Android CTF: modulo.apk
Game time, play to learn
At ModuloTech, on Friday afternoons, Android Team often organizes a team building session where we play, compete, have fun and also learn new things together.
The topics of the sessions are diverse : coding games, tech talks, Android quizzes or Capture The Flag sessions(CTFs).
In this article, I will introduce one of the CTFs that we did at ModuloTech.
Since this was our first CTF session, we started with something simple to get to know the reverse engine and to see how our codes can be vulnerable.
You can download the apk at our github repo.
Goal
The requirement for this CTF is to get the given “flags” string displayed on the screen and take screenshots of those flags.
In order to show that they had successfully bypassed the test, it is not enough to find the flags strings but also to capture them. To make things simple, the flags were stored in the local string xml file.
There are in total 5 flags corresponding to 5 activities. A flag is a string matching this regex: ^\^FLAG^[A-Za-z0-9]{31}\$FLAG\$$.
Try it out
Now before scrolling down, give it a try if you are interested. This is the challenge…
