13.10.2018


GVTs - wearegvts.com
HumanCTF 2018 - Reverse - Credit in 2 clicks

HumanCTF was the 3rd CTF that we’ve joined and this is the 2nd write-up for us all.
Nearly all web challenges were simple as viewing sources, visiting robots.txt files and etc.
But we are new to reverse challenges and our solutions of gettings flags may be weird as hell.

For “Credit in 2 clicks” challenge, you need to install “Credit in 2 clicks” app from Google Play.



When we opened the installed app, no matter what we type to “Enter loan amount” and “Enter a term” that did not lead us anywhere.




So we extracted the apk file of the app. We used “APK Extractor” app to do that.




We used
decompileandroid.com to decompile that apk file.
You can also use Apktool or any other apk decompiler.

After extracting source.zip of the apk file we had the decompiled project and we runned a find command because we knew that flag format and voila:




It was HumanCTF{lif3_0n_cr3dit}