Google CTF 2016 – Ill intentions (mobile) – Take Two

May 3, 2016

After publishing my write-up and my “problem” with Inspeckage (I was able to see the intent but not their content), a really nice guy called mastho (from the khack40 CTF team) told me it was actually possible to do everything from Inspeckage. So time to have a deeper look!

After installation, you have to select which app you want to analyse.


Then you start the web UI and can see all the activities (exported and non exported).


It is possible to start them from here. So no need to use adb to start a broadcast intent.


After the activity starts, you then click on the button and another intent with a message is sent. Under the IPC tab, you can see that a broadcast intent was sent but not its content. That’s where I stopped during the CTF and went back to writing my own Xposed module.

Actually there is a tab called “+Hooks” that allows to create hooks on the fly. How good is that! In this case, just create a hook for the “putExtra” method of the “Intent” class…


… and tada! it’s in the logs!



Thanks mastho, no need to write code at all!

Leave a Reply

Get Adobe Flash player