Setup for a physical device
1. Download the latest release from Google Play.
Setup for an Android Emulator using Android Studio
1. Pull the apk from a physical device after installing from Google Play with adb pull.
2. Start the emulator from Android Studio (I recommend downloading an emulator with Google APIs so root adb can be enabled).
3. Drag and drop the .apk file to the emulator and the latest release of InjuredAndroid will install on the emulator.
Build from source - Check Github for more info https://github.com/B3nac/InjuredAndroid
Build steps in progress. The flutter module makes this slightly more complicated.
Tips and CTF Overview
Decompiling the Android app is highly recommended.
- XSSTEST is just for fun and to raise awareness on how WebViews can be made vulnerable to XSS.
- The login flags just need the flag submitted.
- The flags without a submit that demonstrate concepts will automatically register in the "Flags Overview" Activity.
- The exclamatory buttons on the bottom right will give users up to three tips for each flag.
Good luck and have fun! :D
Looking at the source code of the applications in the InjuredAndroid directory, InjuredAndroid-FlagWalkthroughs.md file, or binary source code in the Binaries directory will spoil some if not all of the ctf challenges.
The application is also located here https://github.com/B3nac/InjuredAndroid. Please submit any bugs to the Github link.