M 414: Chirp Hardcoded Password (10 pts)

What You Need for This Project


To practice finding a hardcoded password in an app.

This is a real security issue, reported on April 15, 2024, here.

Installing jadx-gui

If you don't already have it, install jadx-gui on your host system as explained below.

You can use Windows or MacOS to run Jadx. Choose one of them and follow the instructions below.

Using 64-Bit Windows

Copy the in.gov.uidai.mAadhaarPlus_2018-09-26.apk file into your Windows machine.

Installing Java

First open Control Panal and uninstall all old Java versions.

Then open a Web browser and go here:


Download "Windows Offline (64-bit)" version and install it. as shown below.

Installing Jadx on Windows

Go here:


Download jadx-gui, as shown below.

Launch Jadx.

Using a Mac

In a Terminal, execute these commands:
brew install jadx

Analyze Chirp Access

Download this APK:


Open the APK in jadx-gui.

Search for "password"

Flag M 414.1: Chirp Password (10 pts)

The flag is the hardcoded password, covered by a green rectangle in the image below.

Posted 4-15-24