Tags: android 

Rating: 5.0

# Secrets

We're given an apk file, and asked to find its secrets.

Something to know about apk files are that they're basically just zip files. Thus, we can unzip them to view their contents.

```
$ unzip howdyapp.apk
```

![](https://raw.githubusercontent.com/shawnduong/ctf-writeups/master/2019-TAMU/images/Secrets-1.png)

Now let's have a look at the extracted contents.

```
$ ls
```

![](https://raw.githubusercontent.com/shawnduong/ctf-writeups/master/2019-TAMU/images/Secrets-2.png)

After running strings on every file, we run into an interesting string in `resources.arsc`.

```
$ strings resources.arsc | less
```

![](https://raw.githubusercontent.com/shawnduong/ctf-writeups/master/2019-TAMU/images/Secrets-3.png)

Looks like Base 64. Let's decode it.

```
$ echo "Z2lnZW17aW5maW5pdGVfZ2lnZW1zfQ==" | base64 -d
```

![](https://raw.githubusercontent.com/shawnduong/ctf-writeups/master/2019-TAMU/images/Secrets-4.png)

Original writeup (https://github.com/shawnduong/ctf-writeups/blob/master/2019-TAMU/Android/Secrets.md).