Barsk Posted November 12, 2022 Share Posted November 12, 2022 (edited) I enjoy doing Android CTF challenges and I thought I share a list of CTFs that I've found interesting. If anyone else have other fun Android challenges it would be great if you could share them. Personally I'm not that fond of challenges that involves reversing native code, web based challenges disguised as mobile challenges by being a web page in a web view, or vulnerable apps that contains intentional vulnerabilities, but no flags to find. But if you know of any good challenges like this feel free to recommend them as well since there might be others interested in them. Now onto my list of Android CTFs: EVABS (https://github.com/abhi-r3v0/EVABS) - Beginner friendly CTF with several different challenges of different types. Great to get started with. FridaLab (https://rossmarks.uk/blog/fridalab/) - A small beginner friendly app with 8 Frida challenges. Great for those who are just starting out with Frida and need to get some practice. Hacker101 (https://ctf.hacker101.com) - Hacker 101 have several different CTFs of various kinds and a couple of fairly easy Android CTFs. A free HackerOne account is needed to do these. hpAndro Vulnerable Application (https://ctf.hpandro.raviramesh.info) - An Android CTF written in Kotlin which is still under development. It currently has 101 different flags in a wide range of challenges. Some are beginner friendly other are more advanced. The page seems to be down from time to time, but it's worth checking back every now and then if it's not available. OWASP's Android UnCrackable Apps (https://mas.owasp.org/crackmes/Android/) - A couple of different CTF apps, the first uses only Java code and is fairly beginner friendly. The second introduces native code and third and forth increases the difficulty significantly. CyberTruckChallenge19 (https://github.com/nowsecure/cybertruckchallenge19) - A CTF with three different challenges. The two first are pretty easy with Java code only and the third gets more difficult as it introduces native code. The third part is a great complement to the UnCrackable App’s native challenges. DEFCON Quals 2019 VeryAndroidoso (https://archive.ooo/c/VeryAndroidoso/272/) - A CTF that focus more on reversing an algorithm rather than finding a hard coded secret. It has some native code, but can be solved without working with the native code. I found this CTF fairly challenging. h1-702 2018 CTF (https://github.com/aadityapurani/h1-702-ctf-2018-solutions/tree/master/challenges) - A couple of different CTF apps. I really liked the second one where where you have to brute force a 6 digit pin code. NahamCon 2022 (https://github.com/evyatar9/Writeups/tree/master/CTFs/2022-NahamCon_CTF/Mobile) - NahamCon 2022 had a couple of mobile challenges that found it's way onto Github. I particularly liked the Click Me and Secure Notes challenges. Edited November 12, 2022 by Barsk All links where stripped when posting, so added explicit urls instead of inline links 5 Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now