picoCTF Solutions
picoCTF 2024ForensicsMedium

Mob psycho

Published: April 3, 2024Updated: December 9, 2025

Description

Can you handle APKs? Download the android apk here.

Setup

APK unpacking

Download mobpsycho.apk and unzip it in a separate directory (APK unzip dumps lots of files).

Use strings/grep to hunt for "flag" within res/.

wget https://artifacts.picoctf.net/c_titan/53/mobpsycho.apk && \ mkdir mobpsycho && cd mobpsycho && \ unzip ../mobpsycho.apk

Solution

  1. Step 1Find the flag file
    strings * | grep flag or ls -R | grep flag -B 20 shows res/color/flag.txt.
    strings * | grep flag
  2. Step 2Decode the hex
    flag.txt contains hex; pipe it through xxd -r -p (or CyberChef's From Hex) to recover the ASCII flag.
    cat res/color/flag.txt | xxd -r -p

Flag

picoCTF{ax8mC0RU6ve_NX85l4ax8mCl_a3e...}

The decoded hex string inside res/color/flag.txt is the flag.