Rating:

I decompiled the given apk file using jadx. looking at java code, we can see classes each use one native library to get string.

we can find libraries at `resourse/lib/*/` (I prefer x86_64 ones). there are 3 elf shared libraries which those java codes only use 2 of them.

for both of them, java codes only call `stringFromJNI` function of them. looking at these functions, each return a base64 encoded string which if we decode, one is `http://37.152.186.157/imgs/` and another is `http://37.152.186.157/api/data`.

from this point on, we even don't need to look at codes anymore.

a POST request to the data api endpoint with no parameters returns a json of list of some users as follow:
```
$ curl -X POST http://37.152.186.157/api/data
[{"id":1,"name":"Bugs Bunny","avatar":"bugs_bunny.jpg","email":"[email protected]","address":"4617 Goodwin Avenue","gender":"male","age":"22","phone":"36213893021"},{"id":2,"name":"Mickey Mouse","avatar":"mickey_mouse.jpg","email":"[email protected]","address":"3844 Stiles Street","gender":"male","age":"28","phone":"12369532255"},{"id":4,"name":"Bart Simpson","avatar":"bart_simpson.jpg","email":"[email protected]","address":"2418 Loving Acres Road","gender":"male","age":"35","phone":"55634559910"},{"id":3,"name":"Popeye","avatar":"popeye.jpg","email":"[email protected]","address":"New Jersey popeye Street","gender":"male","age":"43","phone":"22361255893"},{"id":5,"name":"Patrick Star","avatar":"patrick_star.jpg","email":"[email protected]","address":"Richmond 2136 Queens Lane","gender":"male","age":"18","phone":"41223365236"},{"id":6,"name":"Homer Simpson","avatar":"homer_simpson.jpg","email":"[email protected]","address":"Timber Oak Drive","gender":"male","age":"47","phone":"99632531930"},{"id":7,"name":"Olive Oyl","avatar":"olive_oyl.jpg","email":"[email protected]","address":"Ocala Rhapsody Street","gender":"female","age":"52","phone":"89633366552"},{"id":8,"name":"Sylvester","avatar":"sylvester.jpg","email":"[email protected]","address":"Tigard 2285 Kincheloe Road","gender":"male","age":"31","phone":"77632351752"}]
```

I thought there might something within avatar pictures, so I checked them each by adding the filename to imgs endpoint directory, but there wasn't anything within them...

and remembered the challenge description said we must put the flag together, so... after a lot of looking at different place to find meaningful things, I couldn't find anything...

so I came to only remaining thing I could think of: putting numbers together, since there is no space within them... so I did, ordering by id, and wrapped it around RaziCTF{}.

the flag: `RaziCTF{3621389302112369532255556345599102236125589341223365236996325319308963336655277632351752}`