adb install apktime-graveyard-pin.apk Running the app shows a gothic-themed screen with a graveyard image and a PIN entry field. No source code is provided — only the APK. 3.1 Decompilation with jadx jadx -d output apktime-graveyard-pin.apk Open output/sources/com/ctf/graveyardpin/ – the main activity is MainActivity.java .
for T in range(2400): # HHmm if T % 100 >= 60: continue # skip invalid minutes X = T ^ 0xCA7 s = f"{X:06d}" if sum(map(int, s)) == 24: print(f"{T:04d} -> {s}") Run yields: apk time graveyard pin
0x05A5 ^ 0x0CA7 = 0x0902 = 2306 decimal. pin = 2306 — but that’s only 4 digits! The check uses atoi(pinStr) , so leading zeros? The PIN entry allows 6 digits, so 002306 would parse as 2306. adb install apktime-graveyard-pin
if (computed == expected) { return true; } return false; } for T in range(2400): # HHmm if T
So is 002306 . Check digit sum: 0+0+2+3+0+6 = 11 → fails sum requirement (needs 24).
But with sum check patched out, 002071 works and reveals flag CTF{002071} . Given typical CTF, the intended solution might be time-dependent or the sum check is a distraction. But from reversing, the true PIN for a specific time (e.g., challenge server time) could be computed. If the challenge is static, perhaps the developers set a fixed time in the native library (e.g., timeInt = 1337 hardcoded in a debug build).
Use ghidra or objdump :