<summary><strong>Aprenda hacking AWS do zero ao avançado com</strong><ahref="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
* Se você deseja ver sua **empresa anunciada no HackTricks** ou **baixar o HackTricks em PDF** Confira os [**PLANOS DE ASSINATURA**](https://github.com/sponsors/carlospolop)!
* Adquira o [**swag oficial PEASS & HackTricks**](https://peass.creator-spring.com)
* Descubra [**A Família PEASS**](https://opensea.io/collection/the-peass-family), nossa coleção exclusiva de [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Junte-se ao** 💬 [**grupo Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo telegram**](https://t.me/peass) ou **siga-nos** no **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Compartilhe seus truques de hacking enviando PRs para os repositórios** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) do github.
In this challenge, we are provided with an Android application named "Shall we play a game?". The goal is to find the flag by analyzing the app's behavior and identifying any vulnerabilities that can be exploited.
By reviewing the code and resources, we can look for hard-coded secrets, insecure data storage, or any other weaknesses that could lead to a security compromise.
Running the app in a controlled environment allows us to observe its runtime behavior, network communication, and interactions with the device to uncover any exploitable vulnerabilities.
Once we have identified a potential vulnerability, we can proceed with exploiting it to gain unauthorized access, escalate privileges, or manipulate the app's behavior to reveal the flag.
## Conclusion
By combining thorough reconnaissance, careful analysis, and precise exploitation techniques, we can successfully uncover the flag in the "Shall we play a game?" Android app.
Siga os passos do [pentest Android](./) para recompilar e assinar o APK. Em seguida, faça o upload para [https://appetize.io/](https://appetize.io) e veja o que acontece:
Faça o aplicativo executar o loop 100000 vezes quando você vencer pela primeira vez. Para fazer isso, você só precisa criar o loop **:goto\_6** e fazer o aplicativo **pular para lá se `this.o`** não tiver o valor 100000\:
<summary><strong>Aprenda hacking AWS do zero ao avançado com</strong><ahref="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
* Se você deseja ver sua **empresa anunciada no HackTricks** ou **baixar o HackTricks em PDF**, confira os [**PLANOS DE ASSINATURA**](https://github.com/sponsors/carlospolop)!
* Adquira o [**oficial PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Descubra [**The PEASS Family**](https://opensea.io/collection/the-peass-family), nossa coleção exclusiva de [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Junte-se ao** 💬 [**grupo do Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo do telegram**](https://t.me/peass) ou nos siga no **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Compartilhe seus truques de hacking enviando PRs para os repositórios do** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud).
