Scenario⌗

You’ve intercepted a suspicious Android app, that contains secret data. Your task is to reverse-engineer the app, uncover hidden data, and retrieve the flag. To solve this challenge, you’ll need to demonstrate your reverse engineering and basic Android penetration testing skills.

Objective⌗

Find the flag hidden within the APK by reverse-engineering it

Prerequisites⌗

• Download the APK file
• Install APKTool for decompiling the APK
• Install JADX For reverse engineering and inspecting the Java code.

Decompile the APK using APKTool⌗

Decompile the APK file and explore.

apktool d app-debug.apk

Reverse Engineering the APK file⌗

Use JADX to open the APK file

jadx-gui app-debug.apk

Navigate through the app’s MainActivity and resources. Have checked the strings.xml, to get the flag

Conclusion⌗

In conclusion, this blog post has explored how to use the specified tools decompile, analyze, and reverse engineer Android application to test the basic Android penetration testing skills.