EVABS Writeups: Debug Me
Level 1: Debug Me
Like the challenge name “Debug Me” suggest , we get a vague idea that this challenge has something to do with debugging.
Now let’s see what debugging is?
Debugging is basically the process of identifying and removing errors from a computer or a program or a software. When it comes to software, developers often use a functionality called logging to make the process of debugging less painful.
Now when we click “LOG THE KEY” button we get a SYS_CTRL_FAILURE message.
Now let’s try to understand what SYS_CTRL_FAILURE says, The developer has logged a message for his convenience while debugging, but it seems it turned out to a sensitive data.
What is the vulnerability here?
Often developers (even the most experienced ones) forgets to remove the log’s even after the debugging of the application. If it is not removed, sensitive information could be logged out from the application.
Now when we click the hint button we get a message “How do you find the log of running apps in an Android device using ADB?”
ADB stands for Android debugging Bridge, it is a tool in Android SDK that can also be used for debugging Android Apps.
To get the logs, we use a tool called logcat.
adb logcat is the command used to get the logs of an android application. It also displays what’s happening in the background of an Android device.
Now let us try this command in the terminal after connecting the device to your computer.
This shows us all the background process of the devices , It is very difficult to find out the log message of our interest. So we use the help of the command grep.
Since our flag starts with EVABS, we can give it as,
adb logcat | grep "EVABS"
Now when we again press the log button, the log message is printed on to the terminal.
This is our first flag. This level is completed!