⏪
CTFs
TwitterGithub
  • 👋Introduction
  • 📚Write Up
    • 2024
      • 📖1337UP LIVE CTF
        • Reverse Engineering
        • Mobile
        • Forensic
        • Misc
      • 📖HKCERT CTF Quals
        • Reverse Engineering
        • Binary Exploitation
      • 📖Flare-On 11
        • Challenge #1 - frog
      • 📖Intechfest
        • Reverse Engineering
        • Forensic
        • Cryptography
        • Mobile
      • 📖Cyber Breaker Competition (1v1)
        • Reverse Engineering
        • Web Exploitation
        • Cryptography
        • Binary Exploitation
      • 📖Cyber Breaker Competition Quals
        • Reverse Engineering
        • Web Exploitation
        • Cryptography
      • 📖BlackHat MEA Quals
        • Reverse Engineering
        • Forensic
      • 📖TFC CTF
        • Reverse Engineering
        • Forensic
        • Misc
      • 📖DeadSec CTF
        • Reverse Engineering
        • Web Exploitation
      • 📖Aptos - Code Collision CTF
        • Reverse Engineering
        • Misc
      • 📖DownUnder CTF
        • Reverse Engineering
      • 📖JustCTF
        • Reverse Engineering
        • Forensic
        • Misc
      • 📖Akasec CTF
        • Reverse Engineering
        • Forensic
      • 📖Codegate CTF Preliminary
        • Reverse Engineering
      • 📖NahamCon CTF
        • Cryptography
        • Reverse Engineering
        • Malware
        • Misc
        • Mobile
        • Scripting
        • Web Exploitation
        • Forensic
      • 📖SAS CTF Quals
        • Reverse Engineering
      • 📖SwampCTF
        • Reverse Engineering
        • Misc
        • Cryptography
      • 📖UNbreakable International
        • Reverse Engineering
        • Network
        • Cryptography
      • 📖ACSC
        • Reverse Engineering
        • Hardware
        • Web Exploitation
      • 📖0xL4ugh
        • Mobile
    • 2023
      • 📖BlackHat MEA Final
        • Reverse Engineering
        • Web Exploitation
      • 📖Flare-On 10
        • Challenge #1 - X
        • Challenge #2 - ItsOnFire
        • Challenge #3 - mypassion
        • Challenge #4 - aimbot
        • Challenge #5 - where_am_i
        • Challenge #6 - FlareSay
        • Challenge #7 - flake
        • Challenge #8 - AmongRust
        • Challenge #9 - mbransom
        • Challenge #10 - kupo
        • Challenge #11 - over_the_rainbow
        • Challenge #12 - HVM
        • Challenge #13 - y0da
      • 📖LakeCTF Quals
        • Reverse Engineering
        • Cryptography
      • 📖TSG CTF
        • Reverse Engineering
        • Cryptography
      • 📖ISITDTU Quals
        • Web Exploitation
        • Misc
        • Reverse Engineering
      • 📖BlackHat MEA Quals
        • Reverse Engineering
      • 📖ASCIS Final
        • Reverse Engineering
        • Web Exploitation
        • Cryptography
      • 📖ASCIS Quals
        • Reverse Engineering
        • Forensic
        • Cryptography
      • 📖IFest
        • Reverse Engineering
        • Cryptography
        • Misc
      • 📖Cyber Jawara International
        • Reverse Engineering
        • Forensic
        • Cryptography
        • Web Exploitation
      • 📖Intechfest
        • Reverse Engineering
        • Forensic
        • Cryptography
        • Mobile
      • 📖CSAW Quals
        • Reverse Engineering
      • 📖SECCON Quals
        • Reverse Engineering
      • 📖CTFZone Quals
        • Reverse Engineering
      • 📖Securinets Quals
        • Reverse Engineering
      • 📖Compfest Final (Attack Defense)
        • Web Exploitation
        • Cryptography
      • 📖Compfest Quals
        • Reverse Engineering
        • Cryptography
        • Forensic
        • Misc
      • 📖Tenable
        • Reverse Engineering
        • Cryptography
        • Steganography
      • 📖ASCWG Quals
        • Reverse Engineering
        • Cryptography
      • 📖Gemastik Quals
        • Reverse Engineering
      • 📖BSides Indore
        • Reverse Engineering
        • Cryptography
      • 📖NahamCon CTF
        • Cryptography
      • 📖HSCTF
        • Reverse Engineering
        • Cryptography
        • Web Exploitation
        • Misc
      • 📖ACSC
        • Reverse Engineering
      • 📖HackTM Quals
        • Reverse Engineering
    • 2022
      • 📖Intechfest
        • Reverse Engineering
        • Mobile
        • Cryptography
      • 📖NCW Final
        • Reverse Engineering
      • 📖NCW Quals
        • Reverse Engineering
        • Misc
        • Cryptography
      • 📖Compfest Final
        • Reverse Engineering
        • Forensic
      • 📖Compfest Quals
        • Reverse Engineering
        • Cryptography
      • 📖IFest
        • Reverse Engineering
        • Cryptography
        • Forensic
    • 2021
      • 📖Cyber Jawara Final
        • Reverse Engineering
      • 📖Cyber Jawara Quals
        • Reverse Engineering
        • Cryptography
      • 📖DarkCon CTF
        • Reverse Engineering
      • 📖Wreck IT Quals
        • Mobile
      • 📖MDT4.0 Final
        • Reverse Engineering
        • Cryptography
        • Forensic
      • 📖MDT4.0 Quals
        • Reverse Engineering
        • Cryptography
      • 📖IFest
        • Reverse Engineering
        • Cryptography
      • 📖Compfest Final
        • Reverse Engineering
      • 📖Compfest Quals
        • Reverse Engineering
        • Cryptography
    • 2020
      • 📖Deep CTF
        • Reverse Engineering
  • 🚩Lifetime CTF
    • 📖Hack The Box
      • Reverse Engineering
        • TBU
Powered by GitBook
On this page
  • wicked-game (457 pts)
  • Description
  • Solution
  1. Write Up
  2. 2024
  3. UNbreakable International

Reverse Engineering

PreviousUNbreakable InternationalNextNetwork

Last updated 1 year ago

Challenge
Link

wicked-game (457 pts)

wicked-game (457 pts)

Description

This game drives me crazy. It asks for an impossible score. Can you help me out? You need to catch the Android inside.

