Guitar - Easy
Description Author: @matlac Have you ever wanted to play the guitar on your phone? Here’s a free app, with all guitar strings included for free!
Attachments: com.nahamcon2024.guitar.apk
Solution
First, I installed com.nahamcon2024.guitar.apk on Android Virtual Device and tried to use the app but there is nothing in the app. So I decided to extract the APK file by using JADX-GUI and went straight forward to resources. Look at res/values/strings.xml, I tried to find strings in the app that seem interesting and I found it at line 65.
Decode secret_strings as base64 with CyberChef Result: The flag is: flag{46afd4f8d2ca595c09e4aa297b84acc1}.
Kitty Kitty Bang Bang - Easy
1
2
3
Description
Author: @matlac
I found a cool android app to play with a cowboy cat! There’s has to be more going on with the app I can’t see on my screen…
Download the file(s) below. Attachments: com.nahamcon2024.kittykittybangbang.apk
Solution
Again, I used JADX-GUI and went to the MainActivity source code. At line 28-35 , It looks like when I tap the screen in the app, the app will print messages including the flag in the log. So I just use ADB Platform-tools to see the messages log.
look and get the flag : flag{f9028245dd46eedbf9b4f8861d73ae0f}
1
2
3
4
$ adb shell pidof -s com.nahamcon2024.kittykittybangbang
# This command will give PID of the app so I can use it to filter log messages.
$ adb logcat --pid=4831 *:I
# This command use to see log messages.
more info : https://developer.android.com/tools/logcat