iForensics - iBackdoor 1/2

Description

As you pass through customs, the customs officer asks you to hand over your phone and its unlock code. The phone is returned to you a few hours later…

Suspicious, you send your phone to ANSSI’s CERT-FR for analysis. CERT-FR analysts carry out a collection on the phone, consisting of a sysdiagnose and a backup.

You continue your analysis to find the backdoor on the phone. Eventually, you realize that an application has been compromised and that the phone was infected at the time of collection… Find the identifier of the compromised application and the process identifier (PID) of the malware.

The flag is in the format FCSC{<application identifier>|<PID>}. For example, if the compromised application is Example (com.example) and the PID is 1337: FCSC{com.example|1337}.

This challenge is part of a serie. The challenges are independent, except iBackdoor 2/2 whitch depends on iBackdoor 1/2:

• iForensics - iCrash
• iForensics - iDevice
• iForensics - iWiFi
• iForensics - iTreasure
• iForensics - iNvisible
• iForensics - iBackdoor 1/2
• iForensics - iBackdoor 2/2
• iForensics - iC2
• iForensics - iCompromise