NahamCon CTF 2022 (Writeup) — Android Reverse Engineering (OTP Vault)
import APK to JADX then open MainActivity
since the app uses React Native (by checking the comment and import) we need to reverse the app differently.
because react-native is a JavaScript framework I tried to unzip the OTPVault.apk
Go to assets then open index.android.bundle using notepad / VS Code
copy all the code then beautify it at Online JavaScript beautifier or using built-in VS Code to make it more readable
while searching “OTP” I found juicy code on line 31982 and line 31989
since I got the endpoint to get OTP and the token, I use postman to call it with this configuration
Method: GET
URL: http://congon4tor.com:7777/flag
Auth: Bearer Token KMGQ0YTYgIMTk5Mjc2NzZY4OMjJlNzAC0WU2DgiYzE41ZDwN
then….. the result status is 200 and the flag shown
flag{5450384e093a0444e6d3d39795dd7ddd}