Tags: memory_dump android
Rating:
This is an android challenge and I used my own device to run the provided APK (probably not a good idea). However, it should be doable with an emulator as well.
Decompiling the apk online and searching through it, com.application.ezpz.MainActivity contains the lines
final String[] YEET = new whyAmIHere().isThisWhatUWant();
...
...
} else if (YEET[0].equals(MainActivity.this.button.getText().toString())) {
Toast.makeText(MainActivity.this.getApplicationContext(), "Well thats the Correct Flag", 0).show();
The source for com.application.ezpz.whyAmIHere.java shows how YEET is created and populated:
public class whyAmIHere {
public String[] isThisWhatUWant() {
final String[] justAWaytoMakeAsynctoSync = {""};
FirebaseFirestore.getInstance().collection("A_Collection_Is_A_Set_Of_Data").get().addOnSuccessListener(new OnSuccessListener<QuerySnapshot>() {
public void onSuccess(QuerySnapshot queryDocumentSnapshots) {
Iterator<QueryDocumentSnapshot> it = queryDocumentSnapshots.iterator();
while (it.hasNext()) {
justAWaytoMakeAsynctoSync[0] = it.next().getString("Points");
Log.d("TypicalLogcat", justAWaytoMakeAsynctoSync[0]);
}
}
}).addOnFailureListener(new OnFailureListener() {
public void onFailure(Exception e) {
justAWaytoMakeAsynctoSync[0] = "Something Failed,Maybe Contact Author?";
}
});
return justAWaytoMakeAsynctoSync;
}
}
As YEET is loaded immediately after the first time editText is clicked, it should be in memory shortly after clicking editText. Debugging the apk in android studio, a heap dump can be generated and exported after the box has been clicked. Then, strings from the heap dump can be searched for the wrapper darkCON, which gives darkCON{d3bug_m5g_1n_pr0duct10n_1s_b4d}.
