Don't Overreact

Don't Overreact writeup by Thamizhiniyan C S

Overview

Hey everyone, in this write-up we will be solving an HTB challenge Don’t Overreact.

Link to the challenge: https://app.hackthebox.com/challenges/255

Let’s Start!!!!!!

---

Initial Setup

First download and extract the given file.

Next I opened the apk with jadx-gui.

GitHub - skylot/jadx: Dex to Java decompilerGitHub

I checked the AndroidManifest.xml file and found that we need at least API version 21 to run this app and the target API version is 29 i.e., Android 10. So, I installed the app on Android 10 emulator.

---

Application Interaction

Now let’s open the app and have look at it.

It’s just a simple page with HackTheBox Logo.

---

Code Analysis

Let’s take a look at the source code.

On taking a look at the MainApplication class file, we can see that its a React Native application.

React Native application usually stores all the javascript as a single bundle file under the assets directory. So let’s take a look at it.

In the index.android.bundle, file if you scroll down to the end, you can find a base64 encoded version of the flag. Copy that and decode it using CyberChef.

We have successfully obtained the flag……..

Thank You………