iCTF 2011: Android Market Challenge

Vaughn Valle

Vaughn Valle

2 min read

Not all applications on the Android market can be installed by all Android devices. More specifically, each Android device only allows the user to choose from the subset of applications that are considered suitable to be installed on that device. For example, if you visit the Android Market with your browser, you get a list of over 200 applications in the communications (top free) category. Using the Market on a Nexus One lists more then 100 Applications for that very same category. However, using the Android Market on the Android SDK simulator (API level 10, platform 2.3.3) only lists two applications. Give their names in alphabetical order separated by a comma.

In this challenge we are tasked with running the Android Market on the SDK simulator. First download, install and setup the Android SDK simulator like you would normally, making sure to create an AVD running on the specified API level 10 and version 2.3.3

Next navigate to …….\android-sdk_r08-windows\android-sdk-windows\platforms\android-10\images and copy system.img and paste it to C:\Users\Username\.android\avd\Emulator’s name.avd

(Image taken down, it used to be at; http://s2.torbit.com/img/b81e1e28f8a417e78662c792c2468632de63c5fb-12-5-2010-3-09-00-PM.png)

Download three files: Vending.apkGoogleServicesFramework.apk and ADB.zip(unzip the file after downloaded). After that, put all these files into …….\android-sdk_r08-windows\android-sdk-windows\tools, we will need them later. (In Android 2.3 SDK, adb files have been removed so that’s why we need them.)

Open a command prompt and navigate to  …….\android-sdk_r08-windows\android-sdk-windows\tools

Enter  emulator –avd youremulatorsnamehere –partition-size 100
This will open up your emulator, opening it from the manager will not work

Launch another command prompt window, switch to …….\android-sdk_r08-windows\android-sdk-windows\tools , enter: adb -s emulator-5554 shell
(5554 is the serial for your emulator, it may not be the same)

After that, type **mount **and hit Enter again. You will see something like below, and look for the line: /dev/block/mtdblock0 /system yaffs2 ro 00.

(Image taken down, it used to be at; http://s3.torbit.com/img/2c2d07c583609aed544cd21210c6220a38ba9e86-12-7-2010-1-48-21-AM.png)

Now, type in: mount -o remount,rw -t yaffs2 /dev/block/mtdblock0 /system and hit Enter. This will remount the /system in read-write mode. Because we will copy some files to /system/app later, we must set read-write permission to that directory. To do it, type the following: chmod 777 /system/app, hit Enter. After that, you need to exit. Type exit, hit Enter again. The whole step will look like this:

Now we will be copying the market apk and the google services apk. Enter  adb -s emulator-5554 push Vending.apk /system/app/. Similar to that, to copy the next file, Enter: adb -s emulator-5554 push GoogleServicesFramework.apk /system/app/

We now need to SdkSetup.apk from /system/app (if it is not removed, the SDK will be restore in next session). In the second command prompt window, Enter: adb shell rm /system/app/SdkSetup.apk

Now we close the emulator. Go to C:\Users\Username\.android\avd\Emulator’s name.avd and delete these two files:userdata-qemu.img and cache.img

Now you can launch you emulator in the traditional way. Open the emulator, run the market app, navigate to the top free category in communications and get your key!

Read more