Big bank

We are secure. We are Big Big Bang. Can you obtain our admin credentials? In this challenge, you'll analyze a mobile application backup to discover how sensitive information can be exposed through improper storage practices. Flag Format: Flag{username:password}

Prerequisites & Requirements

• Basic knowledge of Android system architecture, file structure, and how Android applications store data.
• Familiarity with command-line tools and basic cybersecurity concepts will be helpful.
• No advanced programming skills are required, but understanding how mobile apps handle user data and preferences is beneficial.

What will you learn?

• How to work with Android backup (.ab) files and understand their structure
• Techniques for extracting and analyzing data from Android backups
• Methods for converting Android backup files into accessible formats
• How to navigate Android app directory structures and locate sensitive information
• Understanding Android shared preferences and how apps store credentials
• Basic mobile forensics and security assessment skills

Tools

• Linux - A Linux environment (native, VM, or WSL) for running extraction commands
• Browser - For research and documentation lookup
• OpenSSL - For decompressing the backup file
• dd & tar - Command-line utilities for file manipulation and extraction
• Text editor - For examining XML and configuration files