Ends Meet is a 150 point Mobile challenge in the NahamCon CTF. The challenge provides the
ends-meet.apkfile and the description
Are you a true mobile hacker?
There are many ways to go around this challenge, but I’m taking the disassembly/decomplication route again. Since the launch of android nougat, setting up a MITM proxy using something like Burp on Android is pretty non-trivial and can quickly become a sinkhole of time.
Looking at the decompilation of the main class, there are 2 things that immediately jump out.
There is a server URL and an encoded string. Looking a bit further down in the class there is a
makeHTTPRequest()method which invokes a Base64 decoder on
Decoding the Base64 string gives an api endpoint
/api/v2/dataand throwing together a request in burp to
http://jh2i.com:50038/api/v2/datareturns an error about an incorrect user agent.
Finding the user agent was as simple as searching for it in the projects GitHub. It follows the form of
volley/<versionand I’m just going to assume sending
volleywill be adequate.
And sending another request with the correct user agent this time returns the flag 🙂