Scribd
Upload
19 views6 pages

Don't Overreact

The document outlines an easy mobile reversing challenge titled 'Don't Overreact' where participants must unpack an APK, locate and reverse obfuscated React Native Javascript to reveal a flag. It provides step-by-step instructions on unpacking the APK, beautifying the code, and either decoding a base64 flag or modifying the Javascript to display it. The flag for the challenge is HTB{23m41n_c41m_4nd_d0n7_0v32234c7}.

Uploaded by

Ye Zeiya Shein
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
19 views6 pages

Don't Overreact

The document outlines an easy mobile reversing challenge titled 'Don't Overreact' where participants must unpack an APK, locate and reverse obfuscated React Native Javascript to reveal a flag. It provides step-by-step instructions on unpacking the APK, beautifying the code, and either decoding a base64 flag or modifying the Javascript to display it. The flag for the challenge is HTB{23m41n_c41m_4nd_d0n7_0v32234c7}.

Uploaded by

Ye Zeiya Shein
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Don't Overreact

22nd August 2021

Challenge Author(s):

Lunatec

Description:

This challenge is an easy mobile reversing challenge.

Objective

Unpack the APK, find the React Native Javascript in assets and reverse the obfuscated
Javascript. After reversing you can either modify the Javascript code to show the flag or
decode the base64 flag.

Difficulty:

easy
Flag:

HTB{23m41n_c41m_4nd_d0n7_0v32234c7}

Challenge
Run the app using adb install app-release.zpk and you will see the following screen:
First unpack the apk using apktool.

apktool d app-release.apk

Under app-release/assets open the file index.android.bundle here you will find the
minified/packed React Native Javascript code. Using the techniques found in the academy
Javascript deobfuscation module you can unpack and beautify the Javascript code. The
app code is in this function:

function() {
var f = n.default.useState(!1),
u = (0, t.default)(f, 1)[0];
return n.default.createElement(o.SafeAreaView, {
style: {
backgroundColor: '#141d2b'
}
}, n.default.createElement(o.StatusBar, {
barStyle: 'dark-content'
}), n.default.createElement(o.View, {
style: {
backgroundColor: r(d[5]).Colors.black,
justifyContent: 'center',
alignItems: 'center',
height: '100%'
}
}, n.default.createElement(o.Image, {
width: "100",
height: "1000",
source: r(d[6])
}), n.default.createElement(o.Text, {
fontSize: "24",
style: {
display: 0 == u ? 'none' : 'flex',
color: '#9fef00'
}
}, "Debug key ",
l.default.decode(r(d[7]).myConfig.debug))))
});

The other interesting code is in the config file, the debug key contains the flag:

Object.defineProperty(e, "__esModule", {
value: !0
}), e.myConfig = void 0;
var t = {
importantData: "baNaNa".toLowerCase(),
apiUrl: 'https://www.hackthebox.eu/',
debug: 'SFRCezIzbTQxbl9jNDFtXzRuZF9kMG43XzB2MzIyMzRjN30='
};
e.myConfig = t

From here you can either decode the base64 encoded debug flag to find the key or you can
modify the color of the flag text in Javascript and repack the app to see the flag. Let's
modify the flag color to something light like white:
n.default.createElement(o.Text, {
fontSize: "24",
style: {
display: 'flex',
color: '#FFFFFF'
}

app-release/META-INF$ rm CERT.RSA
app-release/META-INF$ rm CERT.SF
app-release/META-INF$ rm MANIFEST.MF

Repack the APK:

app-release$ zip -r app-release.patch.apk *

Generate a key

app-release$ keytool -genkey -v -keystore key.jks -keyalg RSA -keysize


2048 -validity 10000 -alias hackthebox

app-release$ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -


keystore key.jks app-release.patch.apk hackthebox

You might also like