Reverse Engineering Mobile Apps CTF
Sam Bowne
SCOREBOARD
Level 1: Basic Emulator Setup
Mac or Linux
M1: Genymotion
15
M2: Ask A Lawyer Plaintext Login
15
M3: Burp
15
Windows
M24: BlueStacks
15
M25: Plaintext Login
15
M26: Burp and Nox
15
Any OS
M4: GenieMD Broken SSL (Harvard & IBM)
15
M5: Kali Virtual Machine
Download Kali VM
15
Level 2: ADB
Mac or Linux
M6: Android Debug Bridge
15
M34: BlueStacks
15
Windows
M27: Android Debug Bridge with Nox
15
Any OS
M7: Observing the Delhaize Log
15
M8: Menards Plaintext Password Storage
15
M9: ES Explorer Command Injection
10
Level 3: Vulnerability Scanners
M11: Qark
15
M15: AndroBugs
10
Level 4: Smali
M12: Trojaning the Progressive App
20
M13: Home Depot Android App Broken Encryption
15
M14: mAadhaar Code Modification
20
M35: Bank of America Code Modification
15
Level 5: Drozer
M10: Drozer
20
M16: Protection Level Downgrade
30
Level 6: Real Mobility
M39: Making an SSL Auditing Proxy with a Mac and Burp
20
M36: Rooting BlueStacks on Windows
10
M41: Interplanetary Overlay Network (ION‑DTN)
15
Verbose scoreboard
Posted 3-1-19