December 19, 2022

Chapter 01: PyDroid

Will you manage to find the login/password?
Resolved (In 2 days and 15h)!
(The write-up quality part is still running)


Many thanks to BinaryNinja, Build38, and eShard for sponsoring this challenge!

Binary Ninja is an interactive disassembler, decompiler, and binary analysis platform.

Build38 provides mobile app protection solutions that combine AI and the strongest app shielding technology.

eShard is a leading independent security expert for security in ICs, mobile application and backend systems.

Description & Rules

The objective of this challenge is to find the correct login/password that leads to “Access Granted”.

The given Android application is protected with different layers of protections (obfuscation, RASP checks, ELF modifications) but the design of all these protections is public:

  • Code obfuscation is provided by O-MVLL/dProtect.
  • The RASP checks are publicly known and documented on the internet.
  • The ELF format modifications are described here: The Poor Man’s Obfuscator.
  • All the algorithms used in the challenge are public.

As obfuscation is a matter of time, the first prize of this challenge will be eligible for 6 months. During this period, the first person to find the correct login/password will be able to choose between a BinaryNinja license or a cash prize of 1300$/€.

The second prize will reward the write-up quality. This second prize will be the one that has not been chosen in the first part (if any). It will last for 3 months more after the end of the first part. So in total, this challenge is running for 9 months.

If you have found the flag or if you want to submit a write-up, you can send an email to this address: If you have any questions, you can reach out at this address: or join the Discord server at this address:

The list of the participants who found the flag or submitted a write-up will be updated in the section below and you can find the details of the rules in this document: Rules_Description.pdf.

Happy reverse engineering!

Checksum of the APK: a0b07e97197e2dfe48bb7df65dba4f145d485660ecf4bd0d3ab65b14039ec8d6



Dec 21, 2022 - 4:37:00 pm


Dec 23, 2022 - 12:40:00 pm


Jan 7, 2023 - 6:00:00 am


Jan 15, 2023 - 3:50:00 pm

Ahmet Bilal Can