Investigating an Android Backup - Hack The Box Write-Up

Challenge Overview

This challenge provided a downloadable file named cat.ab, which was identified as an Android Backup file. The goal was to analyze the backup and extract hidden information, ultimately leading to the discovery of the flag.

Step 1: Identifying the File Type

After downloading the file, I used the strings command to inspect its contents:

strings cat.ab | head

The first line revealed that it was an Android Backup file, confirming the need to unpack it.

Step 2: Extracting the Backup

Since Android Backup files are compressed, I attempted to convert it to a tar archive:

dd if=cat.ab bs=24 skip=1 | openssl zlib -d > cat.tar

After successfully extracting cat.tar, I unpacked its contents:

tar -xvf cat.tar

This produced a directory containing multiple image files.

Step 3: Initial Image Analysis

There were six images in total:

Five images of cats
One image of a man holding a clipboard with his face obscured

The last image stood out, so I inspected it further.

Step 4: Extracting Hidden Information from the Image

At first glance, the clipboard contained blurred text. However, the visible parts showed:

Top Secret
…
HTB{ThisBackupIsUnprotected}

This appeared to be the flag!

Step 5: Verifying Steganography Attempts

Before discovering the flag visually, I attempted common stego techniques:

StegSeek (Checking for Hidden Data)

stegseek IMAG0004.jpg rockyou.txt

This resulted in no extracted data, confirming that traditional steganography methods were not used.

Binwalk (Checking for Hidden Files)

binwalk -e IMAG0004.jpg

Again, no hidden files were detected within the image.

Conclusion

The challenge was a misdirection towards steganography, when in reality, the flag was hidden in plain sight within the clipboard image. This highlights the importance of thoroughly analyzing visual clues before diving into complex extraction methods.

Final Flag:

HTB{ThisBackupIsUnprotected}

This challenge reinforced the importance of careful observation and not overcomplicating the solution. Sometimes, the simplest approach is the most effective!

Key Takeaways

✅ Analyze files with strings and metadata tools first ✅ Unpack Android backups using dd and tar ✅ Check images for visible text before using steganography tools ✅ Use image processing tools like ImageMagick to enhance hidden text

This was a fun challenge that blended forensic file analysis with visual observation. Looking forward to the next one!