NahamCon – Mobile – Ends Meet

Ends Meet is a 150 point Mobile challenge in the NahamCon CTF. The challenge provides the ends-meet.apk file and the description Are you a true mobile hacker?
There are many ways to go around this challenge, but I’m taking the disassembly/decomplication route again. Since the launch of android nougat, setting up a MITM proxy using something like Burp on Android is pretty non-trivial and can quickly become a sinkhole of time.
Looking at the decompilation of the main class, there are 2 things that immediately jump out.
There is a server URL and an encoded string. Looking a bit further down in the class there is a makeHTTPRequest() method which invokes a Base64 decoder on pathEncoded.
Decoding the Base64 string gives an api endpoint /api/v2/data and throwing together a request in burp to returns an error about an incorrect user agent.
Finding the user agent was as simple as searching for it in the projects GitHub. It follows the form of volley/<version and I’m just going to assume sending volley will be adequate.
And sending another request with the correct user agent this time returns the flag 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *