 These are not the droids is the next challenge and Ryan Nicholson's capture the flag competition that has to do with our Supposedly reverse engineering not really reverse engineering, but just trying to track down a flag hidden deep within an Android package source code So we can go to the shell. They offer us login with the credentials that they specify CTF 5 and challenge 5 and we have hello dot APK available so what I wanted to do originally was just kind of extract this or do some whatever file con like Reconnaissance that I could actually figure out what this thing was because I know normally APKs are Considered to be archives so you can like decompress it or expand this archive and I thought well like I can just try and unzip this right But we don't have unzip. So can I gun zip it? I figured I could just copy Hello to APK to hello or like a different name second dot APK dot GZ And then I wanted to gun zip second that but it didn't do it for me So I figured like what what can I do? I've seen like Java decompilers or JDX stuff like that But obviously I don't have any of those console command line things or even those tools in this web shell So I thought well, I'm gonna have to Google a little bit more. I figured I'd be like extract APK Command line, and I just try to do some research. What else can I do? So I did some research and did Google did stack overflow and then recommended. Oh APK tool Okay, I didn't think of that. So I tried to see that is that available in this shell and APK tool actually is so awesome Let's go ahead and see can I run APK tool? It says D to Decompress this stuff. I checked that out in the man pages, which we don't have again But again, I saw an example of an APK tool D will decode or decompress or whatever Extract everything out of hello dot APK So it looks like that would run through and then I was able to actually see I have a new directory Hello that has the files in it original and like resources were all things But smally looked particularly peculiar because I haven't seen that before so I wanted to move into that directory It looked like it had yannel which had again I want to check that out because Android just looks like boilerplate stuff and hello world looks to be the name of the Application, so I checked that out and this has a bunch of code supposedly available to it So what I did I want to check out that main activity and other things what I did was I actually cat out everything And then I grept case insensitive for flag and then I eventually got a result here cool There is flag Harmonograph just like that. So if I wanted to get the very first line and cut that up Go for the spaces after I rev it blah blah blah You can write your own get flag script to just carve out that specific string if you want But that is what we would go ahead and submit so you take that In our archive in our own notes But that is how I approach that challenge and that is one solution or how to get to it Because simply just looking for the file and trying to automate the process of looking through all of those things is particularly awesome But hey, I need to give a special shout out of the people that willing to support me on patreon Thank you so so much. It's incredible to see this list growing I hope it grows a little bit more whatever one dollar a month on patreon will give you a special shout out just like this at the End of every video five dollars and more on patreon will give you early access everything that are released on youtube If you did like this video, please do a like comment and subscribe it check us out on discord Come hang out link in the description, and I hope to maybe see you on patreon. That'd be awesome. See you soon