## Sl4ydroid

We were given an android [app](./rev/sl4ydroid/sl4ydroid.apk) again. This time the app just runs and nothing happens. First I looked at the source code with jadx. The app was loading a custom library.

```java
public native void damn(String str);

public native void k2(String str);

public native void kim(String str);

public native void nim(String str);

static {
System.loadLibrary("sl4ydroid");
}

/* JADX INFO: Access modifiers changed from: protected */
@Override // androidx.fragment.app.FragmentActivity, androidx.activity.ComponentActivity, androidx.core.app.ComponentActivity, android.app.Activity
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
TextView textView = (TextView) findViewById(R.id.displayTextView);
this.displayTextView = textView;
textView.setVisibility(8);
TextView textView2 = (TextView) findViewById(R.id.textView);
this.textView = textView2;
textView2.setText(getResources().getString(R.string.message));
kim(getResources().getString(R.string.k1));
nim(getResources().getString(R.string.n1));
damn(getResources().getString(R.string.d1));
k2(getResources().getString(R.string.k21));
}

```

The app loads the library functions and calls them with the strings defined in the app resource section. The library binary could be found inside `resources/lib` folder. Upon observing the binary for a long time, it happened to me that we should look at the process memory and look for our flag. I used [GameGuardian](https://gameguardian.net/forum/files/) to check the memory of sl4ydroid process in my android phone which by the way has root enabled.

The original writeup link contains screenshots from my phone which shows the exact steps I took to get the flag.

flag: `flag{RizZZ! Rc4_R3v3r51Ngg_RrR!:}`

Original writeup (https://gr007.tech/writeups/2023/backdoor/index.html#sl4ydroid).