BREAKIN-Suspicious Memory

Challange name : Suspicious Memory
points : 250
level : a bit hard
author : b1nslashsh
Solution
so first we can just look at the file

we have chrome and adb as suspicious there
also checking on clipboard useing clipboard plugin

we have the “first part of flag”
now just look at chromehistory one more

we got some paste link and it contain’s some binarys

so trying to reverse the binary gave me a zip file

and it contains two files , one txt file and a ab file

so to decrypt the file i used the following tool from github here is the link :- https://github.com/nelenkov/android-backup-extractor

but trying to extract the file it says it need some password so lets find it!
checking the text file in zip, it also have some binary texts

so its clear that , its not a file that we did before
then try some other ways with binarys : )
we can use :- https://www.dcode.fr/binary-image
and we get a qr code : P

and result of qrcode is :

ok now we have a part of pass , as challange description says this challange also includes some osint parts,
and after trying some search with username on memory dump : “b1nslahsh”

there is a base64 on his bio , and we hope its the last part of pass
and after decoding the b64 we got a “W06d”
now trying to decryt once more with password as p45sW06d

we got 2nd part too

final FLAG : FL4G{4Nd_1_7hinK_!_7h1s_15_yOuR_f14g}