Good old friend The challenge provides an Android APK. Reversing the APK The main activity of this APK is party.thcon.y2021.level1.MainActivity. Its onCreate() method does the following: Anti-debug. If the app is being debugged, display an alert dialog saying “Find another way” and quit. 1 2 3 if((this.getApplicationInfo().flags & 2) != 0) { this.findanotherway("App is debuggable"); } Anti-root. Search for su in the PATH of the system. If it is not found, search for rooting apps or binaries such as Superuser.

The overall intent for Shakti CTF is for beginners, learn what is a CTF and get women interested in the topic. Therefore, the “easy” 50 points challenges are really very very easy, and 100-point challenges are still *really easy (far easier than baby challenges at Hack.Lu CTF ;-). Everybody has to start one day ;P so I’m okay with this rating as long as it remains consistent. Globally, this was the case, with the exception of a few challenges under/over rated.

Wheels n Whales Category: Web “I’ve heard that Whales and Wheels are the new hot thing. So a buddy of mine build a website where you can get your own. I think he hid an easter egg somewhere, but I can’t get to it, can you help me?” There is a website that goes to http://chal.cybersecurityrumble.de:7780/ A file is provided: web.py 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 import yaml from flask import redirect, Flask, render_template, request, abort from flask import url_for, send_from_directory, make_response, Response import flag app = Flask(__name__) EASTER_WHALE = {"name": "TheBestWhaleIsAWhaleEveryOneLikes", "image_num": 2, "weight": 34} @app.