SeeTheSharpFlag — Hack The Box Mobile Challenge Write-up

#android #cybersecurity #mobile #security

🧭 Overview

The goal of this challenge was to analyze an Android application and retrieve the secret flag by reversing its internal logic.

🔎 Static Analysis

After downloading the APK, I installed and launched the application.
The UI was very simple and contained:

An input field prompting: “Enter the secret”
A button to validate the input
Testing with random values resulted in the message:

Sorry, not correct password

📦 Decompilation & Framework Identification

I loaded the APK into JADX for static analysis.
However, there was no meaningful validation logic in the source code.

While inspecting the structure, I noticed that the app was built using the Xamarin framework.
In Xamarin apps, most of the business logic resides inside managed .dll assemblies rather than the Java layer.

🗂 Extracting Assemblies

To access the assemblies:

1-Renamed the .apk file to .zip
mv com.companyname.seethesharpflag-x86.apk com.companyname.seethesharpflag-x86.zip

2- Extracted its contents
3- Located multiple DLL files inside the packag

Two interesting assemblies were identified:

- SeeTheSharpFlag.dll- SeeTheSharpFlag.Android.dll
Based on naming conventions, SeeTheSharpFlag.dll was the most likely candidate to contain the core application logic, while SeeTheSharpFlag.Android.dll seemed to represent the Android-specific implementation layer.

(The remaining DLL files appeared to be framework libraries with no application-specific logic.)

🧩 Handling Xamarin Compression

Xamarin often compresses assemblies using algorithms such as XALZ.

Because of that, the DLL could not be analyzed directly.