droids1
Problem
Find the pass, get the flag. Check out this file. You can also find the file in /problems/droids1_0_b7f94e21c7e45e6604972f9bc3f50e24.
Solution
Launch
jadx-gui
and openone.apk
In the
MainActivity
the button click code can be seen:The
getFlag()
function is as follows:It checks if the input is
R.string.password
, and if it matches then the flag is shown.Go to
R > string > password
in the explorer to findpublic static final int password = 2131427375;
. It is accessing resource `2131427375.Go to
Resources > resources.arsc > res > values > strings.xml
since the password is probably a string. We find:<string name="password">opossum</string>
Flag
picoCTF{pining.for.the.fjords}
Last updated