Reverse Engineering Mobile Apps CTF

Sam Bowne

SCOREBOARD

Level 1: Basic Emulator Setup

Mac or Linux

M1: Genymotion15
M2: Ask A Lawyer Plaintext Login   15
M3: Burp15

Windows

M24: BlueStacks15
M25: Plaintext Login   15
M26: Burp and Nox15

Any OS

M4: GenieMD Broken SSL (Harvard & IBM)   15
M5: Kali Virtual Machine

Download Kali VM

15

Level 2: ADB

Mac or Linux

M6: Android Debug Bridge   15
M34: BlueStacks15

Windows

M27: Android Debug Bridge with Nox   15

Any OS

M7: Observing the Delhaize Log   15
M8: Menards Plaintext Password Storage   15
M9: ES Explorer Command Injection   10

Level 3: Vulnerability Scanners

M11: Qark   15
M15: AndroBugs   10

Level 4: Smali

M12: Trojaning the Progressive App   20
M13: Home Depot Android App Broken Encryption   15
M14: mAadhaar Code Modification   20
M35: Bank of America Code Modification   15

Level 5: Drozer

M10: Drozer   20
M16: Protection Level Downgrade   30

Level 6: Real Mobility

M39: Making an SSL Auditing Proxy with a Mac and Burp   20
M36: Rooting BlueStacks on Windows   10
M41: Interplanetary Overlay Network (ION‑DTN)   15

Verbose scoreboard


Posted 3-1-19