:books Added a shortcut to locate apk

pcdib · pcdib · commit 2b069f2e78da · 2015-03-20T21:37:20.000-04:00
diff --git a/opentoall-ctf-2015/misc/android-oh-no/README.md b/opentoall-ctf-2015/misc/android-oh-no/README.md
@@ -4,10 +4,10 @@
 **Points:** 150
 **Solves:** 14
 **Author:** Eriner
-**Description:** 
+**Description:**
 
 > It seems someone got a hold of my phone and deleted some important files, and now my phone won't boot! I had an important app on there, maybe you can get it working! Here is an image of my phone...
-> 
+>
 > [http://public.givemesecurity.info/16b11191c1410cb0184a6edd08e9105a.tar.gz](http://public.givemesecurity.info/OTACTF-2015/16b11191c1410cb0184a6edd08e9105a.tar.gz)
 >
 > Hint: I've encrypted my custom app so no one can find the secretz! Thankfully, I uninstalled it before someone hacked my phone! Trouble is, I can't install it on my new phone! Can you help?
@@ -18,11 +18,21 @@ This challenge revolves around finding an encrypted apk, and then decrypting it
 The app found here is titled: `net.opentoall.flag.flag-1.apk`. This app is a red herring, and upon opening the app, it shows a picture of a red fish and says "I'm here to distract you".
 This app was to be ignored, and had no useful information. It wasn't the encrypted app the challenge described.
 <br>
-<br>
 In the user storage directory, `mnt/android-4.4-r2/data/media/0` the file
  `encrypted.nothingtoseehere.apk` can be found.
- 
 <br>
+
+A shortcut, in this case, would be to use `find` to remove the burden of manual search:
+> ```
+> shell@android ~/ # find mnt/ -type f -iname "*.apk"
+> mnt/android-4.4-r2/data/data/com.google.android.gms/app_dg_cache/1B1C47D6957F9C3F15E0130296C46C62216574DA/the.apk
+> mnt/android-4.4-r2/data/app/net.opentoall.flag.flag-1.apk
+> mnt/android-4.4-r2/data/media/0/encrypted.nothingtoseehere.apk
+> mnt/android-4.4-r2/data/media/0/Download/flag.apk
+> ```
+
+Or,
+
 ```
 shell@android ~/mnt/android-4.4-r2/data/media/0 # file encrypted.nothingtoseehere.apk
 encrypted.nothingtoseehere.apk: data
@@ -39,7 +49,7 @@ The most important piece of information to glean from this page is:
 > The --algo, --key and --iv parameters obviously have to do with encrypted apps, so before going into details lets first try to install an encrypted APK. Encrypting a file is quite easy to do using the enc OpenSSL commands, usually already installed on most Linux systems. We'll use AES in CBC mode with a 128 bit key (a not very secure one, as you can see below), and specify an initialization vector (IV) which is the same as the key to make things simpler:
 
 > ` $ openssl enc -aes-128-cbc -K 000102030405060708090A0B0C0D0E0F -iv 000102030405060708090A0B0C0D0E0F -in my-app.apk -out my-app-enc.apk `
-> 
+>
 
 Basically, this particular APK has been encrypted _manually_ and doesn't follow the twofish encryption Google Play uses when it encrypts the dmcrypt app-asec files. But you need a key! In the same blog post,
 
