Skip to content

Level 1

Jump to bottom
Abhishek J M edited this page Dec 19, 2018 · 1 revision

Now that we have the application installed, we are ready! Launch the application and enter your name when prompted. After this, you'll be taken to the Challenges activity with a list of challenges. There are multiple ways to solve any given level, depending on the expertise and experience of the user. So, feel free to experiment. Here, I will be writing my intended solution.

Level 1:

Challenge: Debug Me

Points : 10

As the name has already suggested, this is something to do with debugging. SYS_CTRL greets us with a message and it has a button to log some secret key.

** Debugging ** as the name suggests is the process of identifying bugs and eliminating them (de-eliminate, bug-errors). This is an important aspect of any kind of software development irrespective of the platform, operating system or the programming language. Most of the modern day IDEs and software development platforms provide tools for debugging. Android SDK has one too and is called ADB (Android Debug Bridge). Please refer to the previous section to know the installation/initialization process of ADB, if you haven't installed yet.

Now, back to the challenge,

On clicking the button, a message is displayed which clearly indicates that the developer has logged some important data. The hint points to finding the log of running apps using ADB.

By simply Googling this line alone, we'll come across something called logcat.

What is 'logcat'?

ADB logcat is a utility that helps us in seeing what happens in the background of an Android device. This is useful when we need to understand what's passively happening in the background, which is otherwise, not visible in the application. Consider a situation wherein you need to see the response code from the server, but it can't be shown on the application. This is where logging the data becomes helpful. In an Android activity, data can be logged using Log.d("this is the debug tag", "this is the message") If this is not removed, sensitive information could be logged from an application. Many a time, developers leave debug information in the application even after the debugging has been completed and the application is going into release.

Work Around:

Always check for debug tags in the source code. If the codebase is large, run the application and use adb logcat to check if the application is leaking any sensitive data.

So, now let us try ADB logcat:

adb logcat

This shows us all the background processes within the device and is continuous. Since it is difficult to identify a single line from here, let's call grep to help us.

adb logcat | grep EVABS

Now if we click on the log the key button, we see:

Here, we have our first flag! Level 1 complete.

FLAG: EVABS{logging_info_never_safel}

Clone this wiki locally