SeeTheSharpFlag — Hack The Box Mobile Challenge Write-up

R00tJ0k3r — Thu, 19 Feb 2026 15:40:20 +0000

🧭 Overview

The goal of this challenge was to analyze an Android application and retrieve the secret flag by reversing its internal logic.

🔎 Static Analysis

After downloading the APK, I installed and launched the application.
The UI was very simple and contained:

An input field prompting: “Enter the secret”
A button to validate the input
Testing with random values resulted in the message:

Sorry, not correct password

📦 Decompilation & Framework Identification

I loaded the APK into JADX for static analysis.
However, there was no meaningful validation logic in the source code.

While inspecting the structure, I noticed that the app was built using the Xamarin framework.
In Xamarin apps, most of the business logic resides inside managed .dll assemblies rather than the Java layer.

🗂 Extracting Assemblies

To access the assemblies:

1-Renamed the .apk file to .zip
mv com.companyname.seethesharpflag-x86.apk com.companyname.seethesharpflag-x86.zip

2- Extracted its contents
3- Located multiple DLL files inside the packag

Two interesting assemblies were identified:

- SeeTheSharpFlag.dll- SeeTheSharpFlag.Android.dll
Based on naming conventions, SeeTheSharpFlag.dll was the most likely candidate to contain the core application logic, while SeeTheSharpFlag.Android.dll seemed to represent the Android-specific implementation layer.

(The remaining DLL files appeared to be framework libraries with no application-specific logic.)

🧩 Handling Xamarin Compression

Xamarin often compresses assemblies using algorithms such as XALZ.

Because of that, the DLL could not be analyzed directly.

To resolve this, I used the Xamarin decompression tool:

https://github.com/NickstaDB/xamarin-decompress

After decompression, the assembly became suitable for reverse engineering.

🔬 Reverse Engineering the Assembly

The decompressed DLL was analyzed using dotPeek.

https://www.jetbrains.com/decompiler/download/?section=web-installer

Let’s see what I found:

A ciphertext stored as a Base64 string
An AES key encoded in Base64
An IV encoded in Base64

This confirmed that the application validates the input by decrypting a hardcoded AES ciphertext.

Using CyberChef you simply decrypt it and solve the challenge.

I entered the recovered flag into the application.
The app responded with:

Congratz! You found the secret message

Why so serious? The flag was just the punchline

Forem: R00tJ0k3r

SeeTheSharpFlag — Hack The Box Mobile Challenge Write-up