DEV Community

Breno Vit贸rio
Breno Vit贸rio

Posted on

HackerOne CTF - H1 Thermostat (Android)

馃帀 Hello World

As my first article, I would like to make a write-up about H1 Thermostat, which is an Android CTF that can be found on a cybersecurity learning platform called Hacker101. It is worth to mention that Hacker101 is powered by HackerOne.

猬囷笍 Download The App

Presumably you will see something like the image below, while accessing the CTF for the first time:

Text telling you to refresh the page in a few seconds

If you are facing this message, all you have to do is press F5 after a few seconds of waiting, just like the page says. After refreshing the page, you will probably see a link to download your .apk file:

Page containing a link to download the app

Just download it :D

馃敡 Decompiling The App

In order to do that, I am going to be using Apktool. If you don't have it installed, just take a look at this guide, which works for Windows, Linux and MacOS: Apktool - How to Install.

Once you have Apktool installed, basically, all you have got to do is go to the directory where you can find your .apk file, and execute the command below:

apktool d thermostat.apk
Enter fullscreen mode Exit fullscreen mode

Right below, we see the most common response that Apktool gives to this command:

Terminal screen containing the apktool input and its default output

馃弫 Getting All The Flags

At this moment, I feel like I should tell you that no knowledge about android developing is needed to catch the flags. Actually, you just have to go to the thermostat directory generated by Apktool and grep your flags, just like this:

cd thermostat
grep -rnw ./ -e "FLAG"
Enter fullscreen mode Exit fullscreen mode

Right below, you can see the results :)

Terminal screen containing the grep results, including the flags

Alternatively, considering you don't want to use grep, you can also open any IDE or text editor and search for any "FLAG" register inside the directory. In this example, I also did the searching process by using Visual Studio Code:

Visual Studio Code screen, containing the search result, including the flags

鈿狅笍 P.S.

Notice that the file which contains the flags has this extension called smali. What does that mean? Well, I will be trying to explain a little bit about it in the next article 馃槃

Discussion (0)