some keyword such as ‘flag’, ‘ctf’, ‘zip’ etc. Here on running grep -nr zip . inside the project root, we find this line in strings.xml file:

<string name=”zip”>i_am_not_the_flag_but_i_will_help_you</string>

On trying this string as password for zip file, we are able to extract it. And inside it, we find the flag:

ctf{voici_le_drapeau}

Problem Solved! 🎉

Android
Reverse Engineering
Android Hacking Apps
Ctf Writeup

--

--

Pranjal Aggarwal
DevCTF-2022

Written by Pranjal Aggarwal

5 Followers
Writer for

CS Senior@IITD. I learn, do and write about natural language processing, computer vision and cybersecurity.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams