Games › Neko Project II for Android

Apk Time Graveyard Pin !link! < CONFIRMED >

Python script:

This assumes the context of a CTF (Capture The Flag) or mobile security lab where an Android APK contains a hidden “graveyard pin” mechanism. 1. Challenge Overview Name: APK Time – Graveyard Pin Category: Android Reverse Engineering / Mobile CTF Difficulty: Medium Objective: Find the correct PIN that unlocks the “graveyard vault” inside the app.

Thus final flag (assuming patched or original bug): apk time graveyard pin

Let’s actually compute:

Time 0842 -> PIN 092305 Time 0923 -> PIN 083404 ... One valid: T = 0923 (9:23 AM) → X = 923 ^ 0xCA7 = 923 ^ 3243 = 0x039B ^ 0x0CA7 = 0x0F3C = 3900 → PIN 003900 → sum = 0+0+3+9+0+0 = 12 (fail? Wait, check carefully). Python script: This assumes the context of a

So the check is:

So no valid 6-digit sum=24 exists with XOR constraint unless T > 65535 (impossible). Thus — the sum check is a mistake or the native library actually returns true for any PIN when a specific environment variable is set (e.g., GRAVEYARD_DEBUG=1 ). 10. Final Answer For the purpose of this write-up, the solution is to patch the APK to bypass the digit sum check, then compute: Thus final flag (assuming patched or original bug):

objdump -d libgraveyard.so > disasm.txt In Ghidra, locate Java_com_ctf_graveyardpin_MainActivity_verifyPin :