Secured Notes

Secured Notes

I created an application to retrieve my secrets. Is it realy secured? SecuredNotes.apk

Solution

Here, we were given an apkfile and we were tasked into finding whether the app was handling secrets well. I decompiled the app using apktool using the command apktool d SecuredNotes.apk

I then went into the folder containing the application and grepped for the key words secret & flag

We get a base64 like string DQkYFA8aWxkBCFUdQBAtHB8XWgseACtGXgURNBZKEAZBGxgY, but after decoding it we realize it is messed up somehow.

We then grep for secret and we immediately get a hit.

Trying to decode it, we get a string ekortsyek that initially I thought was the password for the notes app.

Now we need a script to help us read the flag and secret.

#!/usr/bin/python3

import base64

def decode_base64(data):
    return base64.b64decode(data).decode('utf-8')

def xor_strings(s1, s2):
    return ''.join(chr(a ^ b) for a, b in zip(s1, s2))

decoded_secret = decode_base64("ZWtvcnRzeWVr")[::-1]

decoded_flag = decode_base64("DQkYFA8aWxkBCFUdQBAtHB8XWgseACtGXgURNBZKEAZBGxgY")


flag = xor_strings(decoded_flag.encode('utf-8'), (decoded_secret * len(decoded_flag)).encode('utf-8'))

print(flag)
          

Running the script, we get our flag.

I was not able to solve the other Android challenges during the CTF but will definitely look into them later.