/kgb_messenger

An Android CTF practice challenge

Primary LanguageJava

KGB Messenger

APK Download | Video Lecture | Video Walkthrough | MasonCC

Introduction

KGB Messenger is a open source CTF practice challenge that aims to help people learn how to reverse engineer Android applications. If you're completely new to Android application reverse engineering, I'd suggest you start by watching the video lecture from George Mason University's MasonCC club. If you're stuck on any of the challenges, feel free to peek at the video walkthrough for some help. Timestamps have been provided in the walkthrough video's description to prevent unwanted spoilers. To get started, download the APK and read the challenge descriptions below.

Challenges

You are working for the International Secret Intelligence Service as a reverse engineer. This morning your team lead assigned you to inspect an Android application found on the phone of a misbehaving agent. It’s rumored that the misbehaving agent, Sterling Archer, has been in contact with some KGB spies. Your job is to reverse engineer the application to verify the rumor.

The challenges should be solved sequentially. The flag format is FLAG{insert_flag_here}. Good luck!

Alerts (Medium)

The app keeps giving us these pesky alerts when we start the app. We should investigate.

Login (Easy)

This is a recon challenge. All characters in the password are lowercase.

Social Engineering (Hard)

It looks like someone is bad at keeping secrets. They're probably susceptible to social engineering... what should I say?