>/Posts/[1:6]/16 $

## Introduction Quite a few of my posts focus on solving challenges involving reverse engineering of mobile applications from CTF competitions. Although in one of my previous posts I briefly described how to approach this topic, I'd like to cover it more extensively here, highlighting...

# First Part ## Recon To be honest we don't have much to see there. It's simple login form shown on the screenshot below:  And we don't have any credentials attached to this task so I assumed it's a SQLi kind of a task and tried some basic payloads as input. ![2](...

# First Part ## Look at the files After downloading and unzipping the archive there’s only one APK inside, so I launched it on an Android emulator and also opened the APK in JADX-GUI for static analysis.  Not much to see in the UI at first glance. ![2](./images/2...

### First Part **Look at the files** There isn’t much to look at it’s a single **apk** file, so we need an Android emulator to run it. I used BlueStacks. The app is simple: one input field and a submit button.  The goal is obvious: find the valid code to unlock the...

# First Part **Look at the files** ``` │>sweet treet │ cookiejar │ directory.db │ docker-compose.yml │ Dockerfile │ README.md │ └───webapp │ edit_profile.jsp │ index.jsp │ login.jsp │ logout.jsp │ register.jsp │ styles.css │ └───admin │ admin-review.jsp │ admin.jsp ``` ...

## What is this task even about? I started this challenge by taking a look at Discord, as part of my team had already begun working on it. My first glance at the provided charts led me to think -> 2 charts are probably UART or I2C to be decoded.  ## Identifying...