Solution

Given APK file, open it using jadx-gui and save the decompiled code.

MainActivity create new GameView object. So take a look on GameView.

GameView.java
...

public GameView(Context context) {
        super(context);
        this.handler = new Handler();
        this.paint = new Paint(1);
        this.FRAME_RATE = 30;
        this.MAX_SCORE = 10;
        this.DESIRED_SCORE = 1400;
        this.ballRadius = 50.0f;
        this.ballX = 50.0f + 100.0f;
        this.ballY = 50.0f + 100.0f;
        this.ballVelocityX = 20.0f;
        this.ballVelocityY = 15.0f;
        this.score = 0;
        this.barWidth = 300.0f;
        this.barHeight = 40.0f;
        this.barMoveSpeed = 40.0f;
        this.isBallFalling = true;
        this.runnable = new Runnable() { // from class: com.catchthefallingobjects.GameView.1
            @Override // java.lang.Runnable
            public void run() {
                GameView.this.invalidate();
            }
        };
        this.graphicsBitmap = BitmapFactory.decodeResource(getResources(), R.drawable.graphics);
        setFocusable(true);
        setFocusableInTouchMode(true);
    }


protected void onDraw(Canvas canvas) {
        super.onDraw(canvas);
        canvas.drawColor(ViewCompat.MEASURED_STATE_MASK);
        if (this.score >= 1400) {
            canvas.drawBitmap(this.graphicsBitmap, (getWidth() - this.graphicsBitmap.getWidth()) / 2.0f, (getHeight() - this.graphicsBitmap.getHeight()) / 2.0f, (Paint) null);
            return;
        }
        this.barX = Math.max(0.0f, Math.min(this.barX, getWidth() - this.barWidth));
        this.barY = (getHeight() - this.barHeight) - 50.0f;
        this.paint.setColor(-65281);
        canvas.drawCircle(this.ballX, this.ballY, this.ballRadius, this.paint);
        this.paint.setColor(SupportMenu.CATEGORY_MASK);
        float f = this.barX;
        float f2 = this.barY;
        canvas.drawRect(f, f2, f + this.barWidth, f2 + this.barHeight, this.paint);
        updateBallPosition();
        this.paint.setColor(-1);
        this.paint.setTextSize(40.0f);
        canvas.drawText("Score: " + this.score, 50.0f, 150.0f, this.paint);
        canvas.drawText("Max score is 10, but the desired score is 1400", 50.0f, 200.0f, this.paint);
        if (this.score < 10) {
            this.handler.postDelayed(this.runnable, 33L);
            return;
        }
        this.paint.setTextSize(100.0f);
        canvas.drawText("Game Over", 100.0f, 500.0f, this.paint);
    }
...

From code above we can summarize:

  • Desired score is 1400

    • if score >= 1400 there will a drawbitmap process

  • If current score < 10 it will continue

    • if current score >= 10 it will game over

  • Value added to current score is one (this.score++)

By playing the game we cannot win (trigger drawbitmap process), so my approach is patching the game by modifying the smali code. The idea is changing constant on score validation to lower value such as from 1400 to 1.

GameView.smali
...
.method protected onDraw(Landroid/graphics/Canvas;)V
    .locals 9

    .line 49
    invoke-super {p0, p1}, Landroid/view/View;->onDraw(Landroid/graphics/Canvas;)V

    const/high16 v0, -0x1000000

    .line 50
    invoke-virtual {p1, v0}, Landroid/graphics/Canvas;->drawColor(I)V

    iget v0, p0, Lcom/catchthefallingobjects/GameView;->score:I

    const/16 v1, 0x1

    if-lt v0, v1, :cond_0

    .line 53
    invoke-virtual {p0}, Lcom/catchthefallingobjects/GameView;->getWidth()I

    move-result v0

    iget-object v1, p0, Lcom/catchthefallingobjects/GameView;->graphicsBitmap:Landroid/graphics/Bitmap;

    invoke-virtual {v1}, Landroid/graphics/Bitmap;->getWidth()I

    move-result v1

    sub-int/2addr v0, v1

    int-to-float v0, v0

    const/high16 v1, 0x40000000    # 2.0f
...
  • Line 15: change from 0x578 to 0x1

Compile the APK again and sign the new APK.

apktool b wicked-game
uber-apk-signer --allowResig -a wicked-game/dist/wicked-game.apk

Run the APK and it will show android image after the score changed to 1.

Flag: wehnd-wdwdaxae-cfewfwg

Basically the program only run the game and check the score. Win condition is showing image above, based on the description there is something with the image (catch android inside). So lets try to do some guess on the image. Image loaded through getResources function and R.drawable.graphics constant, so the location is in wicked-game/res/drawable/graphics.jpg. Upload graphics.jpg to well known and there will be a flag.

📚
📖
online steganography solver
Here