Rating:
- Use jadx to decompile the app and extract assets
-> It's a React Native app using Hermes - the actual challenge code is in Hermes Bytecode
- Use hbctool to disassemble the index.android.bundle
- Username "admin" is hardcoded, password and flag are decoded from static buffers
- Extract buffers from the metadata.json generated by hbctool
-> password and flag
can i include buffers from the metadata.json or only extracting by hbctool is allowed?
:)
