A packet-capture-driven reverse engineering walk through an Android malware dropper, its SID-based gating logic, and the token chain used to reach the final flag.