Description

Can you handle APKs? Download the android apk here.

Solution

wget  https://artifacts.picoctf.net/c_titan/142/mobpsycho.apk
unzip mobpsycho.apk
grep -iR picoCTF *
strings mobpsycho.apk | grep flag

output

res/color/flag.txtUT

πŸ” Breakdown: grep -iR picoCTF *

grep β€” Command-line tool to search for text patterns in files.

-i β€” Makes the search case-insensitive (picoctf, PicoCTF, PICOCTF, etc.).

-R β€” Recursively searches all directories and subdirectories starting from the current one.

picoCTF β€” The string you’re searching for (often the format of a flag in Capture The Flag (CTF) challenges).

  • β€” Wildcard meaning “all files and directories” in the current directory.

πŸ” Breakdown: strings mobpsycho.apk | grep flag

strings β€” Extracts printable ASCII strings from a binary file.

mobpsycho.apk β€” The APK file you’re analyzing (likely from a CTF or reverse engineering task).

| β€” Pipes the output of strings into…

grep flag β€” Searches for any line containing the word “flag” (case-sensitive).

cat res/color/flag.txt

7069636f4354467b6178386d433052553676655f4e5838356c346178386d436c5f37343664666133397d

cat res/color/flag.txt | xxd -r -p

picoCTF{ax8mC0RU6ve_NX85l4ax8mCl_746dfa39}

🧠 What You Learned From This CTF:

πŸ”§ 1. APKs are just zip archives.

πŸ” 2. Pattern Searching Techniques:

Using grep -iR to search recursively through all extracted files for common flag patterns (picoCTF, flag, etc.).

3. Hex Decoding Skills:

You encountered a hex-encoded flag and used: xxd -r -p