As my first article, I would like to make a write-up about H1 Thermostat, which is an Android CTF that can be found on a cybersecurity learning platform called Hacker101. It is worth to mention that Hacker101 is powered by HackerOne.
Presumably you will see something like the image below, while accessing the CTF for the first time:
If you are facing this message, all you have to do is press F5 after a few seconds of waiting, just like the page says. After refreshing the page, you will probably see a link to download your .apk file:
Just download it :D
In order to do that, I am going to be using Apktool. If you don't have it installed, just take a look at this guide, which works for Windows, Linux and MacOS: Apktool - How to Install.
Once you have Apktool installed, basically, all you have got to do is go to the directory where you can find your .apk file, and execute the command below:
apktool d thermostat.apk
Right below, we see the most common response that Apktool gives to this command:
At this moment, I feel like I should tell you that no knowledge about android developing is needed to catch the flags. Actually, you just have to go to the thermostat directory generated by Apktool and grep your flags, just like this:
cd thermostat grep -rnw ./ -e "FLAG"
Right below, you can see the results :)
Alternatively, considering you don't want to use grep, you can also open any IDE or text editor and search for any "FLAG" register inside the directory. In this example, I also did the searching process by using Visual Studio Code:
Notice that the file which contains the flags has this extension called smali. What does that mean? Well, I will be trying to explain a little bit about it in the next article 😄