BKISC 2026 BORING APK writeup — CTF challenge breakdown

BKISC 2026 Boring APK: Android NDK Reverse + Graph-Walk MitM

Platform BKISC CTF 2026 Difficulty Hard OS Android (arm64-v8a) Points 250 Tags APK extraction, AES-GCM, ELF patching, qemu-aarch64, NDK basic_string, meet-in-the-middle Boring APK was the 250-point reverse engineering challenge of BKISC CTF 2026. The hook is the title’s bait — Android is “boring” until you realise the flag check has been moved out of the Java/Kotlin layer into a native library, the assets it depends on are AES-GCM-encrypted, and the check itself is a 27-step graph walk with three running state words whose final values are all that the verifier compares. None of those stages is hard in isolation; stacking them is what makes the challenge. ...

May 16, 2026 · 8 min · 1624 words · CyberSecurity Elite Team
BKISC 2026 CRYPTOGRAFIE writeup — CTF challenge breakdown

BKISC 2026 Cryptografie: Java AltBase64 over UTF-16 BE

Platform BKISC CTF 2026 Difficulty Easy OS Encoding Points 50 Tags JDK source reading, custom Base64 alphabet, UTF-16 BE Cryptografie is a 50-point crypto challenge from BKISC CTF 2026 that hangs off a single, very specific hint: FileSystemPreferences.dirName(). If you’ve never had to look at the OpenJDK source before, this challenge is a tour of an internal Base64-like helper that almost nobody outside the JDK uses — and the decoder only takes about ten lines once you know where to look. ...

May 16, 2026 · 4 min · 768 words · CyberSecurity Elite Team
Educational content for authorized testing only. · Disclaimer · Editorial Policy · Sitemap