BREAKIN-Suspicious Memory
--
Challange name : Suspicious Memory
points : 250
level : a bit hard
author : b1nslashsh
Solution
so first we can just look at the file
we have chrome and adb as suspicious there
also checking on clipboard useing clipboard plugin
we have the “first part of flag”
now just look at chromehistory one more
we got some paste link and it contain’s some binarys
so trying to reverse the binary gave me a zip file
and it contains two files , one txt file and a ab file
so to decrypt the file i used the following tool from github here is the link :- https://github.com/nelenkov/android-backup-extractor
but trying to extract the file it says it need some password so lets find it!
checking the text file in zip, it also have some binary texts
so its clear that , its not a file that we did before
then try some other ways with binarys : )
we can use :- https://www.dcode.fr/binary-image
and we get a qr code : P
and result of qrcode is :
ok now we have a part of pass , as challange description says this challange also includes some osint parts,
and after trying some search with username on memory dump : “b1nslahsh”
there is a base64 on his bio , and we hope its the last part of pass
and after decoding the b64 we got a “W06d”
now trying to decryt once more with password as p45sW06d
we got 2nd part too
final FLAG : FL4G{4Nd_1_7hinK_!_7h1s_15_yOuR_f14g}
