Wagiro Security Blog

This  test provides us an APK file through this link, called pokeamango.apk.   Analysis This android application is similar to Pokemon GO, it’s about capturing mangoes, to be able to buy the flag once you have 151 captured. Analyzing the apk with jadx-gui, you can see the requests that we need. A first request lists the «mangoes» that we have nearby:   REQUEST: POST /mango/list HTTP/1.1 Host: pokeamango.vuln.icec.tf Content-Length: 51 Accept: */* Origin: file:// User-Agent: Mozilla/5.0 (Linux; Android 7.1.1; Custom Tablet…

Leer más Leer más

This  test provides us an APK file through this link, called droid.apk. Analysis The first thing we do is install it on a genymotion android virtual machine, and execute it:   If we click next, pass to following challenge:   At this stage, if we click, it returns an error message. Then, we open it with jadx-gui  and analyze it. We see that there are several classes in the com.example.puing.a2018codegatepackage: These classes give us a hint as to the order in which…

Leer más Leer más