H1 Thermostat
1 minute to read
We have an Android APK file called thermostat.apk
:
$ file thermostat.apk
thermostat.apk: Zip archive data, at least v0.0 to extract, compression method=deflate
As it is shown an APK file is just a ZIP archive. Therefore, we can extract its contents:
$ 7z x thermostat.apk
Scanning the drive for archives:
1 file, 2595443 bytes (2535 KiB)
Extracting archive: thermostat.apk
--
Path = thermostat.apk
Type = zip
Physical Size = 2595443
Everything is Ok
Files: 569
Size: 4968479
Compressed: 2595443
$ ls
AndroidManifest.xml META-INF classes.dex res resources.arsc thermostat.apk
This challenge is so easy that the flags are inside the extracted files. We can use grep
recursively, no need to use apktool
or decompilers to Java code:
$ grep -r FLAG *
Binary file classes.dex matches
We see that there are matches inside classes.dex
. Since it is a binary file, we can view printable data using strings
. After that, we can extract both flags using grep
again, with a more specific filter (using the actual format of Hacker101CTF flags):
$ strings classes.dex | grep -oE '\^FLAG\^.*?\$FLAG\$'
^FLAG^xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx$FLAG$
^FLAG^xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx$FLAG$