A prestigious company released a medical mobile application to the public, which aims to help patients and doctors to better communicate between them in case of heart-related emergencies. Unfortunately, their application was hacked right after release.
Now the CEO of the company is desperate, the attackers are threatening with disclosing these issues to the public if a secret code inside the application is not identified.
Please consider that the targeted company has mentioned in their message that when launching the application, an account can be created with anything you want, even though everything is messed up.
Flag format: {SHA256}
3deb99acb61eba5ee298023afc1551402d86770730584a79d6e5adaa98c1eb75
Extract the .apk, and look through it until we find an interesting image in /res. Then use stegseek to get the flag.
Tried find . -type f -exec cat {} \\; | grep -a -E "[A-Fa-f0-9]{64}" | grep for all sha256 strings in the folder. -> no success
We then try to see the contents of the .apk. To do that, rename the file to name.zip, and extract the contents.
We get this image after searching in the unzipped .apk, in the res folder:
We then try to use steganography. A tool we tried is stegseek:
https://github.com/RickdeJager/stegseek
We then try to “decrypt” it using stegseek with rockyou.txt, and we get this file inside: