Table of contents
Get Rid Of Them All
We are given a JAR
file. Let's decompile it and look into it. We can see that there are two java classes given. And in one of them, there lies a peculiar looking string as below:
&^&@|* Zm}&,);\\('))[\\[$`|_^#(x*]>&hZ)'$ $#(: [$3;&$t \\_']?&>,&i)!QG{`- ,% ~<`._@'::_\\_{}-|_[&{<`~$) ?'?(!$,.{>? @!^:#|R,?')`[,`;?!f_:$$<)Y}$:[|^?2)_h&><.:.-{&[|&A\\*;*)-($.>>(<^';#Q@?,,H\\`|)$ <):@(;}?-[~(&)>>*)(~)`$:[;>!.&%<!.>~ %J}*zX:(&:~:<0)*>(B(!?.#@A*<*{-,[Q@{%!~)~-~:@:#|![>)]?];H;$-<}>!@~)<<) \\_!|]#,&!,@>\\[]|J ]\\^[?>$|$?'|,#.)$l[^@X.~! \\;0-&,;,!['@[J*~#`AQ[*&%<,~]?~_^~(;}\\$>)[&@) (]}];;*^<)''@\\E[.@! B*.<-A-,:-#`-.}<-|)^Z@](?;H >-}.%.?}@<!())0] <&=@(<*$\\((
In ooo.java
file, we can see that there is a method that invokes the base64
decode method. Let's head over to CyberChef and try decoding it. And.. we get the flag!
flag{b@d_ch@@rs_@@@re_B@@@@d}
Easy
We are given a RAR file and a password. After uncompressing, we get a .exe
file. Let's execute it. And bam, we get the flag!
FLAG{All_You_N33d_Is_Just_Execute_Me}
m0v
We're given an assembly file, that looks like below:
mov eax,0
mov ebx,0
mov edx,deadbeefh
mov ax,3337h
mov ebx,31330000h
mov dx,ax
mov bx,dx
We're asked to find out the value of ebx
register after the execution of the code segment. Using emu8086
emulator, we can easily find out about it.
The flag is: flag{31333337}
Android101
We're given an apk
file. Let's decompile and look through the sources folder contents. A certain file Main2Activity.java
catches our sight. Here, the function Validate
takes a string as a parameter, manipulates it and compares it a character array. If matches, shows the toast Correct.
public String Validate(String f) {
StringBuilder str = new StringBuilder(f);
for (int i = 0; i < str.length(); i++) {
for (int j = i; j < str.length() - 1; j++) {
char t = str.charAt(j);
str.setCharAt(j, str.charAt(j + 1));
str.setCharAt(j + 1, t);
}
}
if (str.toString().equals(String.valueOf(new char[]{'l', 'g', 'c', 'n', 'y', 'u', 'r', 'V', 'r', '3', '4', 'd', '0', 'D', 'f', '{', '_', '_', '3', '_', 'R', '}', '4', '3', 'n', 'a', '5', '0', '1'}))) {
Toast.makeText(getApplicationContext(), String.valueOf(new char[]{'C', 'o', 'r', 'r', 'e', 'c', 't'}), 1).show();
}
return "" + str.toString();
}
Let's get to work. Let's concatenate the manipulated string from the character set. We get lgcnyurVr34d0Df{__3_R}43na501
Now, we've to reverse what was done to this string. By analyzing the loops, we can write a reverse loop as below:
for (int i = str.length() - 1; i >= 0; i--) {
for (int j = str.length() - 2; j >= i; j--) {
char t = str.charAt(j);
str.setCharAt(j, str.charAt(j + 1));
str.setCharAt(j + 1, t);
}
}
Now, we can find the flag! The flag is:
flag{c4n_y0u_r3V3r53_4ndR01D}