Information

Challenge category: forensics

Challenge Description

Backing up everything surely is a good thing. But you still have to be cautious whom you give access to it—

Files

We are given a cautious file

The zip file contains a backup.ab file which is an android backup

Exploitation

The backup file is just a tar archive with a different header. We can convert it to a tar file using the Android Backup Toolkit:

$ wget https://github.com/nelenkov/android-backup-extractor/releases/download/master-20221109063121-8fdfc5e/abe.jar
$ java -jar abe.jar unpack ~/path/to/backup.ab backup.tar

Then we can just extract the backup: tar -xvf backup.tar

Flag

We can just grep for the flag in the extracted backup:

grep -ir "shc2023{" *

We get the flag: shc2023{G3T_TH3_S3CR3T_W1F1_PW}

Conclusion

This was very easy, somehow another method that just overwrites the tar header to extract didn’t work but I got the flag rather quickly.

References

1. https://www.incredigeek.com/home/extract-android-backup/
2. https://stackoverflow.com/questions/18533567/how-to-extract-or-unpack-an-ab-file-android-backup-file