NahamCon – Mobile – Ends Meet

Ends Meet is a 150 point Mobile challenge in the NahamCon CTF. The challenge provides the ends-meet.apk file and the description Are you a true mobile hacker?
There are many ways to go around this challenge, but I’m taking the disassembly/decomplication route again. Since the launch of android nougat, setting up a MITM proxy using something like Burp on Android is pretty non-trivial and can quickly become a sinkhole of time.
Looking at the decompilation of the main class, there are 2 things that immediately jump out.
There is a server URL and an encoded string. Looking a bit further down in the class there is a makeHTTPRequest() method which invokes a Base64 decoder on pathEncoded.
Decoding the Base64 string gives an api endpoint /api/v2/data and throwing together a request in burp to http://jh2i.com:50038/api/v2/data returns an error about an incorrect user agent.
Finding the user agent was as simple as searching for it in the projects GitHub. It follows the form of volley/<version and I’m just going to assume sending volley will be adequate.
And sending another request with the correct user agent this time returns the flag 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *