COMP5618/COMP4618 - Applied Cybersecurity S2 2025 Mobile
CTF
Due date: 01st of November 2025 23:59
This is an individual assignment
This assignment contains eight Android reverse engineering and security tasks, each containing a flag. Your goal in this assignment is to find these eight flags in the eight Android APKs given to you.
Note that only finding and reporting the flags will not be enough to give you full marks on this assignment, you should explain your approaches and your thought process (e.g. what you tried, what worked, and what didn’t work).
Flag format (COMP5618{...})
1 Challenge 1
The serial Key is missing.
2 Challenge 2
Play with a little bit of help.
3 Challenge 3
Decompile it twice.
4 Challenge 4
What is the combination?
5 Challenge 5
Salted and hashed.
6 Challenge 6
Can you open it?
7 Challenge 7
Where is the key?
8 Challenge 8
Catch them all.
There are a couple of things to note when you are downloading the challenges files:
• If you get an error saying access denied, open the link on an incognito browser window.
• Challenge 6 file is quite large, around 500 MB. You will need a good internet connection to download it.
Your Report
You are writing a report containing 8 sections, each section should have a flag that you captured for each challenge and a description of your approach to finding the flag for that challenge.
Submission Details
• Your report is due on the 01st of November, 23:59.
• Please submit your report in the Assignment 3 folder in Canvas. There is a maximum length of 3,000 words for this report, but the word limit is not strict, we will leave approximately 10% room for the grace word limit. Marks will be deducted for reports that are too brief or ramble on excessively.
• Allowed submission format is PDF only (Please do not submit DOCX format).
• Late submissions will be penalized according to the late submission policy.
• Plagiarism will not be tolerated and your assignment will be submitted to a plagiarism-checking service.
Marking Criteria and Rubric
Your report is worth 15% of your overall grade for this course, and the maximum score for this assignment is 15 marks. Your report will be marked according to the following rubric, please read this rubric carefully:
|
Criteria
|
No Mark
|
Partial mark
|
Full mark
|
|
Challenge 1 (1 mark)
|
0 mark:
The flag hasn’t been captured correctly and the solution to find the flag is wrong.
|
0.5 marks:
The solution to find the flag is correct, but the flag hasn’t been captured - OR - The flag has been captured correctly, but the solution for finding the flag is not correct.
|
1 mark:
The flag has been captured, and the solution to find the flag is correct.
|
|
Challenge 2 to
Challenge 8 (2 marks)
|
0 mark:
The flag hasn’t been captured correctly and the solution to find the flag is wrong.
|
0.5 - 1.5 marks:
The solution to find the flag is correct, but the flag hasn’t been captured - OR - The flag has been captured correctly, but the solution for finding the flag is not correct.
|
2 marks:
The flag has been captured, and the solution to find the flag is correct.
|