HackTheBox Don’t Overreact Challenge

https://app.hackthebox.com/challenges/255

Description

Some web developers wrote this fancy new app! It’s really cool, isn’t it?

Exploitation

apktool d app-release.apk
rg "$(echo -n "HTB" | base64)"
echo 'SFRCezIzbTQxbl9jNDFtXzRuZF9kMG43XzB2MzIyMzRjN30=' | base64 -d

Summary

Don’t Overreact: inspect the Android app, trace the validation path, and recover the flag.