HackerOne CTF H1 Thermostat (Spoilers)
H1 Thermostat
This challenge provides nothing more than an android APK for a thermostat app. The first thought I had was to decompile the APK and see what the source code contains. This can be accomplished with apktool:
apktool d thermostat.apk
This unpacks all the assets and source code into a folder called thermostat. Searching the source for the ^FLAG^ yields the two flags for this level:
> grep -r "\^FLAG\^" thermostat
thermostat/smali/com/hacker101/level11/PayloadRequest.smali: const-string v0, "^FLAG^***$FLAG$"
thermostat/smali/com/hacker101/level11/PayloadRequest.smali: const-string v0, "^FLAG^***$FLAG$"
This challenge was marked easy, but I didn't expect to solve it inside five minutes...
Thanks for reading! Read other posts?