Tags: mail sqlite forensics android

Rating: 0

Can you find my sensitive infomation?

Dai Lai has acquired a reputation for the land of graceful mountains and debonair water

Extracting the archive we got passcode.apk

Extracting the apk ad looking for some files we found a database inside the assets folder


ls assets
passcode.sqlite


the database contains two tables, user and zadminz:


sqlite> .tables
user zadminz


user contains two users:


SELECT * FROM user;
1|xxx@gmail.com|1234
2|aaa@gmail.com|3333


zadminz contains the administrator email address:


SELECT * FROM zadminz;
1|admin_contest_05@spamdecoy.net|7777


[spamdecoy.net](http://spamdecoy.net) is a service for throw-away mails and allows you to log-in just with the username.

So we logged inside the admin account founding a bunch of mails, but one in particular got out attention:


Your new PASSCODE is: check_your_db_before_building_app


So we tried convering it in SHA1 and we got the flag:

WhiteHat{254eb81a7b439405a5d006eb7cfdf0cd841c6d28}