DEV Community

wireless90
wireless90

Posted on • Edited on

WhatsMyIntent [Android Internals CTF Ex1 ]

Install the given apk.

  • Your task is to send an intent with action "dart_ctf".
  • Pull the flag from the returned intent.
  • Do not reverse the apk.

So what we need to do is to send an intent with action dart_ctf.

First lets create a new android application.

image

Click Create New Project

image

Click Empty Activity

image

Ensure its a Java based project.

image

Lets create a new Intent under the onCreate function. We can see that it accepts a string, action.

Following that, we are going to call startActivityForResult(intent, requestCode:2);

This basically tries to start that activity and expects a result. As multiple activities can be started, we have added a requestCode to uniquely identify the activity result that we want. I just gave an arbitary number, 2.

image

The above is how your code should now look like.

Now let's try running the app. This is what I get in my emulator.

image

The reason is because I have not installed the given apk into the emulator yet. Simply drag and drop it into the emulator to install the vulnerable .apk package. Once installed, run your application again.

image

Great! Our application has successfully started an activity using the intent. But we have not configured the code to process the result.

In order to do this, I override the onActivityResult callback.
image

Basically, we check our request code if equals to the one configured, 2, then extract out the dictionary keys. For each key, we print out to logcat the value. And we have got the flag!

Top comments (0)