Don’t Overreact Walkthrough | HackTheBox

Challenge name : Don’t Overreact

Category : Mobile/Android

Difficulty : Easy

Let’s Start:

Download the file from HTB and unzip the zip file using default HTB password hackthebox. We will get an apk file.

Android challenge?? Static analysis is very important. Use Jadx or do it by yourself. Take a look code, search for juicy information, etc.

Let’s play with terminal:

In this case I’m going to use Apktool. Let’s de-compile.

apktool d app-release.apk

Unpack using apktool

We get a new file called app-release. All the files and folders inside apk is saved to this file.

Note: grep -nr “keyword” // you can use this cmd to search globally inside a folder. This helped me a lot in different points.

By using Jadx/grepping I have found an interesting hash from assets/index.android.bundle.

Interesting hash

Let’s decrypt and check what’s inside the base64 hash.

echo “<base64_hash_here>” | base64 -d

Got the Flag

Yess!! We got the flag. Simple as that!!