HackTheBox Supermarket Challenge
Explore the basics of cybersecurity in the Supermarket Challenge on Hack The Box. This medium-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
https://app.hackthebox.com/challenges/398
Description
My supermarket list is too big and I only have $50. Can you help me get the Discount code?
Exploitation
Use jadx-gui to decompile and look at the code.
1
2
apktool d <apk>
adb install <apk>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Java.perform(function () {
var myActivity = Java.use("com.example.supermarket.MainActivity");
Java.choose("com.example.supermarket.MainActivity", {
onMatch: function (instance) {
let JNI = instance.stringFromJNI();
let JNI2 = instance.stringFromJNI2();
let JNI3 = instance.stringFromJNI3();
console.log("JNI: " + JNI);
console.log("JNI2: " + JNI2);
console.log("JNI3: " + JNI3);
},
onComplete: function() {
console.log("Misson Completed.");
}
});
});
1
frida -U -f com.example.supermarket -l poc.js
Summary
The Supermarket Challenge on Hack The Box is a medium-level challenge that helps participants explore cybersecurity concepts such as encryption reversal and file handling. In this challenge, users are tasked with obtaining a discount code for a supermarket list that exceeds their $50 budget. The solution involves using Frida, a dynamic instrumentation toolkit, to reverse engineer an Android application. By hooking into the app’s functions (stringFromJNI, stringFromJNI2, and stringFromJNI3), participants can extract valuable information such as the discount code, demonstrating practical reverse engineering skills in a mobile app context.