A mutual TLS server hands out an AES-CBC-encrypted flag with a hidden IV — the key was in the APK but the IV required either hunting through server-derived values or forging it via CBC malleability.