Hexordia CTF – Week 4

Uncategorized 2 Minutes

By Dr Tristan Jenkinson

Introduction

Back to some Android analysis, with just two challenges to complete in the final week.

Let’s dive in.

TEaM U prep

The first obvious question on this challenge is… why the odd capital letters? Well, they spell out TEMU, the China based online store which has repeatedly found itself in the headlines for being very cheap, but not necessarily safe.

We can take a quick look in the listed applications and find that the app for Temu was indeed installed:

We can identify from here that the Container for the application is in /data/data/com.einnovation.temu. Jumping into the databases subfolder, we can see that there are some files which start ChatDB. That seems like a good place to start, and we have one that ends msgbox_2.db. I started there.

In this database we can see a series of messages. These look like typical marketing messages, apparently offering discounts, mystery offers etc.

We can see from this image that one of the entries has the summary “Your mason jars is back with stunning additions”. This could indicate that these mason jars are the item that is now back in stock. Looking further into the details for this entry, we see the below:

There is not much more information here, but it does seem that the message suggests that the mason jars are back in stock, and indeed “mason jars” is the flag that we are seeking.

Watch for ADditional straw

While looking at the messages in the ChatDB…msgbox_2.db, I did find the below entry:

This mentioned a “straw” and a “water filter”… so this could well be related to the information that we are looking for.

While OSINT approaches were previously unsuccessful in this CTF (for example in relation to the “Karma’s a relaxing thought” challenge in week 1), I decided to give them another change and used Google to hunt down this item on Temu.

Using a good chunk of the goods_name value as a text search, I set Google hunting:

As you can see, the first result that comes back is the item on Temu.

You can find the page for this item here.

There are a series of images for the product, two of them are of particular interest:

We can see here that we have 4 stages of filtration and mention of a “coconut shell”, could this be the flag that we are looking for? We can also see an image detailing each of the stages:

This confirms that Stage 3 is the coconut shell, and this is indeed the flag that we are looking for.

Complete!

Sadly, this is the final week of the CTF. It’s been another fun experience, and I am disappointed that I was not being able to spend more time on the CTF on week one, the only week where I dropped points on the challenges.

Kudos to the Hexordia team and all those putting in efforts behind the scenes to bring the CTF together. It has been great fun and I am hoping that the team will put together more in the future!

Unknown's avatar

Published by Tristan Jenkinson

Published

One thought on “Hexordia CTF – Week 4

  1. Pingback: Week 19 – 2024 – This Week In 4n6

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.