A practical walkthrough of the BotConf 2026 Android workshop, covering static analysis, dynamic instrumentation, native libraries, and automation as one workflow.

A packet-capture-driven reverse engineering walk through an Android malware dropper, its SID-based gating logic, and the token chain used to reach the final flag.

An Android app, a fake pizza order form, and an LLM backend that could be pushed into calling internal tools through a Unicode-based prompt injection bypass.

A Flutter app storing all its data in an AES-CBC-encrypted Hive database — finding the key buried in native Dart strings, parsing the binary frame format, and decrypting every record offline.

An Android malware sample communicating over MQTT with RC4-encrypted messages — decoding the obfuscated broker config, reversing the protocol, and building a bot emulator to trigger flag delivery.

The APK was protected by StringFog — every string literal replaced with an encrypted hex payload decoded at runtime — requiring a Python port of the custom LCG cipher to bulk-decrypt the entire source tree and find the flag.

A mutual TLS server hands out an AES-CBC-encrypted flag with a hidden IV — the key was in the APK but the IV required either hunting through server-derived values or forging it via CBC malleability.

An Android challenge that taunts you with a fake flag in static analysis, then hides the real one behind a PIN validator and a runtime decryption loop inside a native library.

A packer challenge where the real Java classes are encrypted inside the APK and only decrypted at runtime, requiring extraction and static analysis of the hidden DEX.