BREAKIN-Suspicious Memory

Challange name : Suspicious Memory

challange link : link1,link2

points : 250

level : a bit hard

author : b1nslashsh

Solution

so first we can just look at the file

we have chrome and adb as suspicious there

also checking on clipboard useing clipboard plugin

we have the “first part of flag”

now just look at chromehistory one more

we got some paste link and it contain’s some binarys

so trying to reverse the binary gave me a zip file

and it contains two files , one txt file and a ab file

so to decrypt the file i used the following tool from github here is the link :- https://github.com/nelenkov/android-backup-extractor

but trying to extract the file it says it need some password so lets find it!

checking the text file in zip, it also have some binary texts

so its clear that , its not a file that we did before

then try some other ways with binarys : )

we can use :- https://www.dcode.fr/binary-image

and we get a qr code : P

and result of qrcode is :

ok now we have a part of pass , as challange description says this challange also includes some osint parts,

and after trying some search with username on memory dump : “b1nslahsh”

there is a base64 on his bio , and we hope its the last part of pass

and after decoding the b64 we got a “W06d”

now trying to decryt once more with password as p45sW06d

we got 2nd part too

final FLAG : FL4G{4Nd_1_7hinK_!_7h1s_15_yOuR_f14g}