HackTheBox Supermarket Challenge

2025-02-13[Updated: 2025-02-13]

https://app.hackthebox.com/challenges/398

Description

My supermarket list is too big and I only have $50. Can you help me get the Discount code?

Exploitation

Use jadx-gui to decompile and look at the code.

apktool d <apk>
adb install <apk>

Frida

Java.perform(function () {
    var myActivity = Java.use("com.example.supermarket.MainActivity");
    Java.choose("com.example.supermarket.MainActivity", {
        onMatch: function (instance) {
            let JNI = instance.stringFromJNI();
            let JNI2 = instance.stringFromJNI2();
            let JNI3 = instance.stringFromJNI3();
            console.log("JNI: " + JNI);
            console.log("JNI2: " + JNI2);
            console.log("JNI3: " + JNI3);
        },
        onComplete: function() {
            console.log("Misson Completed.");
        }
    });
});

frida -U -f com.example.supermarket -l poc.js

Summary

Supermarket: hook the mobile app with Frida, bypass the check, and recover the flag.