Apk Time Graveyard — Pin

This assumes the context of a CTF (Capture The Flag) or mobile security lab where an Android APK contains a hidden “graveyard pin” mechanism. 1. Challenge Overview Name: APK Time – Graveyard Pin Category: Android Reverse Engineering / Mobile CTF Difficulty: Medium Objective: Find the correct PIN that unlocks the “graveyard vault” inside the app.

if (computed == expected) { return true; } return false; }

adb install apktime-graveyard-pin.apk Running the app shows a gothic-themed screen with a graveyard image and a PIN entry field. No source code is provided — only the APK. 3.1 Decompilation with jadx jadx -d output apktime-graveyard-pin.apk Open output/sources/com/ctf/graveyardpin/ – the main activity is MainActivity.java . apk time graveyard pin

1234 ^ 0xCA7 = 1234 ^ 3243 = 0x04D2 ^ 0x0CA7 = 0x0875 = 2165 → PIN 002165 Enter 002165 → flag CTF{002165} .

So the check is:

bool verifyPin(JNIEnv *env, jobject thiz, jstring pin, jint timeInt) { const char *pinStr = (*env)->GetStringUTFChars(env, pin, NULL); int pinInt = atoi(pinStr); int computed = (pinInt ^ timeInt) & 0xFFFF; // Note: only low 16 bits // Graveyard magic constant int expected = 0xCA7;

Key snippet found inside onCreate :

Thus final flag (assuming patched or original bug):