A Flutter app storing all its data in an AES-CBC-encrypted Hive database — finding the key buried in native Dart strings, parsing the binary frame format, and decrypting every record offline.

The APK was protected by StringFog — every string literal replaced with an encrypted hex payload decoded at runtime — requiring a Python port of the custom LCG cipher to bulk-decrypt the entire source tree and find the flag.