https://hegzploit.github.io/tags/ctf/Recent content in CTF on HegzploitHugo -- gohugo.ioenme (AT) this domain (Yusuf Hegazy)me (AT) this domain (Yusuf Hegazy)&copy;{year}, All Rights ReservedSun, 05 Nov 2023 00:00:00 +0000weeklyhttps://hegzploit.github.io/posts/reactive-vault-1/Sun, 05 Nov 2023 00:00:00 +0000me (AT) this domain (Yusuf Hegazy)Sun, 05 Nov 2023 00:00:00 +0000https://hegzploit.github.io/posts/reactive-vault-1/<p>I started by installing the APK on an android phone, once opened it will show a text field to enter a key and a login button, the APK will try to navigate to <code>https://you-shall-not-pass</code> when trying to type any key (maybe this was done to prevent bruteforcing the key?), finally, when you try to login with a random key It will show a dialog saying &ldquo;BAAAD Key&rdquo;</p> <center> <video controls loop width="320"> <source src="./demo.mp4" type="video/mp4"> </video> </center> <p>I dropped the APK within jadx and I went to the entry point which is <code>com.expor4bb1t.AwesomeProject.MainActivity</code>, I could see a lot of imports related to facebook and react, which along with the challenge name, started making sense. This application is built with react native.</p>Yusuf Hegazyfeatured imageCTF