Pycoin - Hack.lu 2021 This is what we know: 1 2 3 4 5 6 7 PYCOIN Sold: 92 times Type: rev Risk: Low Seller: tunn3l A friend gave me this and he says he can not reverse this... but this is just python? and we get a .pyc file and a hint flag[5] == "5" . I unfortunately did not solve this challenge on time for the CTF but found it interesting (I got stuck trying to disassemble with dis and did not know xdis did the work).

Draw APK - THCon 2021 14 solves 249 points First steps As the challenge creator tells me this app is “based on a Trojan Horse” and it is “not recommended to install it on a real smartphone”, even if there is actually “no malicious payload”, I am very reluctant at first to test the app, even in an emulator. So, I start off with my favorite static analysis combination: DroidLysis and JEB.

Good old friend The challenge provides an Android APK. Reversing the APK The main activity of this APK is party.thcon.y2021.level1.MainActivity. Its onCreate() method does the following: Anti-debug. If the app is being debugged, display an alert dialog saying “Find another way” and quit. 1 2 3 if((this.getApplicationInfo().flags & 2) != 0) { this.findanotherway("App is debuggable"); } Anti-root. Search for su in the PATH of the system. If it is not found, search for rooting apps or binaries such as Superuser.