Frida Android

Solving hpAndro

Solving hpAndro

In this series of posts I’ll be solving the hpandro ctf challenges. hpAndro created an Android application with multiple vulnerabilities, following the MSTG.

This application has a lot of simple challenges, so it is good for beginners or to test some techniques. I’ll try to solve all the challenges using Frida. In each post I’ll explain the security concepts behind the challenge and when it is possible I’ll explain multiple ways to solve it. As a secondary objective I’ll try to use scripts that can work in multiple scenarios and not just to get the flag.

The content is divided in several pages, in order to make it easily searchable.


  1. Intercepting Http traffic
  2. Intercepting Https, UDP and TCP traffic
  3. Intercepting Websocket traffic
  4. Root detection bypass
  5. Emulator detection bypass
  6. Exfiltrating SQlite content